This bulletin summary lists one released Microsoft security bulletin for May, 2015.
f279f1bf5e619188ff7097c3321c23c74165e1c6950e7d2cd4e1d1dd445f5710hardwear is seeking innovative research on hardware security. If you have done interesting research on attacks or mitigation on any Hardware and want to showcase it to the security community, just submit your research paper. It will take place October 1st through the 2nd, 2015 in The Hague, Netherlands.
fa2897a650cf3e3328a5b4c9dffd87b67dfc41153f9fb829c35d1371a19933f7The Hacktivity 2015 Call For Papers has been announced. It will be held from October 9th through the 10th, 2015 in Budapest, Hungary.
93bba81cf278f9f3cdea8c22d88b46abf29db7ee63db5cf936f3104bf5bac1f2KCodes NetUSB suffers from a kernel stack buffer overflow vulnerability.
23355f32384caa77fd5215fcd1180af3983315488b8385634c6831717e64c2fdUbuntu Security Notice 2617-1 - Tavis Ormandy discovered that FUSE incorrectly filtered environment variables. A local attacker could use this issue to gain administrative privileges.
1ee6d90880ff6d88b3c4bf8024e12cd47acb4ecf6dcf294774b26dc242850139Coppermine Gallery version 1.5.34 suffers from cross site scripting, open redirection, and directory enumeration vulnerabilities.
086ca064d94366ef1030633aba925f544189f005411834047fad3a4592126680Newsletter version 4.3 suffers from a remote SQL injection vulnerability.
fad83bcfc46d547af5883c5d93dd0c2a3271b9adad34676ea3284ee87947badbWordPress WP Photo Album Plus plugin version 6.1.2 suffers from a cross site scripting vulnerability.
dc87e9e9a57eaba329f327e233795a7d58028430aed823b369b88e95f8d7eadaMicrosoft Windows versions 8.0 and 8.1 on x64 TrackPopupMenu privilege escalation exploit that leverages the vulnerability documented in MS14-058.
7d524f41ded3fbca83cd0ed3b01c95d13cab774d7a2fa4d2956447e6c0c1eed9SAP ERPScan has patched buffer overflow, XXE injection, and missing authorization vulnerabilities.
de0cd2f323a3c4f9aa15056db27e15071c37dd9bcf40321c654953ba86e94f21Hikvision DS-7108HWI-SH suffers from XML injection and abuse control vulnerabilities.
d1bb4634146fdef0c8b2ec9946f0fa8374acbf0fa0d2991358c04ebba364be68Red Hat Security Advisory 2015-1020-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
b7d2def09d6a78b4b5773552927e06c22239193f9ed1990fc14f946a4e0ffbebRed Hat Security Advisory 2015-1021-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section. The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security.
10ca220cdd88181ecb769acfd07f597ebc5e8fec1ad61aa1d821d8957b3807aaHP Security Bulletin HPSBUX03333 SSRT102029 1 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
d5271c40b418bea801c994c27d89bc2fae9ac0aa743450c1e0ec36ed88a20b50HP Security Bulletin HPSBUX03334 SSRT102000 1 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a remote Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
eb46fc96819b54c25b2a92e13c8d15dbf525d9e7dd4c0a8ec10967d4cdf2a74aDebian Linux Security Advisory 3265-1 - Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154, all these issues were already fixed in the version initially shipped with Jessie.
cbf8949170958062f759dd3c0cd87f491f53a82a613a92ce18da29ba930ac6feDebian Linux Security Advisory 3263-1 - Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the mod_copy module allowed unauthenticated users to copy files around on the server, and possibly to execute arbitrary code.
ac6dcf2b8a50d76523a286978d647d532f4c498be4105ebfdf07388d03782759Debian Linux Security Advisory 3264-1 - Multiple security issues have been found in Icedove, Debian's version of buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.
1a6f9841957ac17613535fd8516b7c9643eed0d4da7d865d3eadb70a9e675a3dHP Security Bulletin HPSBGN03286 1 - A potential security vulnerability has been identified with HP LoadRunner. The vulnerability could be exploited remotely to allow a buffer overflow. Revision 1 of this advisory.
77e1f0017599d488ff29131b60913d103e2951095b7a7763d0e85a09c3bd04a5HiDisk version 2.4 suffers from cross site scripting vulnerabilities.
64d72136f12d344f723dc4b373e08c6d1dbf2f416063afa99305e3907efcb50bApple Security Advisory 2015-05-19-1 - Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.
f17aeaf116598c6c534faf7325f8d39d4a47f7b764dc38ac0fa599637f23b26326 bytes small Linux/x86 execve "/bin/sh" shellcode.
55b3e8c490b7e00c5773c1954fca27eecc61f1db2813dc8878005631e4a57d53Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).
9f9180461e9cd73423e245a053523757ad172b33d270f5c669f95253b81dd237ZOC SSH Client version 7.03.0 suffers from a buffer overflow vulnerability.
e42dd15e4a510917e7e3c36fb2b609903cd637f9a9ab4132272feb7ccf07962aUbuntu Security Notice 2616-1 - Alexandre Oliva reported a race condition flaw in the btrfs file system's handling of extended attributes (xattrs). A local attacker could exploit this flaw to bypass ACLs and potentially escalate privileges. A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a denial of service (system crash) or potentially escalate privileges on Intel base machines with AEC-GCM mode IPSec security association. Various other issues were also addressed.
6d5e854fce22dc7828dfb7fdb530544b850ada7e6eb90e28677f9de08e01f7b9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed