Core FTP Server version 1.2 build 535 32-bit crash proof of concept exploit.
718dbfa32e780909200eb23f74090ac03f5b7d3cf73928a385d99d0e67a079173.ebay.com.au suffered from a remote SQL injection vulnerability.
ac896c8d7f84eab08d888bc38f0ffbac7bc78ada59535a0ebae9c502787f512cThis is a python script that scans a webserver for timthumb.php.
c5de670c6b138663f9aa17471dccac1ef63011cac2b9b79114f492b672ae8720The Call For Papers has been announced for SAC 2014. The conference Selected Areas in Cryptography 2014 (SAC 2014) will be held at Concordia University, Montreal, Quebec, Canada, on August 14th through the 15th, 2014.
2afc2beb8a1598aa1350f9710067c38eb79ecb9072ad8e37baea72786056ea7bThe News module in PHP-Nuke version 8.3 suffers from a remote SQL injection vulnerability.
a3dcb3ff99610710137c524c5160bb879d6fde1d17ff511a654c9f5276aa57e5HP Security Bulletin HPSBUX02960 SSRT101419 3 - A potential security vulnerability has been identified with HP-UX running NTP. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 3 of this advisory.
e0bb8d4702ecd453b0bdb6a93fed59263c7330cdba9ffb831ed00b6833d62f0dHP Security Bulletin HPSBMU03009 3 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
715a2d0a4cdf05596a3668d5ecd8157e6df13d4c09710a6731099c91bd445fb0P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
f2dd6d877e15363bbb90325683e06abdd781aa3fa18b4e97de95fd0b8d904817RSA Archer GRC 5.4 SP1 P3 platform contains fixes for multiple cross-site scripting vulnerabilities. These vulnerabilities can be exploited to execute arbitrary HTML and script code in an RSA Archer user's browser session in context of an affected RSA Archer application.
8a6799538051d3cc6695cf5dfc128a76888c85fc4316e9384239998346adb6e6Debian Linux Security Advisory 2936-1 - John Fitzpatrick from MWR Labs reported a stack-based buffer overflow vulnerability in torque, a PBS-derived batch processing queueing system. An unauthenticated remote attacker could exploit this flaw to execute arbitrary code with root privileges.
000e95af2d290953506bcada622442d6062842c424e774b0871880778600207bGentoo Linux Security Advisory 201405-27 - A vulnerability in LibYAML could allow an attacker to execute arbitrary code or cause a Denial of Service condition. Versions less than 0.1.6 are affected.
0ee66c37e9ea5190948fb3842e8c8295ad38746709229bb5ee1e8606e76afb7fHP Security Bulletin HPSBMU03025 2 - A potential security vulnerability has been identified in HP Diagnostics running OpenSSL. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. NOTE: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL cryptographic software library. This weakness potentially allows disclosure of information that is normally protected by the SSL/TLS protocol. The impacted products in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 2 of this advisory.
52629bc62087a9590b7c8b290ce662df2a94e3e0cdab3616e08af610cd2dd175HP Security Bulletin HPSBMU02995 8 - The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 8 of this advisory.
8a46199caee50f4b5ccb3fe410da023a1d9cae75b0c14e9eb19f64d6b9895b17Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.
9548fc922b0cb8ddf055faff4a4887f140a31c45f2f5e3aa64aad91ecfa56cc7EMC Documentum D2 contains several D2 core methods and a D2FS web service method that may allow an authenticated user to execute arbitrary DQL queries with superuser privileges.
7395caedf23353f2c004c71398d331c69995e81e3870a73a34d75d29bc67dd3fD-Link DIR-652, DIR-835, DIR-855L, DGL-500, and DHP-1565 suffer from clear text storage of passwords, cross site scripting, and sensitive information disclosure vulnerabilities.
a7668e84297d67c97f777a5d017f21ef288453a895bebdf304e432fe59637710This is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below.
fa7134cec4517d630b5ea12c4242fbfc9bfb06e0df1b252b0e24e5fa245675a6Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. They are all affected by buffer overflow, privilege escalation, and denial of service vulnerabilities.
7cbdd459508984ad05613b5f8dfd78e812d9c4aa6af13199816c11689911fb2cCisco Security Advisory - A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance. Cisco has released free software updates that address this vulnerability.
debbd5883c0f1ee44fd9c6207d5297829694cf5da109411306a1a90b8555f5c5HP Security Bulletin HPSBMU03044 - A potential security vulnerability has been identified with HP Business Process Monitor running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
75b0264fcbec223ee3f4ea20c5e45106bd20fec772506d86b5b521ab51e99c32HP Security Bulletin HPSBMU03042 - A potential security vulnerability has been identified with HP Operations Manager i running on Linux, and Windows. The vulnerability could be exploited by an authenticated OMi operator to execute arbitrary code. Revision 1 of this advisory.
f1b6918940249cce1d82af4f65bab7e6ca8abce69462188ab50ff2ced7fe6abcDebian Linux Security Advisory 2935-1 - It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library.
968e3067472edc877e3d58f8a306f4c3be00b07a88941c496bc361b1297c2a47Red Hat Security Advisory 2014-0536-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
efa88c6d2d6a9b3c9599b4e685e6a270ed5ced1f29e9a38839441774aef2e9beRed Hat Security Advisory 2014-0537-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
a64031dc8f87dc015972399f06eeeb57a3646b9a5d9e864b433f49d12014a63aApple Security Advisory 2014-05-21-1 - Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.
cb432efb5b115028ce6fb6e5f7885637ec7ab0cf5c49906f721e09b631043157
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed