Debian Linux Security Advisory 3216-1 - Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system.
81c084de4cd2de6083573bce140eb406f89e273d97f00f390c9dd56fdc86863eHP Security Bulletin HPSBMU03296 1 - Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow a Denial of Service (DoS). Revision 1 of this advisory.
9513e9f5e721a57f1d75304573ad18b07d6f46d52f0ee772d57b7eadb0a6b5d3Debian Linux Security Advisory 3215-1 - Multiple vulnerabilities were discovered in libgd2, a graphics library.
f5407791a7d254b53e025eae1a764e715e59de2b3403d0297501a6900adb290cDebian Linux Security Advisory 3214-1 - A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script (such as postfix-to-mailman.py) to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file system.
abf188d9a2c976b95165071e0f07ae6e49e0b202ed2c520547e5a230417b5ae5Debian Linux Security Advisory 3213-1 - Multiple vulnerabilities have been discovered in arj, an open source version of the arj archiver.
7f8e93a398d961e10e08110b0546218adeb91474cde082dad6db5e68581db236This Metasploit module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication. The second problem is that the settings-new.jsp file will only check the 'username' attribute before authorizing the 'uploadFile' action, which can be exploited and allows the attacker to upload a fake xls host list file to the server, and results in arbitrary code execution under the context of SYSTEM. Depending on the installation, by default the Change Advisor web server is listening on port 48080 for an express install. Otherwise, this service may appear on port 8080. Solarwinds has released a fix for this vulnerability as FSM-v6.6.5-HotFix1.zip. You may download it from the module's References section.
2317dc92c6f139454e3f1f332df164d1f95a0522a4c134a535971f37a15fb0d2Red Hat Security Advisory 2015-0778-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 41.0.2272.118, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
10d36eec9969e9b5e3d698537439e144a6d70437b17d37086674397cd04d085eHotExBilling Manager version 73 suffers from a cross site scripting vulnerability.
f89a76503b13c1babdd6ef06c3833e86ce72585726e830aa66ce9afa10898690WordPress Work The Flow plugin version 2.5.2 suffers from a remote shell upload vulnerability.
b23e731d1911c049312f934170230326589cb951911a5055e04af2200b606f71Oracle.com suffered from a cross site scripting vulnerability.
6c4b6e99ca086b5b03c0f64ae43d2959fece8ee22e1ed5f22a41e02102ac10d6Proof of concept exploit for the Pitbull and w3tw0rk IRC bots that takes over the owner of a bot which then allows for remote code execution.
25d37202a1a216b2b3b0ea44f8cc962fb754a7bbee64d6160acc06a8185d216aDigital Whisper Electronic Magazine issue 60. Written in Hebrew.
c5a27d1c458250c59014799c3f3542537279ddfeb28d4dad6e909e0fc9818dc6PyScripter suffers from a dll hijacking vulnerability.
55afe0741013c5aa1c6904d79f64dbf252cb5d23bd2c7456e8b0ae301d4f2c89
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed