JOIDS (Java OpenID Server) version 1.2.1 suffers from reflected cross site scripting and session fixation vulnerabilities.
d0111d88c2b72fdcea60d1fd44070e2af28045c390f13e4603277e4f163efcefClickDesk versions 4.3 and below suffer from multiple persistent cross site scripting vulnerabilities.
344fe9de1d611e0634831da9f2d4b854bfccfac96330419b32ed688d72f409adGanib versions 2.3 and below suffer from a remote SQL injection vulnerability.
f53669a90a92541ae5ebdad41e56273cd5fd6b51046bd02996f9b2579f3c29e3Red Hat Security Advisory 2014-0233-01 - PackStack is a command-line utility that uses Puppet modules to support rapid deployment of OpenStack on existing servers over an SSH connection. PackStack is suitable for deploying both single node proof-of-concept installations and more complex multi-node installations. It was found that PackStack did not correctly install the rules defined in the default security groups when deployed on OpenStack Networking, allowing network connections to be made to systems that should not have been accessible.
d0e3596d44e146faf389856532df61af504299d7155b1850dc343f3cb5a55d2cRed Hat Security Advisory 2014-0232-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A timing attack flaw was found in the way the swift TempURL middleware responded to arbitrary TempURL requests. An attacker with knowledge of an object's name could use this flaw to obtain a secret URL to this object, which was intended to be publicly shared only with specific recipients, if the object had the TempURL key set. Note that only setups using the TempURL middleware were affected.
2cef7217286d6231bd24a8422992541b2a4b819ddcde406b623c1a34895443cdCordova In-App-Browser iOS plugin from Cordova versions 2.6.0 to 2.9.0 and Cordova In-App-Browser iOS standalone plugin (org.apache.cordova.inappbrowser) versions 0.1.0 to 0.3.1 suffer from a privilege escalation vulnerability.
46f9762d77c27f4579740acc749cf9bbfa02d036bfb37b414990a0d228c44bb4Apache Shiro versions 1.0.0-incubating through 1.2.2 suffer from an LDAP authentication bypass vulnerability.
dd17aaac4e39d79fb0b7ad3c5615cb3f1d0c5d4dca808a15c9b0caf3d71d0851Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, and ESP (IPSEC) protocols, and can also remove IEEE 802.1Q (virtual LAN) headers. It reads packets from a pcap file, removes the encapsulation protocol, and writes them in another pcap file.
62458854a67a34d0c82bda34f6720a0648d7d8b5b452b9953b0cac0090993012Red Hat Security Advisory 2014-0229-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. An information leak flaw was found in the way glance stored certain logging information. An attacker with access to the glance log files could use this flaw to obtain authentication credentials to the OpenStack Object Storage back end. Note that only setups using the swift back end were affected.
9af5320882c5b727f5614207ecd44d12d0af624df0e1ddd4be9c70270ba5c125Red Hat Security Advisory 2014-0231-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, and controlling access through users and projects. It was discovered that the metadata agent in OpenStack Networking was missing an authorization check on the device ID that is bound to a specific port. A remote tenant could guess the instance ID bound to a port and retrieve metadata of another tenant, resulting in information disclosure. Note that only OpenStack Networking setups running neutron-metadata-agent were affected.
5df7a83b8fe26fa0470a7d38af7acc1ed469562d7c88efd074564fedb66f3947CMS made simple has several security problems including cross site scripting in the admin console, weak cross site request forgery protection, and a possible PHP object insertion via unserialize.
165f2672c4e307d6f2d42b9cc9d42950c835e7ec626e6b398fbd8b1fe71de042Red Hat Security Advisory 2014-0230-01 - MongoDB is a NoSQL database. A buffer over-read flaw was found in the way MongoDB handled BSON data. A database user permitted to insert BSON data into a MongoDB server could use this flaw to read server memory, potentially disclosing sensitive data. All mongodb users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
dc3570de79530102a49796a2c80e9fa6107fb87bb494decdefa6c6177d7a699aSlackware Security Advisory - New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
d2fbe6a04e9c821c822111c7e9e0feff0b368ca90b59ebcf0371f30d2bcd3c80CoryApp Cory JobSearch suffers from a remote SQL injection vulnerability.
e2cbbfcb6107f466b9c88014936f7d4ece59c46ccbf85de5cf1ff6afb627a8dbCalavera Uploader version 3.5 SEH buffer overflow exploit.
2b1aef2f7c9231e07b70b8bc26bf60a7b03287605b0e48d31fcaf28c0141a69aMalware Analysis Part I - This guide is the first part of a series of three where we begin with setting up the very foundation of a analysis environment; the analysis station. It will give the reader a quick recap in the different phases of malware analysis along with a few examples. It will then guide the reader in how to build an analysis station optimized for these phases. Along with this, the guide also introduces a workflow that will give the reader a good kick-start in performing malware analysis on a professional basis, not only on a technical level.
360e9264e9f61a47cd121cfae0c35e5ff25ec45bd1624d722d6c73494f35ee89
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed