Ubuntu Security Notice 2816-1 - Ryan Butterfield discovered that Django incorrectly handled the date template filter. A remote attacker could possibly use this issue to obtain secrets from application settings.
da595e8eace605909d52fec9182fe2ce928c8f4eeb05c274314802dfc91845e8Ubuntu Security Notice 2817-1 - It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the .appletTrustSettings configuration file and bypass user approval. Andrea Palazzo discovered that IcedTea Web incorrectly determined the origin of unsigned applets. A remote attacker could possibly use this issue to bypass user approval, or to trick the user into approving applet execution. Various other issues were also addressed.
0c95df3ba385830931e81928cf6357437d5124af42b0969aee880229cde673d0SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability.
eefc985f29a3508ca13dea522b15ac3c29c4c59a97887c2cc3fc596ee310c5aaDebian Linux Security Advisory 3402-1 - Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications.
ff3dbe67d87758463ba6a81b35d259e61d5c04ec87f0c71acbd9647d9057be87Red Hat Security Advisory 2015-2514-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on JBoss Application Server. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
75335dd065056ea1cef0c6b958cc10c427ec1190557c5bc7f6542783c250cd63KNX management software ETS version 4.1.5 build 3246 suffers from a buffer overflow vulnerability that allows for remote code execution.
26fb1ecb52a068327a64aefb6a20a38aa566c00c1c8b2378b3520c7110cdc0a6Neos CMS version 2.0.3 suffers from cross site scripting and remote shell upload vulnerabilities.
32f565a1e4aa0ba4f3cc4e6ff2e96c53df2ff5dc3c7b30ec6666056d0a5ec619The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue, however it will crash due to a bad pool header without special pool as well.
3403491c7fbf36174b15a563987a49c4a34c9dfe661dfceec3ca982b901368adThe 3D Vision service nvSCPAPISvr.exe installed as part of typical driver installations runs at Local System and has an insecure named pipe server. One of the commands in the server can be used to set an Explorer Run key for the system which would allow a user to get code executing in the session of any other user who logs on to the same machine leading to elevation of privilege. In Windows Domain environments it would also be possible to exploit the vulnerability between machines if the attacker has access to a valid user account on one domain joined machine.
05dc63568af8d130fdd2c6b9e0a909e6ec48e67727f943ffc38e725c2e25e0c2The attached poc crashes 32-bit Windows 7 with a screen resolution of 1024x768 and 32bit color depth. The crash occurs during a memmove operation while copying the cursor content from unmapped memory. This could potentially be used by an attacker to leak kernel memory. When reproducing this issue in VMWare, it is necessary to remove VMWare tools. In QEMU the issue reproduces reliably.
4a4737c7da3e9d60d2829fc4216a2923ae3dd4946af77f8b03906129aa0fc6baThe attached testcase crashes Window 7 32-bit with Special Pool enabled on win32k.sys due to a use-after-free condition. The bug appears to be a race condition between two threads and multiple runs on the PoC might be required to trigger the bug. This is more reliable on systems with multiple cores.
98cd61cfa57d50f4a3e3d1dc2c080a9c2743333c59a9c028d17d2c5241c7bd9aThe Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.
9c9d7819c17ae0f14fbcf5250fe9bc87ec36941d7e0e1a71bc9c128bc94d7ef8The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.
f9138be83b6665e583fb9a0c2edbf82da6a8ba0567aba68654dad7c01ffa36d5MODX Login Extra versions prior to 1.9.1 suffer from a cross site scripting vulnerability.
8866751a93597637a538bf0220137db267a389e38a5051f40a3903cc78ebdc36RXTEC RXAdmin login page from UPDATE 06 / 2012 suffers from a remote SQL injection vulnerability.
940590a69e2048c5513b7eb24f981f9183f5c6fa25601b46fcf091c4812f94f5Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges.
8f7f179c0390f32c61f7e5d9ef5dff39e836b126a057fbd52f32854d89498f84Huawei HG253s V2 suffers from a remote information disclosure vulnerability.
2e2018d16f6a7f8cddf71c09432c4a1048d6e439aa44ce1118910a868470d54cDimofinf version 3.0.0 cookie SQL injection exploit.
ae127634dd77d4b81b85ee2ddebae17c44d195b88e620121ef01740d5ac84f53Red Hat Security Advisory 2015-2512-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A feature in Ceph Object Gateway allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service.
5bba935c88e61a982529ecb4d0825c43268b216c262550f6c407bc0e20298d16Red Hat Security Advisory 2015-2066-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. A feature in Ceph Object Gateway allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service.
4c2c2ec31725478916e6a5361f37441d8c1fb0d51c13871c6ec90c61565d5100A privilege escalation vulnerability has been identified in that the Steam Microsoft Windows client software is installed with weak default permissions. These permissions grant read and write access to the Windows Users group for the install folder. This includes Steam.exe which is launched upon user login. Version 2.10.91.91 is confirmed vulnerable.
66f1b7811fa2e915d358da3af9007cb2b0c58c1031bb2b909b5fc2f1e8067197SAP Mobile Platform version 2.3 suffers from an XML external entity injection vulnerability.
763ac979871c176d5a9e6b1f185a1e6109b4d7b5f4517066de0a8a2a92f8f153SAP Afaria version 7 suffers from a stored cross site scripting vulnerability.
2082d9ff424b99cbc2ae9d7bfcce7559468dcb8de5806eb40ae0272bfc163ca1SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability.
b5a92464ff47c770ab76479c835e0239d3e5db4770ef988ae3b50741e8e7356cCeloxis versions 9.5 and below suffer from a cross site scripting vulnerability.
0ce327191126fee2975846ae4df13c4f34768a717772e1666d36b2e5d8b59286
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed