Symantec Endpoint Protection versions 11.x and 12.x suffer from a kernel pool overflow vulnerability.
4336ac24272f9e03af411eafef0734ba3a8c0d939a93fed5265bff19cf5612feApache Cordova versions up to 3.5.0 suffer from information disclosure, whitelist bypass, and cross application issues.
b40574101ee277ded07c47ea5ed1519dd4879415cb724ee5af90126d1af3c686Paypal suffers from a two-factor authentication bypass vulnerability.
24457ef5527880a0a0aac8ad1972d107dd0beccd20fb9d4ea2a923cd5c44e4a8HP Security Bulletin HPSBMU03037 2 - A potential security vulnerability has been identified with HP Multimedia Service Environment (MSE), formerly known as HP Network Interactive Voice Response (NIVR). This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
084b66e055026239b823e5a146253361afc7465060ae9d8e71bda3d8c747d60bHP Security Bulletin HPSBMU03083 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
73a42dd1d205af075ac13a53980fa2d8b783c0e087511fc3a802fccf142ae482Red Hat Security Advisory 2014-1008-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges.
895f5c5ab38ba11c423dfd8da315b61b826d60c28bd9d7889d9f879a38bc85fdRed Hat Security Advisory 2014-1009-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon. An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically.
70496a8ebb4dd1731d7edfde1a87d5bddac755a49a265d385ecf721c1029c329Ubuntu Security Notice 2306-2 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. Various other issues were also addressed.
85b1f00c2d58351a28e5e5bf4fbb3b0ca4c61a877b00712d9431223f7f23c474Red Hat Security Advisory 2014-1007-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.
d98d504697aa47b6242efe729363b71b1e6d6ea5e32959c502677616fcef87e6Red Hat Security Advisory 2014-1004-01 - The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically.
ec8a17bf89ea6a89674dde7563f016ec7cbf92c2d068f45ce3c2e5528b449282HybridAuth versions 2.1.2 and below suffer from a remote code execution vulnerability.
b4a2c10f7402a9aa4df106939ba9ab80577ac3249e5e9f2dc6910440f71a315eVembu Storegrid Backup and Disaster Recovery solution suffers from privilege escalation, information disclosure, remote code execution, cross site scripting, and denial of service vulnerabilities.
d618d75a0f84b532d28659f6547552d0538321f116fca1ea5115a8b5e9f9d91bSuperfish version 7.x-109 suffers from a cross site scripting vulnerability.
8ef2faf2c277333323448167cda1e9519a40ce672d93c2c92b8380794c6b3b0eLinkedIn suffered from multiple user account handling vulnerabilities.
b7e80b64ef8208024ba12901499b3e191a841b53b9be1ea935d1b89ecafb893eThe shellcode downloads and loads https://rstforums.com/fisiere/dead.dll. The dead.dll library contains a simple MessageBox.
9b3b71b034ad73528caa43cda1296e3fe7ca567b2a131fa15fa58dd4abd4c16aWhitepaper discussing how to not get man-in-the-middled at Defcon / Blackhat. Attackers in position to carry out Monkey-in-the-Middle against CDMA2000 links between customer stations and their carrier BTS equipment can leverage silent push PRL updates to apply a routing list preferring paths through malicious "tower(s)" carrying the subscriber voice and data traffic under threat. The use of a specific PRL version Zero (0), aka Preferred Roaming List Zero Intercept Attack, implements the rogue tower associations with least potential interference to legit carrier bands and devices present in broadcast domain of attack.
6ad1a29ff7edb0d81dee055061cb3d55b7de08bbf42dac02402dc4abff248b24
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed