Bitbot C2 Panel suffers from cross site scripting and remote SQL injection vulnerabilities in gate2.php.
9acd6e911b5c392e36f1f1742b3974de1315faa9855834c5051c0afe4c08ea43Gentoo Linux Security Advisory 201308-1 - Multiple vulnerabilities have been found in Putty, allowing attackers to compromise user system. Versions less than 0.63 are affected.
66310ff1fc5445e6b11309bdaf0d24fd6bab3446706a518e6854f32b73bdecdcDebian Linux Security Advisory 2739-1 - Two security issues (SQL injection and command line injection via SNMP settings) were found in Cacti, a web interface for graphing of monitoring systems.
4f76b681152227ee548d6e842eaa9300d16504ad370b4b15992496ea92e4272cRed Hat Security Advisory 2013-1171-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A denial of service flaw was found in the way HTCondor's policy definition evaluator processed certain policy definitions. If an administrator used an attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service user could use this flaw to cause condor_startd to exit by submitting a job that caused such a policy definition to be evaluated to either the ERROR or UNDEFINED states.
59bc8939e06de2e9d8397da6e6ee3236b2917b4a5fa9a54f240a7bd5db96a4a7Red Hat Security Advisory 2013-1172-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A denial of service flaw was found in the way HTCondor's policy definition evaluator processed certain policy definitions. If an administrator used an attribute defined on a job in a CONTINUE, KILL, PREEMPT, or SUSPEND condor_startd policy, a remote HTCondor service user could use this flaw to cause condor_startd to exit by submitting a job that caused such a policy definition to be evaluated to either the ERROR or UNDEFINED states.
0033d50c3ed1940df4b1a9b7577cc883eb9c2a3e9216baf092455746e541ef5bRed Hat Security Advisory 2013-1170-01 - MongoDB is a NoSQL database. PyMongo provides tools for working with MongoDB. A flaw was found in the run() function implementation in MongoDB. A database user permitted to send database queries to a MongoDB server could use this flaw to crash the server or, possibly, execute arbitrary code with the privileges of the mongodb user. A NULL pointer dereference flaw was found in PyMongo. An invalid DBRef record received from a MongoDB server could cause an application using PyMongo to crash.
774c26c772c453155510a81f629828067abba89f9124529d494aa46bbc077c37Mandriva Linux Security Advisory 2013-214 - Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname against the certificate's subjectAltName's dNSName general names.
bef1309c97ca6142e08e1d6ed64b7117003913520e969b3da85863a63dcb4168Samba malformed nttrans smb packet remote denial of service exploit.
7c05718e61505b529b4fc56fdb9fe34f5f090de5045c62a525a74a2d1108d2f6This Metasploit module exploits a mass assignment vulnerability in the create action of users controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator account. For this exploit to work, your account must have create_users permission (e.g., Manager role).
8aba4389b4b51efa17c66a8c2ddaabb0489ae3e020c3f31852637c4d80e383a3This is a brief paper detailing the Samba nttrans reply integer overflow vulnerability.
d225d3176b11780faefe076ec78e17e446d910e7a58fe9d59851b2b612d3da4eDeWeS web server version 0.4.2 suffers from a path traversal vulnerability.
4afc73f6c6a59ae86bda8007462935bdef406857a24bfcf735e6a96cd7d35629Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.
f7b4720b68387a85282ee51ecffe1c6bd87d4c236fb4fcacbe37fb52ae430b18WordPress ThinkIT plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
c90446a2eb9017cdbc5731fbf2064761282210ad9dd1d715bbee4864fc0cf357AlgoSec Firewall Analyzer version 6.4 suffers from a cross site scripting vulnerability.
9bcc2f40ac9e807f1a16248fc4024bf27aad4a0478dac50095192c75003afc86freeFTPd version 1.0.10 PASS command SEH buffer overflow exploit.
9074bf6f86b7de3c41e626bf72906b7cbd156074f91c6eb66bcbbe469169d303ALLMediaServer version 0.95 SEH overflow exploit written for Windows 7 German.
f54af71371112fc674b417f9ec24af93d58fb527474b125641029fc8ffe667fdThis Metasploit module exploits a remote code execution vulnerability in the pickle handling of the rendering code in the Graphite Web project between version 0.9.5 and 0.9.10 (both included).
0f555feb3d15fc98268fab4b33a7b53a4faf6aafadda34aaaa8c5586821e65a8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed