Mandriva Linux Security Advisory 2015-050 - It was reported that a crafted diff file can make patch eat memory and later segfault. It was reported that the versions of the patch utility that support Git-style patches are vulnerable to a directory traversal flaw. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the user running patch. GNU patch before 2.7.4 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
dd7de176b34a952d25575c635b880b8c9dc41848d647c7ceb42a7c5c8cf1b677Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users without the need for authentication. The cookie can be easily decrypted using a known static encryption key and re-encrypted once the PHP object string has been modified. This Metasploit module has been tested on the STBN300 device.
0487fb38d28fb3a16f1e6da5666a62aa264281d650c6fa4c8f45c8249d44e294HP Security Bulletin HPSBST03274 1 - Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS). Revision 1 of this advisory.
313530fb85dcd9b7a5909c43c1a9174d841e98c3f656b77b47c738ae47f3844eD-Link DIR636L suffers from a remote command injection vulnerability.
df7948a9c798ebc1230638924d141d539e501afcc6de8a28a912424e4ab221c5Slim PHP Framework versions 2.5.0 and below suffer weak cryptographic implementations.
7304a663661117ba1736dac58d918a2592aaf4e52793385fbe106cd9354f2843The RV4sec 2015 Call For Papers has been announced. It will be held June 4th through June 5th, 2015, in Richmond, Virginia, USA.
5ac341361c8658ff0a4f5d4ecf5fa9a5eb345e264afdb9642fcf2bb5d7cee691WordPress Calculated Fields Form plugin versions 1.0.10 and below suffer from a remote SQL injection vulnerability.
7e5962ac72858caaf2fb0139e1f2f9b4b15c8955c0374349c4d59471e823a696ECCMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
9eeb234bbd8787625b39c3f09b64e83fd61a9ce1aa037d29a827c35e31e2de3bMandriva Linux Security Advisory 2015-049 - A malformed file with an invalid page header and compressed raster data can trigger a buffer overflow in cupsRasterReadPixels.
4e612da94a75e94c7020c6ebba6df495936f1935a1e11297c6fb9e1c656627dcUbuntu Security Notice 2516-2 - USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. Various other issues were also addressed.
76903f6b56698c4952e01e1d34693ec01de15214367c1003f5d4153b94ec442fATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability.
44ffb91b51da80df29764e37e1a573311e6d31e296f500dfaa2f621352facdf5BEdita CMS version 3.5.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
343b3785e6e18f998615ce4afd69ac29404e76178c8291bcfbbabc530815a3e4arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
4af67f178eb58a164b5111e77b240cd7ee040f47573670c05d5a9905efc16e21The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. This is a POC to reproduce vulnerability. No exploitation here, just simple kernel panic.
a61882d75d8479cc731747b0d2682c513a28bb1ec35244e7dadceb22767f2277The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.
aa1298ddf2533503468e7415c2de8808d48b8fac52f00905dd6dbef860a455f8Fortimail version 5.2.1 suffers from reflective cross site scripting vulnerabilities.
4a9ca90086f920fbde41283b2de6cf6ada62459dae9b0d0f5aea2a02e800c26eNetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from multiple remote file inclusion vulnerabilities.
53f795f8a60c40bb0d2cabd0e643847a187fa5fa0ed2aed87c4340b11bb7fd27This archive contains all of the 146 exploits added to Packet Storm in February, 2015.
fe470aa6494680f0b9f1494501103139ce6bb81434637f768cd7218e7acd9df9Swiss File Knife version 1.7.4 suffers from a buffer overflow vulnerability.
bd1750a260505e80621dabe4def52528b4f6d76e51e6c987af5b67be5f14be0cWordPress WP All Import plugin versions 3.2.3 and below suffer from a remote shell upload vulnerability.
c38ce943c8d2cafa463b95e04fd56a3eb2837ceab61b895ff74cbe8f9c336f12tmap is a fast multi-threaded port scanner that tunnels through TOR.
db20e08df203cb56e43fdac32a8d5e55b9a58acd729cf037136a8348620e6350WordPress Photocrati theme version 4.x.x suffers from a remote SQL injection vulnerability.
158866c77fdda9bb7fca9fe0eb1c0d0c13e28fbfc60ee9b15419d6a2c013d73379 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.
318b8a39ccbe95150914624284fab185bb8e44b9b248cd2b89f8701e7946d1e9Piwik fails to perform signature validation when running updates.
b828fa052cbba603a1c31b4b2e170441da3919c6b79028adaa375fa4614c688aUbuntu Vivid Upstart suffers from a logrotate privilege escalation vulnerability.
57ba2d59b5541f853776351cd1d83860c51f823ac02e23145009c9b6c6f926b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed