HP Security Bulletin HPSBGN03007 - A potential security vulnerability has been identified with HP IceWall MCRP and HP IceWall SSO. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.
efb991644ef78dc252a79e960261969be05afaad1b9be719585683b5ad015725HP Security Bulletin HPSBMU03022 3 - A potential security vulnerability has been identified with HP Systems Insight Management (SIM) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The HP SIM software itself is not vulnerable to CVE-2014-0160 ("Heartbleed"). However, the software components bundled with HP SIM are impacted and should be addressed if installed. Revision 3 of this advisory.
8f9087315afcbac376a9d94829c09203bb41b0d59eacf16f29ed2914592cfcdfPerseus' Java Hopper suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
1a952079b2e021364160e3158865b9764b672b7331c8c743654ad542bcd9340bLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
b39b902fe75b208b7996e76eeab3989f6ddf6dd4afc0b14175167b32b897e8b6This Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.
cb1b416c6a81192072db5387c939127cc89639e3ba035c140a68125e64bbc407AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.
cd63ce9472faafdf4e2e783946b14d6f167f018ab91f2599cfb2ebd6900462a4SafeNet Sentinel Protection Server versions 7.0 through 7.4 and Keys Server versions 1.0.3 through 1.0.4 suffer from a directory traversal vulnerability.
44d8d12aafec471f9f40aac23224aaabaa726ad6187322040baee9fe298880fcJavaMail does not check if the email subject contains a Carriage Return (CR) or a Line Feed (LF) character on POST multipart requests. This issue allows the injection of arbitrary SMTP headers in the generated email. This flaw can be used for sending SPAM or other social engineering attacks (e.g. abusing a trusted server to send HTML emails with malicious content). Versions 1.4.5 and 1.5.1 were found vulnerable.
405fd5ea751ac4705c07542a270ee08ffee8bea6e4c25464024c27431b045351Apple Security Advisory 2014-05-16-1 - iTunes 11.2.1 is now available and addresses a security issue. Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling.
1e857140974b6a2cba7cdf4afaf97bcf0ca7211a33d794ddd92936f0ea523187The t2'14 Call For Papers has been announced. It will take place October 23rd through the 24th, 2014 in Helsinki, Finland.
ef6b6c12bbf3711873192edb0d31920ef1741fd86738393d5dd9eabeacd0fb40Clipperz Password Manager suffers from a remote code execution vulnerability.
a389dff208c61b443364f2e6e4129153bf3222246ff2df01244a949c8e244afeHook Analyser is a hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
2b359846b73883d71d48cf30b1de7ed29f76ffe6378eab910e62d879a5dffbecAoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.
dcf9cf1e13d58871d2e0e4bc3827849243e29adbcd9d4d52281ed0f2d1705f6cThis whitepaper details the steps taken to unpack an application, locate the pinning handler, patch and repack. The techniques detailed in this whitepaper may also be used to achieve other goals when hacking Android applications.
b380448797b174e0ef5426b8ceaf08d03d726e7add0c4fa1576aecd5d4c6dc55CyberLink Power2Go Essential version 9.0.1002.0 suffers from a registry SEH/unicode buffer overflow vulnerability.
c4ad3ea0e0cf296b67878e6a6773f715ce52a1c11772efc0549219c883df125aAoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.
2f31adef0c26503f7dcc55055e82e81b9c030906ddfc9884aac7a7f920f2863eHP Security Bulletin HPSBHF02946 2 - A potential security vulnerability has been identified with certain HP servers that use NVIDIA Computing GPU processors. The vulnerability could be exploited resulting in an elevation of privilege. Revision 2 of this advisory.
1a1f5a30071511664a0697b6d00c81b1609e84a81d6a433fb1760f8208dd1135
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed