BUILD.gz
463f39e3f18a5e15dd901b2bc6640df57a3280bd5b65405c720f1b155b8fb345haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
6950672e88376f5de7976d0ac9e479c6a3ecdb8d2d214887347eb24f367d5d8eDebian Linux Security Advisory 2523-1 - It was discovered that the GridFTP component from the Globus Toolkit, a toolkit used for building Grid systems and applications performed insufficient validation of a name lookup, which could lead to privilege escalation.
b6337585790cbaa70a41e8a15f2ad98e6536faf0969ee375b41118d80a7b921eDebian Linux Security Advisory 2519-2 - It was discovered that the recent update for isc-dhcp, did not contain the patched code included in the source package. Due to quirk in the build system those patches were deapplied during the build process.
56cde2d842365388e86b4e3822e43e10f8a15d275662e2a0613a84e1fe731f1ctormux.rb is a single file, zero dependency ruby tor controller for reverse multiplexing outgoing connections between tor exit nodes. By default tor only builds a single circuit, and all your traffic will travel out of a single exit node until the circuit is destroyed and a new circuit is created. but tormux.rb will build and maintain one circuit for each of the number of exit nodes you specify, and round robin your outgoing tor connections between them automatically.
527f59cc6a812254ef01ef67daeaf6d9554561605fa74a844bc39f29447d4419Red Hat Security Advisory 2012-1057-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
5cfe82490f9e0d9ea42e665a6f4f6f6991026f15dc3ddf2d39550a062b1c56c5Red Hat Security Advisory 2012-1059-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
e3a2bf9a1dc1efec91da14d3163b81d65b43040761d051feb37bae44cdf25454Red Hat Security Advisory 2012-1056-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
6557059760455431acac8d483403f3918f56868f81fd392dee90b7d5ddc1473cRed Hat Security Advisory 2012-1058-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
05f9c0682e27949bf1f2becff450f31daba1cdb97b54e04910f8671124a8f236SpecView versions 2.5 build 853 and below suffer from a remote directory traversal vulnerability.
37c481c86f91ff979c1f2a14452d4bc1fc45aaf6d60f55ae0b180aa752d19d99LimeSurvey version 1.92+ Build 120620 suffers from remote file inclusion and traversal vulnerabilities.
43b9b487eafdbab47658da07aab4f8a2286ff8e53d69af4f8c40cae632fc2132QNAP Turbo NAS with firmware versions 3.6.1 Build 0302T and below suffer from a command injection vulnerability that allows for remote code execution.
bcec74851c024f2e1466935f495fd1687810e39d50b44f12aa001bc14964e143F5 BIG-IP suffers from a remote root authentication bypass vulnerability. Version 11.1.0 build 1943.0 is affected.
c47245f9200c1bf4bbb5365534f451ad55a2d52e535a8693e694ffc822fc7c9fUbuntu Security Notice 1467-1 - It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10 have been updated to MySQL 5.1.63. A patch to fix the issue was backported to the version of MySQL in Ubuntu 8.04 LTS. Various other issues were also addressed.
52928dd0c621971574807252ccbdfb1af768836701965a6ed9bfbf0a6c13a411Secunia Research has discovered two vulnerabilities in Network Instruments Observer, which can be exploited by malicious people to compromise a vulnerable system. A boundary error in the "CSnmp::DecodePacket()" method (NISNMP.DLL) when processing the community string can be exploited to cause a heap-based buffer overflow via a specially crafted SNMP datagram. An error in the "CSnmp::DecodePacket()" method (NISNMP.DLL) when processing an Object Identifier (OID) can be exploited to cause a heap-based buffer overflow via a specially crafted Trap PDU (0xA4) SNMP datagram sent to UDP port 162. Successful exploitation of the vulnerabilities allows execution of arbitrary code, but may require the attacker to enumerate or guess the SNMP port. Observer version 15.1 Build 0007.0000 is affected.
47406405f7fbbaf3904168e2444043931477814738fb138699f2f1cd927dab1dSecunia Research has discovered a vulnerability in Network Instruments Observer, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "CSnmp::ASN1_ReadObjIDValue()" method (NISNMP.DLL) when processing an Object Identifier (OID) within a variable binding list. This can be exploited to cause a limited stack-based buffer overflow and cause a crash only via e.g. a specially crafted SetRequest SNMP datagram. Observer version 15.1 Build 0007.0000 is affected.
4b19996f632b90588e6f9fdda2fe95919af4b0bd7fa7dcf8b09165f3ad0b36c0GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
0f7aa283f53e083e4e38b0c05e41083ee07953e3f7c831ffaab56f4f1a99d6d4Webex Eshop Builder suffers from a remote SQL injection vulnerability.
53807b7190bca361ba569db5d63095ff3c4050f49921ae4d601370de5b411cd3Secunia Security Advisory - Some vulnerabilities have been reported in the Profile Builder plugin for WordPress, where some have unknown impacts and another can be exploited by malicious people to bypass certain security restrictions.
93d9b9e7f04728d9d1f2ea4c4562061f7cc55dae673d408c5032d7e71d6f791fThis Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user.
009165bbb7f39c130705ca1779b5bf21f2c3fd6f324d13329ecce60c590e0dccMultimedia Builder version 4.9.8 denial of service exploit that creates a malicious .mef file.
63a67975d994e1f50ae5d8977e3410cb4b3b122a865bbea9840fb034cf5d4fb0Debian Linux Security Advisory 2467-1 - It was discovered that Mahara, the portfolio, weblog, and resume builder, had an insecure default with regards to SAML-based authentication used with more than one SAML identity provider. Someone with control over one IdP could impersonate users from other IdP's.
5dee642e0bd8295239c7653b2351ced32900bd0db2c2ba222a7b00678aca31fdCore Security Technologies Advisory - SAP Netweaver is a technology platform for building and integrating SAP business applications. Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated, remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Diag packets to remote TCP port 32NN (being NN the SAP system number) of a host running the "Dispatcher" service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.
84108ccf75a417b942e0291cf7c3798ea4c264ddce271305c260f4c3931d47e5Mobipocket Reader version 6.2 build 608 suffers from a buffer overflow vulnerability. Proof of concept included.
956ac848bb2710f1365550adfff0b8787d1dfb621595612c0d1b192087b80cb7PSFTP version 1.8 build 921 suffers from a NULL pointer denial of service vulnerability.
6cedf29fc659f2cd0c64391437f038105fadb2a16b9f4d6f8e7ae6eccd68b0daSecurity-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.
483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed