This is a statically compiled version of Busybox that contains multiple built-in utilities including the ash shell. It was created with forensics use cases in mind.
ad78938a532173ac62ba2999a6361d901885ce4ddbd6a37f3f768f2cc722abb0Spring MVC suffers from a cross site scripting vulnerability. When a programmer does not specify the action on the Spring form, Spring automatically populates the action field with the requested uri. An attacker can use this to inject malicious content into the form. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.
5eb5caff637b21acb3508f02276c5259beb463317ea4a478aa07494344d9cac9Vtiger CRM versions 5.4.0, 6.0 RC, and 6.0.0 GA suffer from a local file inclusion vulnerability.
68bb2b327d28dcaab7ff85b53bd244a5fe0efd7356cb8bd9d362854e3ea37f26Procentia IntelliPen version 1.1.12.1520 suffers from a remote SQL injection vulnerability.
d237b665954a8280a24d83ef911164191cc03a3ddd5ab615424806c3e0e8827aDrupal Webform Template third party module version 7.x suffers from an access bypass vulnerability.
991b254f50145a2194cdc21de75fc10e6fb2bf1160c173eecc5c4684b19a0e45The ActiveDirectoryLdapAuthenticator does not check the password length in Spring Security. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. Spring Security versions 3.2.0 through 3.2.1 and 3.1.0 through 3.1.5 are affected.
a6f710e75878a79eb3c98eb2f5253ae95ffd7b23d3f70f0cc3988a5e59e0213eProxmox Mail Gateway version 3.1 suffers from multiple cross site scripting vulnerabilities.
b5cdd7514d6723e88c9cfec4dc8e23e32547ae75076b1244b7f8b68d4c4efd15Arabic Prawn Ruby gem version 0.0.1 suffers from a remote command injection vulnerability.
c5f02d425c1722103bd1066865763a5f030b1a9c066ab94408f02e058557d56bGNUpanel version 0.3.5_R4 suffers from cross site request forgery and cross site scripting vulnerabilities.
ef7d1104b64f8ef1d918d4be53d8efea3fe7f3d2335cf23809f1a354967fbc99Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and that processing is now disabled by default. Versions 3.0.0 through 3.2.8 and 4.0.0 through 4.0.1 are affected.
99a8ad7c850c897b9d19d09b3e771b91512dc689e5f940a3f5f0bfee478e8189Open Classifieds version 2-2.1.2 suffers from a cross site scripting vulnerability.
4dc1de714413c133bd1b7430360726a9540c43f5db23325bd1f8997da9f5bff1VMware Security Advisory 2014-0002 - VMware has updated vSphere third party libraries.
f68785a86cf03bdcb6949e31e03b46c73a1eada57e4d11d2ee15b03dcb905f3fUbuntu Security Notice 2145-1 - Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers. This could allow an attacker to possibly obtain information about the state of the PRNG and perform cryptographic attacks.
95ffe26d0a11f3ae9be74f1583d0260e5c4fc05fe38a93d7c1bc3a7d8e7d3e3aDebian Linux Security Advisory 2873-1 - Several vulnerabilities have been found in file, a file type classification tool.
c2bf451d0b46c8fcb229f218a01ef4754b2b29f78fd5d1334ba90adc167e6302Ubuntu Security Notice 2143-1 - Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. This issue only affected Ubuntu 13.10. Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Various other issues were also addressed.
0fcaac0c7d5e406a33a77a223f1bc02a072b433a7ee654d7d276ca3f7f2d276aUbuntu Security Notice 2144-1 - Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package incorrectly handled memory. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package did not restrict driver directories. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Various other issues were also addressed.
1ba295385400a0e23f182c93b3934e2160b4ad0c56f428f457e3f4064d898b72Red Hat Security Advisory 2014-0289-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-08, listed in the References section. A vulnerability was reported that could be used to bypass the same origin policy. A vulnerability was reported that could be used to read the contents of the clipboard.
9a925a1b92a21562dc22ed56324bc7513d10b455781a1f25b144272087491575Red Hat Security Advisory 2014-0285-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory condition and, potentially, crash the system.
a11eda61dbcf728addd1377584ae2b396b052364c5d94383cdb60ead21539012Red Hat Security Advisory 2014-0288-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.
0a170a8ff50ca1817d8dbb1bf5337a87577fa4be6ead12ecab8af5254403d619Debian Linux Security Advisory 2875-1 - Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.
73c6f6fedc39fbf350b6bb3b7d31490dfad13c3f44e3dc9903260c66ef25b17aDebian Linux Security Advisory 2874-1 - Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code.
85bfbaabb146c53fdaad1274b54b8cb239279509ec7b02d61d4874281a016f89Debian Linux Security Advisory 2876-1 - Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of arbitrary code if a malformed PDF file is processed.
ad6a0d806e07d3d10c95239ddcb188c5630de51fb39bd67800ecbb284553b581The ZyXEL P-660HN-T1A router suffers from an authentication bypass vulnerability. Version 3.40 (BYF.5) is affected.
f18e9d48f0d20a07656d3b22913991bd93f4912ae2a287f14366f2b140bf48feMediawiki version 1.18.0 suffers from a new file creation source path disclosure vulnerability.
5675a27b5908d6b27fa04c43090945ec656da5d0db68fcd7d5da9bbfe406ac0aThis is a ROP exploit variant of the perf_swevent_init local root exploit for the Linux kernel versions prior to 3.8.9 for x86_64.
f2e2d43cd1b1f6062d1700da019b5cc1e08dbf07427dcb52fc47281b57ddf45f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed