Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.
7ad3112187e88328b85e46dce7a9b949632af18ee74d97ffc3f2b41fe7f448b0GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.
214f9d30727be2c3b2b4aa78f18251e30e604ff0e311e01b438ee81349215f74MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.
cc5594fe51b541c29a67c4f947fe79867dc8f20ce2d1a907d2968a07693ea31eFiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.
88134155e61bdad17b0695015d75b1a5facc81ef1cec5a352d986ba9cfb5b831Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, and open redirection vulnerabilities.
f4fd9696fbbf3cb4bb30f39d3adbbe123d467ec115259459a177a9cf9bd7f1e9The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.
37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603ccThe CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.
1d88ce5b1e015850cee7a266039f0317d57a1d11a0b2b10402aefdd630149ba1Microsec e-Szigno and Netlock Mokka computer applications suffer from a e-akta signature verification weakness. Microsec e-Szigno version older than 3.2.7.12 and Netlock Mokka versions older than 2.7.8.1204 are affected.
7c9175ecb67d017613e97ac84c7dc3741a8dc378d1f6b845cd5bdd140f7d842bSecure Remote Services (ESRS) Virtual Edition (VE) versions 3.02, 3.03, and 3.04 do not properly validate certificates. Malicious users could potentially exploit this vulnerability to spoof trusted entities by using man-in-the-middle attacks. Session cookie used by ESRS VE is generated using insufficient random values. Malicious users could potentially exploit this vulnerability to gain unauthorized access to authenticated ESRS interfaces.
b38444a20c64e620d0b349751fad79209790fecff7eef46ff991d95560c7f125Debian Linux Security Advisory 3296-1 - Evgeny Sidorov discovered that libcrypto++, a general purpose C++ cryptographic library, did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key.
4707bd24eba3fb745274e22475d0cd9ef7b5c266fc91bff5bcd81208fc794025HP Security Bulletin HPSBPI03360 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
0546341f2b42c53e897fdb598ca96db659cb38ad0fe2f87fc2fc3ac058009557HP Security Bulletin HPSBPI03107 1 - A potential security vulnerability has been identified with certain HP LaserJet Printers and MFPs, certain HP OfficeJet Printers and MFPs, and certain HP JetDirect Networking cards using OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
1eaf6201cf39811c6307c3830ebe77600364691f38ef3a3e6739b079b37a8f34HP Security Bulletin HPSBGN03362 1 - A potential security vulnerability has been identified with HP Discovery and Dependency Mapping Inventory (DDMI). This is the TLS vulnerability in U.S. export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
0a328b352df12a13de155069805b9c3849fd9539fffe07ce0faac4caa906a9cfHP Security Bulletin HPSBMU03267 3 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
7ff5a108a31a43337d5de95d2e79246d6a7bcf81a0b5f4f464ee9d4de1c45e58HP Security Bulletin HPSBUX03359 1 - A potential security vulnerability has been identified with the HP-UX pppoec utility. The vulnerability could be exploited in allowing a local user to elevate their privilege. Revision 1 of this advisory.
3bac40e3ac6cc630596a3687c3baac11a6f456c40c1edb26a503bcf36d021878HP Security Bulletin HPSBGN03351 1 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL. This is the TLS vulnerability known as "Logjam", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
46ca0e4ca7326b1e4d61eab6973ba780752a3ad6ca99d1c36f9123c65ac14560Two exploits for Huawei Home Gateway versions HG530 and HG520b that allow for password disclosure and password change.
34153720563cde72b885eab1bf23d3c0496dfd344433d5815451d5624f2154ecThe CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.
6367d80f85ed6df597af815bf79b0b9c35711023632a3e93c0eae53e289e7171C2Box version 4.0.0 r19171 suffers from a cross site request forgery vulnerability.
3260a9f8f243512939cde597aee57f84fbc49ba76f322ad99d963ca8720153ccPivotX version 2.3.10 suffers from session fixation, code execution, and cross site scripting vulnerabilities.
46674e4415ac3578e9c37660f047a58b4394e048c244adbc09b59b34d6626102TRENDnet TEW-818RDU versions 1 ("ac1900") and 2 ("ac3200") PIN disclosure exploit.
009d8d367598cb87819d868de644c6b1b9cfadd95a5147b5bc510f5a951e0427This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.
a2184f47ed1174e50ad69f7fd1808a0bfb8843fb0450d0e5bd5891aa520131cdBy combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. Versions prior to 8.4 are affected.
1d5b03ba6b9a7b0e1ff5623237c28661b4f890d43709aa901df21c57464f2cf6EMC Unisphere for VMAX version 8.0.3.4 contains a fix for a remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 8.0.0, 8.0.1, and 8.0.2 are affected.
dd26bb1f3f1a79a0085a4c0fc0d186a5ec9968c910963ab1d6a7e4b98b20715eKoha ILS suffers from cross site request forgery, cross site scripting, remote SQL injection, and path traversal vulnerabilities. Versions 3.20.x less than or equal to 3.20.1, 3.18.x less than or equal to 3.18.8, and 3.16.x less than or equal to 3.16.12 are affected.
db2ddcd34b4c592559253b1b3c6f3e7e83b307e30c13455c3c11e7c181ea9384
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed