Cisco Security Advisory - The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.
0d4a383712ff0282199a25bb4210625c70f16c2c87c4f53b3319173aabba2fbeCisco Security Advisory - A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition. Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet. Only IKEv2 packets can trigger this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
3ed033886a5bb2ef55bd66f456b12eca7c89d9d2e52708ccd6de0d850451992dAllied Telesis AT-RG634A ADSL broadband router has hidden administrative unauthenticated webshell that allows for command injection.
e3656907ce60bc967c703eead969f7f9b2ab164514e55b51d9246f8a9fad51caVirusChaser version 8.0 stack buffer overflow exploit.
6ecbff68b7197ddb88d7ad80fa57db0def9d0748f4668c04b41b49f4bea3101eHP Security Bulletin HPSBST02968 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 1 of this advisory.
f9916c858b8cddf46f16e2652c95490e1dc6a1a18521a597b445d0ba078efa73Cisco Security Advisory - A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue in the Kailash field-programmable gate array (FPGA) versions prior to 2.6. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
3c8d9199071a60dcdd3e347bae1e1bd71ef643ce811a3c7718db399f9ee2c6dbCisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software and Cisco IOS XE Software releases are affected. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.
f14a7c744e74a61688552f3dca910fa334cbaabb61d41749c186baaed9f98772Gentoo Linux Security Advisory 201403-6 - Multiple buffer overflow flaws in libupnp may allow execution of arbitrary code. Versions less than 1.6.18 are affected.
e03eb83d2a7aa7021aa08869a4d96954a3dadcdfda9b744e73250ff73718e8e7Ubuntu Security Notice 2156-1 - Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords.
5348fba08a330686b2e7b10f988a125fa442b46076c0d25fd74aabe5866964eeRed Hat Security Advisory 2014-0335-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.4.0, and includes bug fixes and enhancements.
6693be76567f1848f315232357e5b073ef0eae20d36558a65313d90bd2e521dfGentoo Linux Security Advisory 201403-7 - A vulnerability in grep could result in execution of arbitrary code or Denial of Service. Versions less than 2.12 are affected.
3300c2cdba3b6b189e247ca96f92523bfd66af9037dc016c6445c91e715d47bdCouchDB versions up to 1.5.0 suffer from a denial of service vulnerability.
c6a608654fa5592ef05092fa31b0f667e9d283fcfdd700bc26d2fcc069fe40e6Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
6e30423d029452c6f0ec2be1241b76f9efe630b10e66439c25475891997decfaCart Engine suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 3.0.0 is affected.
96827d831045ae34ca4e250341d2bb5d34d2c393b7e1b2c30722378dcbb33018Cart Engine suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Version 3.0.0 is affected.
e6438c80cea51cd67f5b475b75797244bde2786c6699715eb2d377adccfcc5ebCart Engine version 3.0.0 suffers from a database backup disclosure vulnerability.
c7cf38ab11e6169d1cc1ba8f453fe47dd8768354389975edf2b1d86f00798b8aKemana contains a flaw that is due to the 'kemana_admin_passwd' cookie storing user password SHA1 hashes. This may allow a remote MitM attacker to more easily gain access to password information. Version 1.5.6 is affected.
a05a7aa326979bff6b52716919249f5f27c6dfe85a75b89136e3a0640f8527f4Kemana Directory suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 1.5.6 is affected.
0a9db43d181684d4b67300a7a8625d1771c50ac3101d708a1e0875bb7283adffKemana Directory version 1.5.6 suffers from a local file inclusion vulnerability.
8280cb54fa2414d97ddda5ca6dc643d446370afef4e1233e02d3910a6f6a12ceKemana Directory version 1.5.6 suffers from a database backup disclosure vulnerability.
b881b2ca8151d4b9ced7f6b0bad082ecdb8a0d92afb40a6cb9b480ebe7e085d5The CAPTCHA function for Kemana Directory is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. The function 'qvc_init()' in '/includes/function.php' sets a cookie with a SHA1-based hash value in the Response Header which can be replaced by a random SHA1 computed hash value using Cookie Poisoning attack. Successful exploit will allow attackers to bypass the CAPTCHA-based authentication challenge and perform brute-force attacks. Version 1.5.6 is vulnerable.
0bbff6971475a515bf53c4adad31d393da5d381a7dab0bd0af11b3b1eca540c9Haihaisoft HUPlayer version 1.0.48 buffer overflow exploit.
312f190b56156e4a5cc161186004f6f6ab66d996805794fdfcf9a134f23fdba0Haihaisoft Universal Player version 1.5.8 buffer overflow exploit.
1eb1a1c521bb6b91b7db8e8b5979e0d6f55e3c47414fda473f5fffc0a00327afThe Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing (JAXP) which supports a secure processing feature for interpretive and XSLCT processors. The intent of this feature is to limit XSLT/XML processing behaviours to "make the XSLT processor behave in a secure fashion". It has been discovered that the secure processing features suffers from several limitations that undermine its purpose. Versions 2.7.0 and above are affected.
2661a94be4bbc4822c2a0c9ff839ec7aafe7ef60fc89113bfb792b62e32262d9OpenCart versions 1.5.6.1 and below suffer from a remote SQL injection vulnerability.
703149d4078abdc95ff0f473bd181a93a4f3386cdce4320a2ca8744e981ee3f6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed