Secunia Research has discovered two vulnerabilities in RealNetworks Helix Server, which can be exploited by malicious people to cause a denial of service. RealNetworks Helix Server version 14.2.0.212 is affected.
5b1e1fa0cc0eed87f6da68ffae687141005db917dec8e254c0a6d683331a14a7Red Hat Security Advisory 2012-1090-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
39c19044934dc07eaf2ccda4a7067b0b643c2cc6a9cc89a40b7f6f5157c495f1Red Hat Security Advisory 2012-1091-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.
d72857c706afe58af56ef92496d0bf05c85429eac1b79962ede93b64b9d8c56aThis Metasploit module exploits a stack buffer overflow in ALLMediaServer 0.8. The vulnerability is caused due to a boundary error within the handling of HTTP request. While the exploit supports DEP bypass via ROP, on Windows 7 the stack pivoting isn't reliable across virtual (VMWare, VirtualBox) and physical environments. Because of this the module isn't using DEP bypass on the Windows 7 SP1 target, where by default DEP is OptIn and AllMediaServer won't run with DEP.
cd224eb091bd83cac2f6867238fdeea0e253250295ed9b0257c0173e71de0311Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
1701fc58dc21a0ecb6c45f4836abb5e380f5e8214af1f3d389ec0e35ee46a019Secunia Security Advisory - A vulnerability has been discovered in ALLMediaServer, which can be exploited by malicious people to compromise a vulnerable system.
2d15928ca02a9e147baeb55fdf36818b8905cedb789ecfdf98da1ca1e2e82734Cura is a mobile phone application bundle of remote systems administration tools. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats will offer general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security feature will be implemented that allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing (e.g. send an SMS message containing "phone has been stolen!" to your Android phone to wipe Cura's database, and receive the location of the compromised phone as an SMS to your emergency phone number or as an email to your emergency email address).
79fd0da76674b5e455a947a43496357a83abbd086c7bf141c80764ec54afd32cDebian Linux Security Advisory 2510-1 - John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks.
7a307ddf24090eefa041b944a0af6e44012d5cbdc1073972a4d8197542e67756Debian Linux Security Advisory 2512-1 - Marcus Meissner discovered that the web server included in Mono performed insufficient sanitizing of requests, resulting in cross-site scripting.
dd9f44430c3792f55cfd3b79094cd29f9db03840ccee1c6521b22f3081775a29Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.
93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584Ubuntu Security Notice 1506-1 - It was discovered that Puppet incorrectly handled certain HTTP GET requests. An attacker could use this flaw with a valid client certificate to retrieve arbitrary files from the Puppet master. It was discovered that Puppet incorrectly handled Delete requests. If a Puppet master were reconfigured to allow the "Delete" method, an attacker on an authenticated host could use this flaw to delete arbitrary files from the Puppet server, leading to a denial of service. Various other issues were also addressed.
2db822b8deddc568488cbb2592bc0d946bcd94f89af0b800dc6692643cf7a671Secunia Security Advisory - Two vulnerabilities have been reported in Cisco TelePresence Recording Server, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
b46cf5c8f2812c023d66e4edc54e57823710c5c81841179cd9cb5bbbee62c056Secunia Security Advisory - A vulnerability has been reported in Cisco TelePresence Recording Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
00c2ddf4bb6bc8b3f946ac76d0f85d7ad7918734cca82fce2af29634f9f4a978Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash. Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported. There are no workarounds that mitigate these vulnerabilities. Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.
d697966c2bf18aa4e5c2c7875970e0cc5906ca0fdb9589c54e691f940c9898edUbuntu Security Notice 1502-1 - Ken Mixter discovered a format string vulnerability in the LogVHdrMessageVerb function in xorg-server when handling input device names. This could allow a local attacker to cause a denial of service or possibly execute arbitrary code. The default compiler options for the affected release should reduce the vulnerability to a denial of service.
243a8325cf6cb68a4b306b912c804202fe4dda9c207c1b4d5321c2ec7f9d93e5Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
9e3d29cc126a1609f93c89cc4b178fb01f091d989e2b8cec117b79eadf7b611cGentoo Linux Security Advisory 201207-4 - A format string vulnerability in X.Org X Server may allow local privilege escalation or Denial of Service. Versions less than 1.11.4-r1 are affected.
b0d1eee9c53822368b3a146abd6fb5bcb3d98cb36cb607389e11d483eebd4395Secunia Security Advisory - A vulnerability has been reported in Microsoft InfoPath and Microsoft Groove Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
da678d9ad5eaeab18f01e6f9424434b7525996c4b3917255e3c2b7f18829c741Red Hat Security Advisory 2012-1060-01 - Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. A command injection flaw was found in Cobbler's power management XML-RPC method. A remote, authenticated user who is permitted to perform Cobbler configuration changes via the Cobbler XML-RPC API, could use this flaw to execute arbitrary code with root privileges on the Red Hat Network Satellite server. Note: Red Hat Network Satellite uses a special user account to configure Cobbler. By default, only this account is permitted to perform Cobbler configuration changes, and the credentials for the account are only accessible to the Satellite host's administrator. As such, this issue only affected environments where the administrator allowed other users to make Cobbler configuration changes.
a117798edbaaae98d35e372b2a965c0e26a3e98bfd81b95555118ca270a44f0bUbuntu Security Notice 1499-1 - A flaw was discovered in the Linux kernel's NFSv4 (Network file system) handling of ACLs (access control lists). A remote NFS server (attacker) could cause a denial of service (OOPS).
ef05151a339827bd665036be138d551449abec4cd1acf946dbcc634acafed160This Metasploit module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default 'admin' password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The 'check' command can be used to determine if the C&C target is using the default 'admin' password. Hopefully an exploit try won't crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the bruteforce target is selected, a random header will be sent in case the default for the password 'admin' doesn't work. Bruteforce will stop after 5 tries or a session obtained.
a5fb5f9fb5256f9b9ed0a73d71160bd6699b2d23e1947554a86a9c745e5bff43This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.
04e6daabf6b6a5dba1b8fa576bc4f910b4df1c7b90652847142a832796744523Red Hat Security Advisory 2012-1057-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
5cfe82490f9e0d9ea42e665a6f4f6f6991026f15dc3ddf2d39550a062b1c56c5Red Hat Security Advisory 2012-1059-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
e3a2bf9a1dc1efec91da14d3163b81d65b43040761d051feb37bae44cdf25454Red Hat Security Advisory 2012-1056-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
6557059760455431acac8d483403f3918f56868f81fd392dee90b7d5ddc1473cRed Hat Security Advisory 2012-1058-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
05f9c0682e27949bf1f2becff450f31daba1cdb97b54e04910f8671124a8f236
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed