Cisco Security Advisory - The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains multiple vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
dc4f1b039a8cc220f77322e33bf032ed370e94d2f117b6a264bed10e06e22b92Cisco Security Advisory - Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device. The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
86c86ce647dd4d86d2f4e897f5eaf3298c3d789c2a636de21ab0d0483a2c8e91Cisco Security Advisory - A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to ca use an extended denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.
122e365c878707d3cce528bd30d26500785e493a4517236096ff2341779bcca7Telerik ASP.NET AJAX RadEditor Control versions 2014.1.403.35 and 2009.3.1208.20 suffer from a persistent cross site scripting vulnerability.
c00ca1a36468d8069de3d09b942cd140f1aa6d4e521b6cead6b21e7289d8edeaHP Security Bulletin HPSBST03103 - A potential security vulnerability has been identified with HP Storage Enterprise Virtual Array (EVA) Command View Suite. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Note: OpenSSL vulnerabilities are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows a Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
882f09e4ae66f5476a8646fa21caa2060ff6252423c643fc39c47a7720edd173Mandriva Linux Security Advisory 2014-182 - Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server. Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions.
b2f5fd7e47dd9bc8959074a0564d784d915215f47c511bbd8081ec1d31fa3bacMandriva Linux Security Advisory 2014-181 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The dump package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
0f75b6891aae24693a8f4e99262c27b89e7e8729e07fcfea36107cd8471f1867Mandriva Linux Security Advisory 2014-185 - Libgadu before 1.12.0 was found to not be performing SSL certificate validation.
4b4385736d1070ac345613dce34804ddc6711899bec6f7f9e55d94b56fe3dd51Mandriva Linux Security Advisory 2014-183 - In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.
1696f1ee65496e52f68751a5547aaee9e1f92d935118a6c145b08acaa2b51116Debian Linux Security Advisory 3032-1 - Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.
7d7ff0314912c76766865251c1493b2d34d061b327ed6f9d10226a30e97312ddGentoo Linux Security Advisory 201409-9 - A parsing flaw related to functions and environments in Bash could allow attackers to inject code. The unaffected packages listed in GLSA 201409-09 had an incomplete fix. Versions less than 4.2_p48-r1 are affected.
7d34d7be6b922ed985830cc26b5e36adaa147f958aacdbc9a27f6e8fe28f550bSlackware Security Advisory - New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3d7981c8975006f49b5ad19b36029267c1636583968e19f0348fe0f6d92b8448Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
75a5ec233c78a8c40f1c113cad473beb318b798a990321a19251fd7a15c550a1Mandriva Linux Security Advisory 2014-189 - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to the latest version as of 2014-08-05.
46a34a4e8012eab187a9e30838cea24c9c53c4b1295b48500f72627c1291a112Mandriva Linux Security Advisory 2014-187 - In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to access the site. In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top Level Domains , thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.
b3f22c75a92b1ce4ae6784727ffb767952bc3783b07b4700c6e473764db78e78Mandriva Linux Security Advisory 2014-188 - Updated wireshark packages fix security vulnerabilities related to RTP dissector crash, MEGACO dissector infinite loop, Netflow dissector crash, RTSP dissector crash, SES dissector crash, and sniffer file parser crash.
cc1d84ccf2d7f1872dc08a4d251047211b14fab272f2c2cb9827dd2e396ee6e3Debian Linux Security Advisory 3034-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
79de4320568e4b16d46f128066d3ed5727d30dad9b7432d769bae6befc4bbbaaDebian Linux Security Advisory 3033-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.
3bb8562cd39dc6b69437ddb1dc2332a8799a87972d5e22e62be562ece65a14e8Mandriva Linux Security Advisory 2014-186 - A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
dd22cfcf0af7e59f09c6b9d501bda0a7b9030bdd6dc16f7d18f439d3bc864382Mandriva Linux Security Advisory 2014-184 - A remote denial-of-service flaw was found in the way snmptrapd handled certain SNMP traps when started with the -OQ option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.
0b242c6a63963c589cac2cd1587058f329b89e372158fe7418d20410f8f2ef2fZyXEL Prestig P-660HNU-T1v2 suffers from a remote credential disclosure vulnerability.
a11b0844b499c1a56ff865d40ff31c2d6190bd5310c1872b46386cd82ef5acd9Due to a processing issue with environment variables it is possible to leverage bash for command execution through various methodologies.
10416de1b992e9a1adc732bd402d4760e0a76f5de17bf16ba8456967dcec154bBash specially-crafted environment variable code injection proof of concept exploit that inserts the malicious payload into a User-Agent header and looks for a 500 response on a web server.
1273ee8212b97a8ecaf568588e84bc96f969eba4ff5386e89d28e7453e106454CMS AutoWeb version 3.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
279b5425a6bff2252c116322d11992c4e67a38e00cc18241d49877aabe59a709Gentoo Linux Security Advisory 201409-9 - A parsing flaw related to functions and environments in Bash could allow attackers to inject code. Versions less than 4.2_p48 are affected.
8551811d553ddfdec75a15ba67cdecb9c82f0b7c97bfce099ffa5852dc723278
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed