SMF allows for a denial of service condition due to a faulty filter.
a17c1fc2d75d13b9b2542fff763dfc53947c4fb73ba1599019190380ddc685ab
OpenOffice suffers from a targeted data exposure vulnerability that can be performed using crafted OLE objects. Apache OpenOffice versions 4.1.0 and older on Windows and OpenOffice versions may be affected.
10f659f2eaf7982f9213c965e5ff1425f2181c74d43d89553fc3a5d81570745c
Innovaphone PBX suffers from cross site request forgery vulnerabilities in the administrative user interface.
2c0df44e0bd7ea867e3d05730352bfb283978ace1116d35dc39ded95dd584dec
Fatt Free CRM suffers from a persistent cross site scripting vulnerability.
075c9364c40e51879675adf412d10c0e60eaba645367a9036c80e3b0415405c3
HP Security Bulletin HPSBST03098 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running OpenSSL. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
6b12926594ba8f7c8d70b5d90a9ce15f32ac8dc1659bf4d15b061fb5f94c66a3
Apache OpenOffice versions 4.1.0 and below on Windows suffers from a command injection vulnerability when loading calc spreadsheets. OpenOffice.org versions may also be affected.
86a77c478eecf9bc2d12a53ac552a95f0f16445270b7fd1fc0bc882821dbcac6
This is a draft of IPv6 Extension Headers in the Real World. IPv6 Extension Headers allow for the extension of the IPv6 protocol, and provide support for some core functionality such as IPv6 fragmentation. However, IPv6 Extension Headers are deemed to present a challenge to IPv6 implementations and networks, and are known to be intentionally filtered in some existing IPv6 deployments. This summarizes the issues associated with IPv6 extension headers, and presents real-world data regarding the extent to which packets with IPv6 extension headers are filtered in the public Internet, and where in the network such filtering occurs. Additionally, it provides some guidance to operators in troubleshooting IPv6 blackholes resulting from the use of IPv6 extension headers. Finally, this document provides some advice to protocol designers, and discusses areas where further work might be needed.
4f100808cfb77d0cea54d4c5b190d179c17b9bd141d9d61bb6013c9766d28960
This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This Metasploit module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT. The injection is only exploitable via a GET request, which means that the payload has to be sent in chunks smaller than 8000 characters (URL size limitation). Small payloads and the use of exe-small is recommended, as you can only do between 10 and 20 injections before using up all the available ManagedConnections until the next server restart. This vulnerability exists in all versions released since 2006, however builds below DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your luck using the MySQL targets as a JDK might be installed in the $PATH.
2303a20c633607820360bf175e8ddcfcf3d6b6b09c0f821b088c81147d0f9348
Debian Linux Security Advisory 3009-1 - Andrew Drake discovered that missing input sanitising in the icns decoder of the Python Imaging Library could result in denial of service if a malformed image is processed.
e43894f4abd1d3c313b7872270168b4c04b61d3f2bc1d935f7e2d7b89f1395f0
Debian Linux Security Advisory 3008-2 - This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced.
f4adb38398d8f31b4ca819dc326b884e46dbfc8381b62be571d21fceb9b1f9c6
MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.
1d3cbd754819ecc59f45d3c06619581f1198302e0b64245967e18910a34dda88
CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities.
f07d37bc985640df912af83e027860dfb44dd82b807aa4a00588820ffcce80d3
Ubuntu Security Notice 2325-1 - Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration details of another instance.
8788b38b5a81104c8f533ce3a4143ab93be8c6996fcfa6dc36bab40aff69999d
Ubuntu Security Notice 2324-1 - Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. Jamie Lennox discovered that OpenStack Keystone did not properly validate the project id. A remote authenticated attacker may be able to use this to access other projects. Various other issues were also addressed.
1632498be04b1359c92fbf3613e7ffaae0db2f9cddd39c0d312bdc35e22eb168
Ubuntu Security Notice 2323-1 - Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. Various other issues were also addressed.
af5d9eaa139a9915db9bda1859494977f366c015c3d6601bc6ac733e84f186a0
Ubuntu Security Notice 2322-1 - Thomas Leaman and Stuart McLaren discovered that OpenStack Glance did not properly honor the image_size_cap configuration option. A remote authenticated attacker could exploit this to cause a denial of service via disk consumption.
75702fafcd9acb64d5cdae128214cc86612c7fc20bd6e7bae42ebbd1a9b2ea90
Ubuntu Security Notice 2321-1 - Liping Mao discovered that OpenStack Neutron did not properly handle requests for a large number of allowed address pairs. A remote authenticated attacker could exploit this to cause a denial of service. Zhi Kun Liu discovered that OpenStack Neutron incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.
5b7b6a9f75cfd520067e6ce6a174281f6d497b3744e0c37c37a61dd014f8632f
Ubuntu Security Notice 2311-2 - USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the corresponding updates for OpenStack Ceilometer. Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens. An attacker could possibly use this issue to obtain authentication tokens used in REST requests. Various other issues were also addressed.
ad7b0e30b51d9f8a5abbb08b6f790464b6327d5cce37067210a3bd846815e2be
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
9482d2e2c51d01147af19350d4b0861c11855b2dd918151a4bb721e877b49566
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
01ecb4373ce5556dc9e13c02318a734eb042902f76dceebdc04894cc979a9dee
ToorCon 16 has announced its call for papers. This conference will take place October 24th through the 26th, 2014 in San Diego, CA, USA.
8dc7d28390f95ad5c0039a8b58b1ef87ea3aa20a063688c4137ec5604f280dd9
ArcGIS for Server version 10.1.1 suffers from cross site scripting and open redirect vulnerabilities.
df3cafafee2a56ce02291cb9609f9243863e0b48f7556cc7572db5590e99a6d5
Red Hat Security Advisory 2014-1086-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.
1869ac672baeb6d6231ed4264632e0262537ca84832e3d8b68ec845527428f94
Debian Linux Security Advisory 2940-1 - It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code.
a2c5ba27eba620d705bc979e39632bb700c5a4d3e90ae0a26a1a3d26bf11271a
Debian Linux Security Advisory 3008-1 - Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development.
aba292eea0cbb7cbbfdba617dbea50f35ade910183dcb8ecb26ee494d52b6f34