The Network Driver Interface Specification (NDIS) provides a programming interface specification that facilitates from the network driver architecture perspective the communication between a protocol driver and the underlying network adapter. In Windows OS the so called "NDIS wrapper" (implemented in the Ndis.sys) provides a programming layer of communication between network protocols (TCP/IP) and all the underlying NDIS device drivers so that the implementation of high-level protocol components are independent of the network adapter itself. During vulnerability research from a local security perspective that was performed over several software firewall products designed for Windows XP and Windows Server 2003 (R2 included), an issue during the loading and initialization of one of the OS NDIS protocol drivers was identified; specifically the 'Remote Access and Routing Driver' called wanarp.sys. This issue can be exploited through various NDIS 5.x filter intermediate drivers that provide the firewall functionality of several security related products. The resulting impact is vertical privilege escalation which allows a local attacker to execute code with kernel privileges from any account type, thus completely compromising the affected host.
730dfd4333f38eeac096e605cfc535fc646d5e90e3533d3a53e73d4707bb7d53Apache CloudStack provides an API for managing network, compute, storage, and user aspects of a CloudStack cloud. Under certain circumstances, the results of certain API calls may expose the root password for a virtual machine related to an API call. Versions 4.4.4 and 4.5.1 are affected.
e1d9575a64a66d0b6de598436c6e55b6139760f94dc1d7be9d4fb1558d1c6e56ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
2ca23b7e97c2fd21522510a597e6f8263fa3958d2ab155014a37a1855290c23fApache CloudStack sets a VNC password unique to each KVM virtual machine under management. Upon migrating a VM from one host to another, the VNC password is no longer set in KVM on the new host. To leverage this issue, an attacker would need to have network access to a CloudStack host to be able to connect via VNC directly. Versions 4.4.4 and 4.5.1 are affected.
444ee4e43b5662436349058a9ae9bf309899af372366f8897acde09d71e4fb06Asterisk Project Security Advisory - If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied.
d61d75b2607cad2c038cf03c5bb97339a5ed2401ece282ee0a7010c19c84efbfAsterisk Project Security Advisory - Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors.
c3a9d55b8722a6698270f1449a33fc8ad65f440df0576b6607a8cd998bdbc47eWordPress User Meta Manager plugin version 3.4.6 suffers from a remote blind SQL injection vulnerability.
8f22b579767e7a3c6479eb7f920d37197735a234ed6858e1aef469d691d117ebAsterisk Project Security Advisory - The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.
6c3e6ff53bbb942a49afc289970e7d998f9f519da49bdeaeadd6a6a039422b8eWordPress User Meta Manager plugin version 3.4.6 suffers from a privilege escalation vulnerability.
d088fb5cdcd30b60d6377e4125eb8d19e1450da48f358d4e2d26ff4678029417WordPress Instagram 1.1.0 suffers from a cross site scripting vulnerability.
b415a90ab2064dc918dbe4d97abaea9e9a91595f762c6ff138e61c114a50ae71osTicket version 1.9.12 suffers from authentication bypass, session fixation, file upload, and cross site scripting vulnerabilities.
4a19a2aa2c84b0fa5c0f2520b95e243cb8d22dc866f5c95fa4f4089635a66cbcNetgear RP614v3 suffers from an authentication bypass vulnerability.
8c216bb24afc3b481ba1388136665141d8f4161277f40e4c5de2e136025c1b64WordPress Clikstats plugin version 0.8 suffers from an open redirection vulnerability.
50ece61433282f067c9fdf3c6b88ab930e1b11b73b3cd1238aef0671409e835dWordPress Newsletter Pro plugin version 2.5.3.3 suffers from an open redirection vulnerability.
deea572ceba2f0ca6d74816c4848cee0e83729376ed6465667fcb6756891b2faIBM Security Website suffers from a cross site scripting vulnerability.
846d370ff13e8398291aa05fee5121ddefbf1cda285f7149ac3bc961505df56aFTPShell Client version 5.24 suffers from a local buffer overflow vulnerability.
39f0901fa8ec8cf5b431f7fc42d467c020a8c21351dae0d31f759fe3938ea531Apple iOS versions 9.1, 9.2, and 9.2.1 suffer from a pass code bypass vulnerability.
8de8b247155e4f185a6b01a539275a9f97a7f55492fd7fe8262ceba8fa6c9159ASP Forums version 2.1 suffers from a database disclosure vulnerability.
2a82cea0a7e0fc3cdf08bd773189c08f0aff6348e891a9283f84cac52de4e6d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed