Apple Security Advisory 2014-12-18-1 - Xcode 6.2 beta 3 is now available and addresses a unicode issue that can be leveraged by a malicious git repository.
f61fd9d0d48bd3edc62fd01719a27d1689aae89d9c6537e9356ca5a7b525aa5cUbuntu Security Notice 2448-2 - USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.
c47545b18e641e882b45a3c426edabfd912ad269d8872340a45d7660ebe5e154Ubuntu Security Notice 2447-2 - USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. Various other issues were also addressed.
48836bea6415674b21cc9d2e67d419022278c5cdd948c6b798dbc7a87a1e15beThis Metasploit module attempts to login to the Varnish Cache (varnishd) CLI instance using a bruteforce list of passwords. This Metasploit module will also attempt to read the /etc/shadow root password hash if a valid password is found. It is possible to execute code as root with a valid password, however this is not yet implemented in this module.
fe293ec94b3dfa7e3027ffc1c7be75b60a403e4ba9e56d55b6442ac2180a0939miniBB version 3.1 suffers from a remote blind SQL injection vulnerability.
e5da1d18bf539a350dd613c18592c5f2c52ece3839b3a480990d86cd2ceb3e87Cacti Superlinks version 1.4-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities.
5a23314873f3c7b79647dafc858449285d365137abb907d03a2007a2c4bb40fdNetIQ eDirectory NDS iMonitor versions 8.8 SP8 and 8.8 SP7 suffer from a cross site scripting vulnerability.
42f12d914fa5417e9b3009fd6a0222ff5662fe88ac1c59cf41efc6d5318502e6Mobilis MobiConnect 3G ZDServer version 1.0.1.2 suffers from a privilege escalation vulnerability.
6c74b1f6e37725e0c1ac37c1c232da750e8669314683cec2a7bc5be5684e7c8dCodiad version 2.4.3 suffers from cross site scripting and local file inclusion vulnerabilities.
fe2507339eb5aeda7a897ee547f5f0796393c2acefcc81e722686bf71a1385efProjectSend version r561 Ultimate suffers from cross site scripting and path disclosure vulnerabilities.
f914ac1aa8fc5e724fe7cbdabea5e45d01a153211b858cd9a295349ee69dc04ePiwigo version 2.7.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
26ad1bdac26fbe5346039af7a88028c6e43d1ef8d7e34e737578c4186353d04cGQ File Manager version 0.2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
886376e4da426f55cb91e358853374c9e2a50517b41435e2711a8976b7e01973Ettercap versions 0.8.0 and 0.8.1 suffers from multiple denial of service vulnerabilities.
c2d3c37bbcf2c09b4172044c3ddf17cecc9c546ea8ab8c937287a9c6a36c57e6This is a brief write up noting javascript backdoors left in common PHP shells.
5cfb1217e9087a15de79d56e9f05827f2a275f0a080cf8427518a3cba732ef2f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed