Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
84693bf5875857bf1aef3a8ff8109da4cc10e64269208054bbcf94fb615da627Red Hat Security Advisory 2014-1677-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
a1a7daeb8f00d61b5fd598488dd3623a94589f4e8068dbe4da544bcb5b33bd85Red Hat Security Advisory 2014-1676-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
bdf40530db7c8682a601bae4e2f22d37e58a49b1d2153ac8f3eb1a6af401ef27FileBug version 1.5.1 suffers from a directory traversal vulnerability.
68f8161fd2bcba1b4a680766f51a2df19b7dbbb4dc28c47a3132814ccb9dd6f4Files Document and PDF version 2.0.2 suffers from a local file inclusion and multiple command execution vulnerabilities.
06ca2a08bfc9fada66ccf272a71441d3a5ef64fc9f3615a4615b4885d70b62b9WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities.
174d4b8c6bd2ff775a42f9856e7c4a23ceeb230356f290fe0acf21783052065cIncredible PBX 11 version 2.0.6.5.0 suffers from a remote command execution vulnerability.
906d17a87f8a01499cc6e0f37b12efc839bde8b912bfe6242274655c193a2cc2HP Security Bulletin HPSBUX03150 SSRT101681 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
4da09901892670541bc06bce0716f03bf67eec1782653c05c5f559b376b89246Mandriva Linux Security Advisory 2014-199 - Updated perl and perl-Data-Dumper packages fixes security The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. The Data::Dumper module bundled with perl and the perl-Data-Dumper packages has been updated to fix this issue.
dc19d5d4be63100b1a9dbb64cf7587bae6e7a38cfaf80f976586d0016b2ee1e6Mandriva Linux Security Advisory 2014-198 - MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files. MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to JavaScript injection via user-specificed CSS in certain special pages.
203ecd5d429b9db3c2d9984f8a0ecef47d2012f052b9ba15d8080f4757f1211cMandriva Linux Security Advisory 2014-197 - Python before 2.7.8 is vulnerable to an integer overflow in the buffer type.
2c5b78300ec62d5bed39649532139fdd19a0f28439c2e6cd1b55641216103867Mandriva Linux Security Advisory 2014-196 - Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
163db772baec808ac8533a3c1ddf3059f717bd8f480fdf1a51d926bc04284d17Slackware Security Advisory - New openssh packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
b02606af88649aabc62638536f007c27bce518275be821922d8d2ba68cb082dfMandriva Linux Security Advisory 2014-201 - Multiple vulnerabilities has been found and corrected in the Linux kernel. These include stack-based buffer overflows and denial of service issues.
18d0010448f4aacc19c217e3371db5d34c01d05bb3fb2bb9179b1b838891d685Mandriva Linux Security Advisory 2014-200 - If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group. An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name could be automatically added to groups based on the group's regular expression setting. During an audit of the Bugzilla code base, several places were found where cross-site scripting exploits could occur which could allow an attacker to access sensitive information.
61c8f38894850ae966a1583e1ba4b90ec2c9300c03912a57fe10569160797a9eThis Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.
95061f597110575d12518dbaad93354d7acf1c2eabf6a59fdfcc9c6bc66fdd45This Metasploit module exploits a vulnerability found in Joomla! through 2.5.25, 3.2.5 and earlier 3.x versions and 3.3.0 through 3.3.4 versions. The vulnerability affects the Akeeba component, which is responsible for Joomla! updates. Nevertheless it is worth to note that this vulnerability is only exploitable during the update of the Joomla! CMS.
5516d077b739b43923f128e4105b580cf998eaf5385300c161f3285ff983977dThis exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This Metasploit module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.
532410fb174f7f3d0672bb77c79174e37f6739ffde13774940b5b666f7c88240Proof of concept exploit builder for the OLE flaw in packager.dll.
bf8f40fd7aba463440435a702ccfc5879b399208ee147aa37a2caeb489e32cd7Asterisk Project Security Advisory - Asterisk suffered from the SSL POODLE vulnerability.
f3393b5e599a0d63b52314b6cb1f7808ffb0f59894dcb498c686d60e147cb6d3Apple Security Advisory 2014-10-20-2 - Apple TV 7.0.1 is now available and addresses bluetooth and SSL 3.0 related security vulnerabilities.
c890e6b559bc3c39268a1477242e07d30dca426a1c327584e5bf3110bfd6fe17Apple Security Advisory 2014-10-20-1 - iOS 8.1 is now available and addresses bluetooth, insufficient cryptographic protection, and various other vulnerabilities.
2e164f01c6db9964bcf49a31c30cf308c0683a074854438dd1b12a474cb7e60eLiteCart version 1.1.2.1 suffers from cross site scripting vulnerabilities.
77ea6e452c5e4f517abdd706f1f810fed70a5e25bf07f2acf9ad53e1a5095547Debian Linux Security Advisory 3054-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40.
6cd0ef9d078a2a8cb4ec2678875183e6895b173dadfa04a47e2632d3a36c536fRed Hat Security Advisory 2014-1671-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon.
0492ec6cab84392b110bcb934f8441ca003623f7479694577d1178f88b67c705
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed