This Metasploit module exploits an arbitrary command execution vulnerability in the Vtiger install script. This Metasploit module is set to ManualRanking due to this module overwriting the target database configuration, which may result in a broken web app, and you may not be able to get a session again.
168b20b9f1430832a755c5282b7d87e702796d3a8ede2140bfc9bf4996352b16Open-Xchange AppSuite versions 7.4.2 and below suffer from multiple password disclosure and cross site scripting vulnerabilities.
348cc4505b3feff5407c50da62d97a957b38975a969613b4950953a41d048bcbThis memory disclosure exploit is a quick and dirty demonstration of the TLS heartbeat extension vulnerability.
52f0798dad98c4a1b6cab83a8eda203099ba005a12190fde8917fba6bb4fbe85This bulletin summary lists four released Microsoft security bulletins for April, 2014.
42ab9375d5a119d1504c4e87bffce35081ffe9c6a3dc551142efb5af27129816Bluetooth Text Chat version 1.0 for iOS suffers from a code execution vulnerability.
3230526c05b67c40d7a37d84acba59c35e2357e4b5168af9fa91f4db7f0113c7BlackBerry Z 10 suffers from a remotely exploitable buffer overflow in qconnDoor.
94f3ad9825cf56bf2e0d4385ec6edf97a421ec557a510f614000c11f62775b0bHP Security Bulletin HPSBST02980 - A potential security vulnerability has been identified in HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility running on Linux. The vulnerability could be exploited locally resulting in elevation of privilege. Revision 1 of this advisory.
16c17df1bc75e43156e9b8be57baa10d7586b91a62e7dcbb2c9d3806f740f339Halon Security Router suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
6a89ccc532c3b03e26dc887d1ad606c3b5effc18b384765f25f3a06bdd2836bdBlazeDVD Pro Player version 6.1 stack-based buffer overflow exploit.
36ddc24b6e1b4dd2f3591102abac3bd0971dd7eda9dae438577b41a87b9287dbRed Hat Security Advisory 2014-0378-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
85f3267b23c3a2c746ab13cf225702438ff173d13d36e28e69a306ae88cbb914Gentoo Linux Security Advisory 201404-7 - Multiple Information Disclosure vulnerabilities in OpenSSL allow remote attackers to obtain sensitive information via various vectors. Versions less than 1.0.1g are affected.
5a052eecc5f9820f2774d8bfc627f2dcb6074aeb700f13c087a5702f55105ceeGentoo Linux Security Advisory 201404-6 - Multiple vulnerabilities in Mesa could result in execution of arbitrary code or Denial of Service. Versions less than 9.1.4 are affected.
36031cee58d1f9371bb65ef019c1a9362896bfe76486340bbed7f9f618fdb875Red Hat Security Advisory 2014-0377-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
8f7c4d4d016c55715c90ff4dff65e34096a229969fb8f1a6a46114297025d9faRed Hat Security Advisory 2014-0376-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys.
d29801163552d6c5ef3d311980862e909fec81f30ffc610d069125419da17ffeDebian Linux Security Advisory 2897-1 - Multiple security issues were found in the Tomcat servlet and JSP engine.
2b66a4a8295291756dace91cbeeb0f72ed10e5069d62d5a8388c8a95212581ebDebian Linux Security Advisory 2896-2 - This revision to the recent OpenSSL update, DSA-2896-1, checks for some services that may use OpenSSL in a way that they expose the vulnerability. Such services are proposed to be restarted during the upgrade to help in the actual deployment of the fix.
bdc2b441a742338d68217274b585f77a71fb0818c37b23e2611c5800372cdb67Debian Linux Security Advisory 2896-1 - A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Hearbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory.
b46b7cdf2bdf994b775cf460ae5825957211930d6a2c4d11361546b5cd798cc0Ubuntu Security Notice 2124-2 - USN-2124-1 fixed vulnerabilities in OpenJDK 6. Due to an upstream regression, memory was not properly zeroed under certain circumstances which could lead to instability. This update fixes the problem. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.
3e97ae5d9547293ea4ae339a2f1a074b113d672fbb9e11a7e3479121dbd4b0e2This is a modified version of ssltest.py that will do a mass scan for the Heartbleed TLS heartbeat vulnerability.
82c6e88d81229fdc66b6164151c0633d131f032bbe9893c23498032d22ddb017This exploit is a quick and dirty demonstration of the Heartbleed TLS vulnerability.
0415e43e7ef638d6c409ac662bd691d4eaf202ca6d154493d8cc75be1e929801Joomla Inneradmission component suffers from a remote SQL injection vulnerability.
b995e316a3a1fc834d325da8115f4a448b6ae916afb9869b8e446050e3e306d0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed