Sites powered by STI-CS appear to suffer from a reflective cross site scripting vulnerability. Note that this finding houses site-specific data.
6c7fa5c208f1047e4fd9453cf8b12c2019478074948bb94de73a566e703d5af0Paranoic is a simple vulnerability scanner written in Perl.
dab89a511b987be36693b6be78738052be66e63dceda5ce2baa3684d5850c598MX-SmartTimer version 13.18.5.11 suffers from a remote SQL injection vulnerability.
910ee76b2728dd8b4e94d623049eb95c3fbecb201aad27d57ae75db99ae50833EhsanWeb suffers from a reflective cross site scripting vulnerability in the forgot password flow. Note that this finding houses site-specific data.
29138f17af825bcde7951a3727aed93db07923cad7c6aef04cf1ada9b5fc9038Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key. Spiped uses strong and well-understood cryptographic components: The initial key negotiation is performed using HMAC-SHA256 and an authenticated Diffie-Hellman key exchange over the standard 2048-bit "group 14"; following the completion of key negotiation, packets are transmitted encrypted with AES-256 in CTR mode and authenticated using HMAC-SHA256.
d8fa13a36905337bec97e507e0689f7bbc9e5426b88d588f3ddd3d6c290dcf5fSierra Library Services Platform version 1.2_3 suffers from cross site scripting, user enumeration, and HTTP parameter pollution vulnerabilities.
a6b55b2f25753f6aa79f465b7dad177fd8822701d788d595cf90f0a72f217779Gentoo Linux Security Advisory 201408-12 - Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition. Versions less than 2.2.27-r4 are affected.
74c770647893db7bdefa7fe626d5e7a9771e8d4cd1ddee8a7bd68e3e8bb6436eGentoo Linux Security Advisory 201408-11 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.16 are affected.
603e59db98b503d98e09222be7ae1aa6e92e8c93410b7df813b8dd5222e058f1Gentoo Linux Security Advisory 201408-10 - A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information. Versions less than 1.5.4 are affected.
dc140fe843d5ab6ab9a5998f40aeb6364054dfe18d31c18f4b8b0f7836c3a02eGentoo Linux Security Advisory 201408-9 - Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition. Versions less than 3.6 are affected.
9eb259c7ad52db023b5746739662027753337b7e5aa8cf8018a3c533be9cfb5bGentoo Linux Security Advisory 201408-8 - A vulnerability in file could result in Denial of Service. Versions less than 5.15 are affected.
0142ad27148e5ac6699d382c815155e6f2bc50d4ef090fea10e1dcdb1eff30b8This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.
09304427dd22c7e28697ed8884a68eace55d46112a2478ec08167189b258e8b1Ubuntu Security Notice 2328-1 - Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. Various other issues were also addressed.
ba67695dc9b003222520566f863135bb43e18212d94c36bfac54afb17dbc0f23Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.
546be34b84eb08e6ac3baa3ac0e66b3bfb9668ca3a749ee7e0b2cf5eb2d3a2e3Gentoo Linux Security Advisory 201408-14 - A vulnerability in stunnel might allow remote attackers to gain access to private key information. Versions less than 5.02 are affected.
d86bc9ea6dc2a2497305fc97390f67a9668550351c8f73a702c11287b7c2e7cfGentoo Linux Security Advisory 201408-13 - Multiple vulnerabilities have been found in Jinja2, allowing local attackers to escalate their privileges. Versions less than 2.7.3 are affected.
45f5f1798920b592c6c3fbfb7e03ae46684a6d440f2f5afdd03f111a7ff058f6Microsoft Internet Explorer memory corruption proof of concept exploit that leverages the vulnerability noted in MS14-029.
600c25c1cc00d3311d1f22ed49481b0b5404a23c42a3bbb117e32002245af5c8HTML Help Workshop version 1.4 SEH buffer overflow exploit.
cf425fc000aff0270a6469918766dbbe86edb540b07c13b03687a3cebaf99badWhen configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. Affected includes F5 BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 11.4.1 HF, 11.4.0 HF7, 11.3.0 HF9, and 11.2.1 HF11, Enterprise Manager 3.x versions before 3.1.1 HF2.
f5a601d52bace71319785c4a4bfb38eecd8c7a083e7b2a88c883e44a078bdb89Whitepaper called In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux. This paper discusses the difficulty of analyzing swap files in more detail, the compressed RAM facilities in Mac OS X and Linux, and the author's new tools for analysis of compressed RAM. These tools are integrated into the open-source Volatility framework.
1ddd0eee0008fb9756e99dd2a397a4b85daab9c0e6c31fc8bc3ada8fb8ea862aNRPE version 2.15 remote command execution exploit written in Python.
c268de70bbf269dcf7e9d20818207c8f9d7979d2b3054cdd2d722e64c5890c38DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
9e1d059a854c7452d4e992af1f56cbf73f5ba81749003700ac74a405686063b5Jappix suffers from a persistent cross site scripting vulnerability.
107180118407f89e40bf1d31d9e71d1f970b1b47742016591ef2b1a27d8e20e1Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
ccac50d8d03ae7c81314aa8188dda0dc4684861462b8f91c845daaa662548bdaF5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.
90bc183e4916362d71c4474e9345d2f9d2041b58846f35012b0a395feaf2417a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed