Aethra SV2242E suffers from an XML external entity injection vulnerability.
f6e1dff459b1b34ead7aedcf8cec0f90b77dec9084aca725feca07e6529faf74Red Hat Security Advisory 2015-2545-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.
23126030912ce13e6f67046b218273250d65f3f2a03ab3411e6465eed00201ecRed Hat Security Advisory 2015-2544-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. It was found that OpenShift's API back end did not verify requests for pod log locations, allowing a pod on a Node to request logs for any other pod on that Node. A remote attacker could use this flaw to view sensitive information via pod logs that they would normally not have access to. This issue was discovered by Jordan Liggitt of Red Hat Atomic OpenShift.
e79355bab9122208743e19448a24c138d26a43a46d9ca55a2e5cfa71b1f163ccWordPress Cool Video Gallery plugin version 1.9 suffers from a remote command injection vulnerability.
5527218243efe625a95dd6c7587560dc325ce8d0f1365babde77ebbdb4973007ASUS RT-N15U suffers from code execution, cross site request forgery, cross site scripting, and open redirection vulnerabilities.
d1c82b8071267c44391fdf0d71b71f396d5966f96c2c97a35a8df881891b8b83OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
eee11def03647aa2267434a779608af6fca645023c9a194ddb82f14426835537EMC NetWorker contains a denial of service vulnerability that is caused by incorrect handling of malformed messages. A malicious user can construct and use malformed messages as a part of RPC authentication attempt, which can result in denial of service from critical NetWorker processes. Versions affected include 8.0.4.5 or later, 8.1.3.6 or later, 8.2.2.2 or later, and 9.0 Build 407 or higher.
e416ce7e1365e16866816655a3c3841b004255565655e81e70ea4de11479f625Banner Student suffers from cross site scripting, information disclosure, user enumeration, and open redirect vulnerabilities. Versions affected range through 8.5.1.2 to 8.7.
ac1224d3a2c05dfbbfdcac9ff7ec8f63d106fdc3c9fd7d2a3d28f25b3baf9aacUbuntu Security Notice 2827-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
684b357b80cf1aa524a066dc53487410bde75791d42a81c81b9e182ca7edea65Slackware Security Advisory - New libpng packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
b00153fe943a9ec2ec32ab0fb50b52c57aae3585e8201e2d9960cfe0a2ae70dbUbuntu Security Notice 2826-1 - It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.
a46cac37588ee91b5f88a74d036718a72a40eb593bde4fc8fd7dd5be31746a37Debian Linux Security Advisory 3411-1 - Michal Kowalczyk discovered that missing input sanitizing in the foomatic-rip print filter might result in the execution of arbitrary commands.
115f5c398e30dbc11ada3adb77eb84a593571a1601061db9c9cf98ec628f5f80Ubuntu Security Notice 2828-1 - Jason Wang discovered that QEMU incorrectly handled the virtio-net device. A remote attacker could use this issue to cause guest network consumption, resulting in a denial of service. Qinghao Tang and Ling Liu discovered that QEMU incorrectly handled the pcnet driver when used in loopback mode. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.
fc0b08dbcf83bbc55bb54aad652eecb253d942b7951bfa2f15d8b8c01f810021Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
891b6026a26afcacd00ad70f3cb2d8ffbb65201f966259158bf104e9e617814fOpenSSL Security Advisory 20151203 - There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Other issues were also addressed.
47226417fb16c4f755233423cc8e871f0e4f6f54208d5c74b1e9fb97ec335763huutoporssi.fi, which is currently offline, suffers from cross site scripting, privilege escalation, information disclosure, and user data modification vulnerabilities.
5cfe8025663a2bfef9a365a6f6b6884916d199ece4fae1a80e9963fa8737b3adThe openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
41c266f4316546b227c5da447568ee64d856cb85a9104893038e66bc9b956d58This Metasploit module exploits a vulnerability found in Oracle BeeHive. The processEvaluation method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM.
0dd4b2592fada413038b4c9f336ee7ca63693bbb79a1842a8646d6ac30bff4dfMobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
e29a9ddd3c50a61497594dbfeb1263ace0bbd21f51b26e136d50480e96a396d4This Metasploit module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this vulnerability.
2ffb837bd56e22b7a4670bff61370cd18bac27e5c719ed050224b17709ad6f2eRed Hat Security Advisory 2015-2542-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
769753c23fa44883c0a1cb29228b56da67792c60690a326278743b344879bb60Red Hat Security Advisory 2015-2541-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
54ef7d2cacc1fca8cda27da2f49d2e75a9654c0ed2bd911f0f4b661e4ef15620Red Hat Security Advisory 2015-2540-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
303793d8561dccbe0bccc7c85fef2a6f2c76c530e82a96fb1bcfba7b1477990eRed Hat Security Advisory 2015-2539-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
cec179433c8b214af2aeadf23419255ffc44da58f98017b40827dbf4b84b6e92Red Hat Security Advisory 2015-2538-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
dc3af6c291832609148a6b54f87ef924bfcdea3e964652c58de6588a02d3ef4d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed