OpenSSH versions 6.9p1 and below suffer from PAM related authentication bypass and use-after-free vulnerabilities.
0b9cdda83d2bd4462b9476721a79b253f4d0d5a4f1b85d7710195b4178d9abf5Nuance PowerPDF Advanced versions 1.0 and 1.1 suffer from an information disclosure vulnerability.
32e60a7a665f63f5018e7bea7b6a8f04ecd74ba53b1ec17c76463ca172eccecbEnorth Webpublisher CMS suffers from a remote SQL injection vulnerability.
18b99ead49cf2dd38ed9035af6ff6d5529b903c3e39212d677a5563dff7564afApple Security Advisory 2015-08-13-4 - OS X Server v4.1.5 is now available and addresses a BIND related denial of service vulnerability.
f5e6c2b5a0d5ca19d92a278a308911b7cb4cc61a13ba12f4a9b43825f1a463cfApple Security Advisory 2015-08-13-3 - iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffic, symlinks, and more.
020b218144f569aac2a2448bd8543614a7004d2d836ed7be26e0c593885fa013Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.
1ccd5f307af57152abb6e4f0da773ca4420fb7a6e98f26301366a9071ecc9a33Apple Security Advisory 2015-08-13-1 - Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and addresses interface spoofing, arbitrary code execution, and various other vulnerabilities.
ab0c7f983b7a654a6e7db63ba8b269958d0ff263749d2d7fc8d99aa9e54c2f69Red Hat Security Advisory 2015-1623-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.
5ef5d82f69f0401aa31f4480c0b409a04a5387976f07fa3d12a2cceac9680062Red Hat Security Advisory 2015-1622-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
13aec45125ba2969c607d511dc60176807f4dd755f549de21a54c10c4a03756cRed Hat Security Advisory 2015-1621-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
425d743b5848d796f3e0f97ec11e567d3afb6a59c35e2b4055b74bc5e70515d9HP Security Bulletin HPSBGN03393 1 - A potential security vulnerability has been identified with HP Operations Manager i (OMi) running on Linux and Windows. The vulnerability could be exploited remotely to execute code. Revision 1 of this advisory.
77a0bf2a511a284d6399078525e55a6a675b7856f696f50a143040f6fa11d320HP Security Bulletin HPSBGN03386 1 - A potential security vulnerability has been identified with HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, and Subscription Fraud Prevention. The vulnerabilities could be exploited remotely and locally to allow disclosure of information. Revision 1 of this advisory.
5a4a9a2009d936cdd38753013d1c2d591b9e5f8d3f13510280a67f6ea9d9cd33Debian Linux Security Advisory 3335-1 - It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user an group rights management pages and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability.
6e9926b493336d8bee6b7e579a83db71404a0e76c5618b9e5bff4b192b615473SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is cross site scripting.
ee31bc13be4242371858e63b399fe7e6e376803421f553b15b566f75b404d801Cisco Unified Communications Manager versions prior to 11.0.1, 10.5.2, and 9.2 suffer from multiple command execution vulnerabilities.
2657de5609ab33edc3daabf9e0594e967f1578315006fc819d72a4d7f3cd226dAlthough they have provided an image with it disabled on start up, TOTOLink routers still have a backdoor built into them.
5fd5e8b16e2f7e7dac5fbbe2efbd48e9af98651b4c03e89f5ba73804906d26a2Zend Framework versions 2.4.2 and below and 1.12.13 and below suffer from an XML external entity injection vulnerability.
cccb5dc964df6b506118b1a8ca7240bbdddcf7b3aded48bd2c1c454e40f791daWireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
c74a1c14e72ce0f198a93d832e71742c7f312cbbe719e5def9ecef176860f92cNetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.
71194041caeb82b2bbf2bc446591b6e7368e1698f6dc76a00b1bd13f9599715bThis is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
fd5932493a19f4c81153d812ee4e042b49bbd3b759ab3d9344abecc2bc1485e5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed