Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
f4122ff853724483925246903a048d425313ffe1b980ca0134251f74d9fa5616cFos Personal Net web server is vulnerable to a remote denial of service issue when processing multiple malformed POST requests in less than 3000ms. The issue occurs when the application fails to handle the data sent in the POST requests in a single socket connection causing heap memory corruption which results in a crash of the HTTP service. Version 3.09 is affected.
b6144b448a13b88a3946ba756a045ec300c090551bfe17fdc51afede9dfda1f8jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby [0] runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected.
95989cd8d69be3950435d2b8b421d281337ab209a2bdeb9f0d15a7d1b1f1dd76In Struts 2.3.16.1, an issue with ClassLoader manipulation via request parameters was supposed to be resolved. Unfortunately, the correction wasn't sufficient. A security fix release fully addressing this issue is in preparation and will be released as soon as possible.
1b02e3ee3cd52232d9bdeb795f9c25b15c8bffd44b3b7df846a5d3306f54c9eaSitecom WLR-4000 and WLR-4004 both v1 001 suffer from weak firmware encryption and have a predictable WPA key.
1859ad139fce73986b747a807e4df86ff957af3afdcef4c65e307925c5dee454This exploit uses OpenSSL to create an encrypted connection and trigger the heartbleed leak. The leaked information is returned within encrypted SSL packets and is then decrypted and wrote to a file to annoy IDS/forensics. The exploit can set heartbeat payload length arbitrarily or use two preset values for NULL and MAX length.
c130ea864e8a5752cbeeeb43cf5a566cbd9daeaef96e1462511173ae8e398614Acunetix version 8 20120704 web vulnerability scanner buffer overflow exploit that bind a shell to port 4444.
879f64cf6211aef893d37bed01a4ca4cdf5f56e17b9792d44d59c20764edadb8Acunetix version 8 20120704 remote stack buffer overflow exploit.
3c0f639db36d7bd8b9065927184e89a3674b276c02ba315541774202d0d39f77HP Security Bulletin HPSBMU03020 - A potential security vulnerability has been identified with HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
459c9a6e9429ca0b8870610411c7acc83310004b610563f7e202a3d0fa9e5219HP Security Bulletin HPSBPI03014 - A potential vulnerability exists in HP LaserJet Pro MFP Printers, HP Color LaserJet Pro MFP Printers. This is the OpenSSL vulnerability known as "Heartbleed" (CVE-2014-0160) which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
049c19730dd5ae96d1817952229350dabe5a8e9991c63f15a5da28ea8fa0cee6HP Security Bulletin HPSBHF03021 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP products. This bulletins objective is to notify HP customers about certain HP Thin Client class of products affected by the Heartbleed vulnerability. HP will continue to release additional bulletins advising customers about other HP products NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
d28a09d3c4eb226153bc5cf89a3008f9b22de526a2a0783ae2650ccab578a8a8HP Security Bulletin HPSBHF03006 - A potential security vulnerability has been identified in HP Integrated Lights-Out 2 (iLO 2) servers that allows for a Denial of Service. The denial of service condition occurs only when the iLO 2 is scanned by vulnerability assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability). iLO 2 servers are not vulnerable to CVE-2014-0160. Revision 1 of this advisory.
2c31ae5d759fd83d28179ffff290a04922dadb56f15f88d62b7713369f7e3b64HP Security Bulletin HPSBST03015 2 - A potential security vulnerability has been identified with HP 3PAR OS running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
0454ffb49cf0855b47c50c883a3c1120140696297d179ae6dae2e21fc0fe6774HP Security Bulletin HPSBGN03011 - A potential security vulnerability has been identified with HP IceWall MCRP running OpenSSL on Red Hat Enterprise Linux 6 (RHEL6). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
5729e6f9d0b9af5336f4c41a88b4916c0cc567d11d4242057f238032355c68c6Red Hat Security Advisory 2014-0436-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.0 offering will be retired as of June 26, 2014, and support will no longer be provided. Accordingly, Red Hat will not provide extended support for this product, including critical impact security patches or urgent priority bug fixes, after this date. In addition, after June 26, 2014, technical support through Red Hat's Global Support Services will no longer be provided. We encourage customers to plan their migration from Red Hat Storage 2.0 to the latest version of Red Hat Storage Server. Please contact your Red Hat account representative if you have questions and/or concerns on this matter.
69f93eddbf14e5f65ed985b39105c646ee6490e4cb2d317fe9f64f99c0a403e5Red Hat Security Advisory 2014-0435-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
65bcbea57d78d85c5b05751039889feb143cb53910b8e45ef7a82fd0655c3cadRed Hat Security Advisory 2014-0433-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. A flaw was found in the way the Linux kernel handled HID reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
b57a17a2f5d3d72c9a217154739a3cbb03bbf2f12bdfef1de9f85b6b017b6f9fRed Hat Security Advisory 2014-0434-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
fb7001b7ad03be3d30a012695c3087eed9911c97c37beafb408f143bab5c00ddRed Hat Security Advisory 2014-0432-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.
075fd0fdd907ed60e6ba8a3cbb2880072d49081da20fd0c0bcf9f6a99a4101b4Ubuntu Security Notice 2172-1 - Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data.
491356bd0784085e834b1ec5a4760e5bcb05c8453ae4e2c654c921d91138d2e1Bonefire version 0.7.1 suffers from a flaw where it allows the reinstall of the default administrative account.
b26e50b64d2e9b10b2cf8fc4979479c002a557cc7955df1050997f5a49c13900This whitepaper details how to perform wifi man in the middle attacks and then sniff the traffic for analysis afterwards using Wireshark.
ba682f01ac66297c006d03d6d6a391811b8546679c41f35d715ecb25f387a262The Android application provided by Misli.com fails to validate SSL certificates, allowing for a man in the middle attack.
afb37fe1b489ec647c4343ae53ef337a2e9fc7269b286c109f804ad0ffa3db3eThe Android application provided by Birebin.com fails to validate SSL certificates, allowing for a man in the middle attack.
81e80c5e05043304d6c894a1d4b7e354fd2d65ecc2596fb719e6c2d589f3019amRemote offline password decryption tool that is based off of the enum_mremote_pwds.rb Metasploit module.
d4e0ead2bc4f639955a80e0da85fb7c321c2941332565051371936575e38f42e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed