HP Security Bulletin HPSBHF03408 1 - Potential security vulnerabilities have been identified in certain HP notebook PCs with the HP lt4112 LTE/HSPA+ Gobi 4G Module. The vulnerabilities could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
76e51b6977b0aafef214808e12cfd4b8be86ce4f972770bb73775db04b3d9e03FENIX versions 0.92 and below suffer from a buffer overflow vulnerability.
6562b200ed6f0101fff5117229054f71cf3af90934e4ca91e22b9087a53116ecLinuxOptic CMS 2009 suffers from an authentication bypass vulnerability.
fb5510a4e8241f843f5f5647141f946a2f3127a5a149a226a545326bfffff821WordPress Private Only plugin version 3.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
dab9719c8bbda7fbb1bd873063f790d3b7aeb28984b3a0ff28b38002c26621b1Anchor CMS suffers from a PHP object injection vulnerability.
01360b0ef87b8be3a5a7368eac27d098cc885b14e087ad44e9eb0a5154ed8a8bBSIGN versions 0.4.5 and below suffer from a buffer overflow vulnerability.
96bc6b623e2246e2153eaae563245037e96717a2892cddb0b082e2b39ab7c6daDogma India dogmaindia CMS suffers from an authentication bypass vulnerability.
e83e7863e16b666b0fa577c942a5232b031229a84ba725a9bedf9a2cb44b6929The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.
221d3bbec1c5df5426bf707aa9ebcf83deb62a5dcff3e0f43a1161f218d916e7WordPress YouTube Embed plugin version 3.3.2 suffers from a stored cross site scripting vulnerability.
bd08d635da81f1250b0bd7b2decd8288c09061ca8182cdeb83b88b0b64cd4586HP Security Bulletin HPSBGN03411 1 - A potential security vulnerability has been identified in HP Operations Agent Virtual Appliance. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
639bf8507e1b5ad87717788379b46c94b04598136a31007b96374bcb323d0885HP Security Bulletin HPSBGN03405 1 - Potential security vulnerabilities have been identified in HP Integration Adaptor. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
0e6fc4e54f6c6314c75c0105e2ac65fd4c07dd8d8fb3eb8e90df6aa1a1f6a636HP Security Bulletin HPSBGN03399 1 - Potential security vulnerabilities have been identified in HP BSM Connector (BSMC). The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
84f3b874b3b98be0bf0823568c0e8846a56946be08587462ea7859e44fa6c5dfFreeBSD Security Advisory - If the kernel-mode IRET instruction generates an #SS or #NP exception, but the exception handler does not properly ensure that the right GS register base for kernel is reloaded, the userland GS segment may be used in the context of the kernel exception handler. By causing an IRET with #SS or #NP exceptions, a local attacker can cause the kernel to use an arbitrary GS base, which may allow escalated privileges or panic the system.
c96f042a2e1f79016cee3228dd1a6dccfd18fcba578117e9a03af878aee5caf1FreeBSD Security Advisory - A programming error in the privileged monitor process of the sshd(8) service may allow the username of an already-authenticated user to be overwritten by the unprivileged child process. A use-after-free error in the privileged monitor process of he sshd(8) service may be deterministically triggered by the actions of a compromised unprivileged child process. A use-after-free error in the session multiplexing code in the sshd(8) service may result in unintended termination of the connection.
3a8b1bfd85b5a339a84d61427764656f8de8bc6b1e993e98a5732638aac6f504nullcon is an annual security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place March 4th through the 5th, 2016.
4f1454e9bc2d8289b349a3fdce42d430af7f08c0ece80b991b18ed318038403eDebian Linux Security Advisory 3343-1 - James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier discovered that twig, a templating engine for PHP, did not correctly process its input. End users allowed to submit twig templates could use specially crafted code to trigger remote code execution, even in sandboxed templates.
805404034e4c9a24f3324b6ba48b3771bb4d719aa491044f98bc20c9f2e2ade3Ubuntu Security Notice 2722-1 - Gustavo Grieco discovered that GDK-PixBuf incorrectly handled scaling bitmap images. If a user or automated system were tricked into opening a BMP image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code.
53ace9ef917aebbafcf19dc56fa2c9f36bb86ae8fb4479b09de38565703eb1f6HP Security Bulletin HPSBGN03415 1 - Potential security vulnerabilities have been identified in HP Operations Agent Virtual Appliance. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
fe697ef6edf021eeaaa0c510a00b8027459e63c615ee0257cc4e7099c03d9fe1HP Security Bulletin HPSBGN03414 1 - Potential security vulnerabilities have been identified in HP Operations Agent. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
bf90a44cb60c6e9039856d3da552a22356d63ab04ce1ca47af70fce3e6b2b9e1ZSNES version 1.51 suffers from a buffer overflow vulnerability.
ac0bbeac824268291f65934827d6406fd927814abaffee462140a86382be50ecfwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
ed6f8cfbda6dc76a56a994465188b49419267492ebc6d5328e0947479bd2714bHP Security Bulletin HPSBMU03409 1 - Potential security vulnerabilities have been identified with HP Matrix Operating Environment. The vulnerabilities could be exploited remotely resulting in unauthorized modification, unauthorized access, or unauthorized disclosure of information. Revision 1 of this advisory.
ed1893104d8e7dcdd770c7c2dd6eea29fcb783bd67155f6d99ab3d07423260e5HP Security Bulletin HPSBGN03404 1 - A potential security vulnerability has been identified in HP Service Health Reporter. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. Revision 1 of this advisory.
81df34bec39d89b1c0a6979bd60403319676351b9237601064e3bfd18d74561fUbuntu Security Notice 2712-1 - Gary Kwong, Christian Holler, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Ronald Crane reported 3 security issues. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these, in combination with another security vulnerability, to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
674b2e26a251f35dbda3345884ca92e8bd282ae9ac9699767bce9224e7a9d691Red Hat Security Advisory 2015-1682-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird .
4c069329c01d5dd2b23d438ea15fb2cf2ddb55af9e97c1998eb05ee9cd900538
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed