vm-support version 0.88 suffers from file overwrite and sensitive information disclosure vulnerabilities.
88cde664c272d996d08d14171c3255608195c5e43983024662c4b1a6061485aeRed Hat Security Advisory 2014-1098-01 - HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. This issue was discovered by Florian Weimer of Red Hat Product Security.
7df65a02bbc1bc5f61cae3e68e09fedb553701534ae4f7610be73e42d295d8b9RSA IMG systems configured with NovellIM as the authentication source may be subject to a potential authentication bypass vulnerability due to the fact that no password is required to authenticate legitimate users. A malicious user with knowledge of a valid user name can leverage this vulnerability to perform operations with the privileges of the authenticated user and potentially cause audit-attribution problems.
7ed9817568420c9f158ee2e729151f691c893508ded59e56407c1ee1eb06110dWordPress WPtouch Mobile plugin version 3.4.5 suffers from a remote shell upload vulnerability.
7edb381dc99e6e071b376894e47673e6a5d4a2b0f2bbc8d49710cecd99b9eb26WordPress ShortCode plugin version 0.2.3 suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.
ef4485a00a05196cc2ba090494ef148cd178da683b19a50a019daa50233fd67dHP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.
74c6011fdf049e842deed96044d5db0c591aa6e4838740959a4510208f32ffefThis is a whitepaper that touches on various cryptography and discusses hash functions at a slightly greater length.
5aa0be1d76aebe75b38c23e223c667b62f5b40c08d40af7df228f6c99c7dfcbfNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
5a5fc2543566309d14e45b5c83c93dd5d1068a2c013de120036fabfc139f5561ntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic.
416f680eca8af567594e8b6d180dbb890b3878af0da9c1fadbc83a8c0321e8d1Dragonfly gem version 1.0.5 that is used for image processing suffers from a code execution vulnerability.
73d1691babfa29eb6acc63825a9b9c11c898fc71bcf13f71d6edd27512467136VTLS-Virtua versions under 2014.X and all of 2013.2.X suffer from a remote SQL injection vulnerability.
0ed68a92acb71c2b4782d8ca3eae4b92903781f036fd18f10eded456952c6dfbBarracuda Networks Web Security Flex Appliance application version 4.x suffers from multiple persistent cross site scripting vulnerabilities.
f9fbb5dd5944a82fd180aaec52a36c4c69a4e909cf944956e674721c4399c8b0Debian Linux Security Advisory 3011-1 - It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.
c093fa7246682f73827de1c6b9f5ff7e4aee631748170883f9576b67e222827dDebian Linux Security Advisory 3010-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.
a870a2e3f43337f13da823b837e2b2a580c7b425c4bcfb883aa8dcf8c3bf1b98Red Hat Security Advisory 2014-1091-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.
bfba8c9afe97c836d18408e65e0458e1d5ab5d3cbd7bdfc6b98648846082f02aUbuntu Security Notice 2139-2 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. Various other issues were also addressed.
41cf4ca7d03378db0d0120613ed712544cf621b6acd20be946b090c7634922e0Barracuda Networks Web Security Flex version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
ece2c59c8d74f20072a1679a21750291f342d6dd646304a909824b4550e4fc97In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.
ac72453c0063b45b72cc8060aab4c417bf781a5eebbe61cae50fb5c93dc9c3c7SSDP amplification scanner written in Python. Makes use of Scapy.
faa957efd4fa5aa13163e90e0aad0e3bc11900ced7ecb7b093daae7820f92053Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.
b8c61362492344b22533cf0c29ae89e1126382231a1db7c063c8dfffc085a1daMEHR Automation System suffers from an arbitrary file download vulnerability.
43237482bf048fe3e4d3a8426312aff9c448c4522aee0f9855cc51af36bee3d7The Online Time Tracking application from paydirtapp.com suffers from a persistent cross site scripting vulnerability.
18b433b693fcd82a50e6e2429514d31e634805f790d3d1ad87ec5e529f7c4c67WordPress KenBurner Slider plugin suffers from an arbitrary file download vulnerability.
0d8d60eff80420577c5cf79690cc7f6d887078835dd87f351ab0bb4af085615d@CMS version 2.1.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
e6854c856557d35be96b4420bd74f6f1855d65f1a97995aa9ed4e9ce797e38c4HP Security Bulletin HPSBMU03079 - Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be exploited resulting in various vulnerabilities such as Cross Site Scripting (XSS), Cross-Site Request Forgery (CSRF), remote information disclosure, or increase of privilege. Revision 1 of this advisory.
c5f52e5085948c08e65d118118c467892a5caa6d760bc7f4b5ef2b5c7792b524
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed