Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP
40f0cfd35789791a3221e29e1e315107c0ccf98e5d5f17f0defa24fafd955c3fRed Hat Security Advisory 2015-0288-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted. All foreman-proxy users are advised to upgrade to these updated packages, which corrects this issue.
9a44666ee5021b23cf0a931497cd049bd2e0b94971a9f23ca08cdfcf7ec5ab2dRed Hat Security Advisory 2015-0287-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted. All foreman-proxy users are advised to upgrade to these updated packages, which corrects this issue.
2bb056ee7a16c71ba171b2c87fe2b75d19caf95d69e78f478309e38072735ed0PHPMoAdmin suffers from a remote unauthorized code execution vulnerability.
21fd0804381c2fc8afe336341dc8f589c36c03b5a3b2a911e3090c797c847697Red Hat Security Advisory 2015-0286-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 was retired on March 3, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after March 3, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
15f339cac221db2e08ddaa1ecdf79c47e1c891ac538d4df2be1d88b71f87022cRed Hat Security Advisory 2015-0285-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. This issue was discovered by Liu Wei of Red Hat.
050b6bc184d04b6b384540b1f5f5fff667ee6134690305e100aad6ef86bfe93aRed Hat Security Advisory 2015-0284-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system.
3a23bafa7ff0984a430f6377352c08ac1cc9765d54947d73d20afde3035fbc0cMandriva Linux Security Advisory 2015-052 - Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via a Content-Length header and a Transfer-Encoding: chunked header. Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. Various otehr issues have also been addressed.
97bbcd6d4926c538ddee85ad3d0f0b44d18269f0be80dd2f5d3003993c58a4a6Mandriva Linux Security Advisory 2015-053 - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service via a malformed chunk size in chunked transfer coding of a request during the streaming of data. java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. Various other issues have also been addressed.
fe7dd525200711ca8beef5888a4d5fba2a1e6a655e7bc8d56fb1e925244aad4bMandriva Linux Security Advisory 2015-051 - A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Sympa web interface newsletter posting area.
2245d844c77c4acfc7ca77363eb9659c18cfb7b8858fde4ea3330d6a315aa50bDebian Linux Security Advisory 3178-1 - Jakub Wilk discovered that unace, an utility to extract, test and view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service (application crash) or, possibly, execute arbitrary code.
eed86da5208b3c698927ff0413be8a90114ed5eac9b7a3f513f6a18ab222c021Ubuntu Security Notice 2506-1 - Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.
fd2ab51b8e90c661a8c8788fcb8ad98b4d3bf3bcf584b70d8806b16fc5539103GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
91bf1ef5c159b7f2176f972184545b287af6507ab55a543f6007d31406b97a99BEdita CMS version 3.5.1 suffers from a cross site scripting vulnerability.
9f7e7240c9d3015cabceaf347fb735aa735f7a5caf21173da7d5a1c32bcc25b9This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.
7810fcb69993934064a2c2e0dc2b58aaf5d7e3002088449a8499f31076eee919
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed