Debian Linux Security Advisory 3169-1 - Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.
3fe931b7ce23c334ac550e9b3f9ce61c02f2b4cad71b1b7018abfe10daf65a20This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.
ee5df7dbf0ac4eac44f2ff30e728e5eeff13120951dead86a3ad506611178a0bThis Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This Metasploit module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.
d843ef58af2b82e590925f0a42de6759952ad10722aca5dd7bb3fdf81fef83abZeuscart version 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
83fe2ac3fff4f7dd6763b128da0c9fc09bb6c126b4c892de632011dd0205f869Red Hat Security Advisory 2015-0250-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
223f087cb4c18b5e0df4bbb85c9e8c9802320e9a7503f9196e17bcd0c3f87e1aRed Hat Security Advisory 2015-0254-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
396be548967c22bd3cfcf184d1b4b49564094a2ab6b42daf22a9788fe15649e8Red Hat Security Advisory 2015-0252-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
90e5160b394e909032d08c8d71259155a8f664cabf465508cf1381d7bc647339Red Hat Security Advisory 2015-0251-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
3e27df70935a97c29c3bc1050f9042e807f4ffc3f4197c8673145842ae07c09eRed Hat Security Advisory 2015-0249-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
053bc1510a3be04466b10bbd8804b882a6add648db0c66bcfbe4dd30016cdbfeDebian Linux Security Advisory 3166-1 - Jose Duart of the Google Security Team discovered a buffer overflow in in e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file systems. This issue can possibly lead to arbitrary code execution if a malicious device is plugged in, the system is configured to automatically mount it, and the mounting process chooses to run fsck on the device's malicious filesystem.
27227b3cac633bfc9c19baddb259253c2a9c639b7ddd345fada9860a5f161b0cRed Hat Security Advisory 2015-0252-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
e44b9c545254680c21421cab45a6331b3e099d99facf78667d0a998df43b7c4aDebian Linux Security Advisory 3168-1 - Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML.
bdcc66fcdbf536e7ff217fc9a0b031db97b09dc8b706dfb7797a8dc9770884dfRed Hat Security Advisory 2015-0256-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
ec46e600dcabda559a0e3ba2be776e8ee6d00d84b7580e9b7a7b574ae8035edfThis Metasploit module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used.
a2b4ca412d9f29c4356c655f0f95dafeadc83a07afc9bdd472d5188927e91f03Red Hat Security Advisory 2015-0255-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
d09ca20340cf3e1cfb11f15e9cd087fa31ba7037c053a37f8a76ceebc3b53f29Kony EMM version 1.2 suffers from an insecure direct object reference vulnerability.
4ae88ded8493b490c6e43fa9c02849c47b3dc15fefa544ac71e8150dee3bae25MyConnection Server version 8.2b suffers from a cross site scripting vulnerability.
c9ab77625e1367cca46f4d58fe3c3178212c8c6049ec8e802f27e40fb5e81473Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
327557842dd7782175a33303962605165ac096158c48e68bfc6b59817ebd0933Debian Linux Security Advisory 3165-1 - Jiri Horner discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.
298e5a07e6894c3e9f9deb239f8a732c5b944f9972048325d4aaa29b057cc979Debian Linux Security Advisory 3167-1 - Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.
c8ab68f024d041a656114d083d7d34267de02fc254ac8f6877df2a8e726b7843xaviershay-dm-rails 0.10.3.8 suffers from a MySQL credential disclosure vulnerability.
35e1d1923fcb9cbedc88f92f321c4d39b8695274a52d7b4326b6010d8c0151d5WeBid version 1.1.1 suffers from an unrestricted file upload vulnerability.
0a29501b52601df8e1a2c36d36023a6d23b42554cdc2393e27eeb09b58827dcdWordPress ADPlugg plugin version 1.1.33 suffers from a stored cross site scripting vulnerability.
415920191d7780c63381322152622b9cf64d89a50a07bd324e8362f21f50bf6fThis is a simple perl script for setting up man-in-the-middle attacks on Linux.
d38e8956c0b99e7aff2b55fc10799e47aad7c2ed96fe26151631c149f50fbb5dCisco Security Advisory - A vulnerability in the parsing of malformed IP version 6 (IPv6) packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System (CRS-X) could allow an unauthenticated, remote attacker to cause a reload of a line card that is processing traffic. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. An attacker could exploit this vulnerability by sending a malformed IPv6 packet, carrying extension headers, through an affected Cisco IOS XR device line card. An exploit could allow the attacker to cause a reload of the line card on the affected Cisco IOS XR device. Cisco has released free software updates that address this vulnerability. There are no workarounds that address this vulnerability.
f9aa7d30c2de2cac2c6146829a9ee7f577afc484369915793565a06538f4f0c5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed