fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
4558b06eb91d9a0b43993abfaea01eb2270bb13da50cb6379a6d96e1aeae2b47SkaDate Lite version 2.0 suffers from an authenticated arbitrary PHP code execution vulnerability. This is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory.
2f06fa68d2220b816e7d3b3b873ab1d8786c653f2c88bfd5a622ef6802184c6eSkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.
a342e8bef5f90b7cfd0703664b106bee5879eec947174e7edebd140cfb15231eRemote exploit for Elastic Search version 1.1.1 that attempts to read /etc/hosts and /etc/passwd.
9f77dafb99af40f2c2d5742a9434d5f9d672d2a7b83bbada56a2713e609f8b41HP Security Bulletin HPSBMU03078 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
5d6e7f71334eb28a670d0f277f242ae20b0a2096b54f07c19dcf6c90772314f2Both Facebook for Android and Facebook Messenger for Android suffered from issues such as being an open proxy, disclosure of private video content, disclosure of audio recordings in chat messages, and use of various vulnerable packages.
3a82aa89d021954d0b9932d6fe28234686a74433ba2533d02c1595c597cab340D-Link DWR-113 revision Ax suffers from cross site request forgery vulnerability that can cause a denial of service.
5a469f3913e9c7a0597584d253af79e6f10917e7f751ff2af618fbc68ad4b266D-Link AP 3200 fails to authenticate requests to wireless settings, stores credentials in plaintext, and uses a weak cookie value.
1adee944461c867636ad8a7e90a9b0c101706ca73b2f762045ec1d3ca7ba4e09Joomla Kunena Forum extension version 3.0.5 suffers from cross site scripting vulnerabilities.
7ea555b3d3d052fddd2d76f219568124d96dad6756f324d82fa40f59e64f35e2Joomla Kunena Forum extension version 3.0.5 suffers from multiple remote SQL injection vulnerabilities.
ef0bae7bedab0078d46bc0efb4a3b230e6b1baac8e8e4858ac87eecb25224dfeDebian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
b301d9f7ff1c8b9091708894011578d9ffcace82fa2e17ac8e78f3fb69432557Ubuntu Security Notice 2302-1 - David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. Various other issues were also addressed.
189666d0fdd5b8688f20b755f3d2d041a8e8b55574843f3c4d5cef703fe3b976Mandriva Linux Security Advisory 2014-140 - Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security vulnerability, as well as many other bugs.
367ab066b22696b50ca46161ca38e28db8f30f3ee2f7ccdcce8b90c7d3e63a18Mandriva Linux Security Advisory 2014-141 - It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions ,. Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. The Diffie-Hellman key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. This update is based on IcedTea version 2.5.1, which fixes these issues, as well as several others.
410a89a0f8916dd51868002b877ca25334db121005a195e78ff78eaf6e2697fdMandriva Linux Security Advisory 2014-139 - Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. The updated packages have been upgraded to the latest NSS versions which is not vulnerable to this issue.
3d98eba8862e8bda7926d387ee30decd2d5596f62890e780121cd4d4a07565daI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
30bb7bbfd1ff829dab048bbb6264d6cf20b2a01511e7cddd4fc13771feb6a780OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
53f9c454f331822925d76c9d9e5e7cb3fe2dfb03e3c467f67f9412f10d0fd5ecTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
05a3793cfb66b694cb5b1c8d81226d0f7655031b0d5e6a8f5d9c4c2850331429Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.
51b510290e9cdab39a4eb560d76f8a1a92ad4e2479c00ecb93a399c7bd8fc80aOnapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
c6ed0fc760014885e4e1f29f5add689e261aa09131bbce902c5032d4d1638bfdOnapsis Security Advisory - SAP FI Manager Self-Service contains a hardcoded username which could allow a user to access functions or information that should be restricted.
6af964bfb323ace71af49db49e9c09318bd3bd26ffd097eee87a3bcf28af33bbOnapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.
6580ff640350c05f48f65976b0b95f4281af8ee4134bb35be5c0dfed235ecb75Onapsis Security Advisory - SAP HANA IU5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.
012319929550f40aff45210c9e107a59b2e67cadbe0eba2ea67d08b03dc14274Onapsis Security Advisory - SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get information such as valid credentials from network traffic, gaining access into the system.
3c59882224f4e683e1189c962e0c8f1e472ad02e008d6bd4c6be59028fba9d6bBarracuda Networks Web Application Firewall version 6.1.5 and LoadBalancer version 4.2.2 suffer from filter bypass and cross site scripting vulnerabilities.
f9aabc1b0f4bff1070f734b4a100285651be2b51f5a95b036752aec6fe50a330
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed