D-Link DIR-652, DIR-835, DIR-855L, DGL-500, and DHP-1565 suffer from clear text storage of passwords, cross site scripting, and sensitive information disclosure vulnerabilities.
a7668e84297d67c97f777a5d017f21ef288453a895bebdf304e432fe59637710This is a Metasploit modules that leverages an authenticated arbitrary file upload vulnerability in Dotclear versions 2.6.2 and below.
fa7134cec4517d630b5ea12c4242fbfc9bfb06e0df1b252b0e24e5fa245675a6Cisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. They are all affected by buffer overflow, privilege escalation, and denial of service vulnerabilities.
7cbdd459508984ad05613b5f8dfd78e812d9c4aa6af13199816c11689911fb2cCisco Security Advisory - A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance. Cisco has released free software updates that address this vulnerability.
debbd5883c0f1ee44fd9c6207d5297829694cf5da109411306a1a90b8555f5c5HP Security Bulletin HPSBMU03044 - A potential security vulnerability has been identified with HP Business Process Monitor running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
75b0264fcbec223ee3f4ea20c5e45106bd20fec772506d86b5b521ab51e99c32HP Security Bulletin HPSBMU03042 - A potential security vulnerability has been identified with HP Operations Manager i running on Linux, and Windows. The vulnerability could be exploited by an authenticated OMi operator to execute arbitrary code. Revision 1 of this advisory.
f1b6918940249cce1d82af4f65bab7e6ca8abce69462188ab50ff2ced7fe6abcDebian Linux Security Advisory 2935-1 - It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library.
968e3067472edc877e3d58f8a306f4c3be00b07a88941c496bc361b1297c2a47Red Hat Security Advisory 2014-0536-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
efa88c6d2d6a9b3c9599b4e685e6a270ed5ced1f29e9a38839441774aef2e9beRed Hat Security Advisory 2014-0537-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
a64031dc8f87dc015972399f06eeeb57a3646b9a5d9e864b433f49d12014a63aApple Security Advisory 2014-05-21-1 - Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.
cb432efb5b115028ce6fb6e5f7885637ec7ab0cf5c49906f721e09b631043157The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Linux release.
89c9d3e50ff99273c1579e1abf9894e4d2d42ebfbcc35f57d5fc35a54be4a428WordPress Conversion Ninja plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
0bfb7dbc417cfd5c7380ab708fe11a4521d81a62380978265ae01c7fb6d10f8cWordPress bib2html plugin version 0.9.3 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
a4eadb29a9ee0fe5cc72b51220221339d9488e699962c0abddc7b56cc660e24frcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.
23829d9b1462518ce5a905745304ab65132b7ff256f08771ac7d918e69d1d89cCoSoSys Endpoint Protector 4 suffers from remote SQL injection, unauthenticated access, information disclosure, and backdoor vulnerabilities.
ee59c852aa9ec9b54cfb17cac2c30abf6fbb5c230308e6bbdca47b9cb0f61f3eDotclear versions 2.6.2 and below suffer from a remote SQL injection vulnerability.
2067441f7e53b38ccded93a55914eb552ab0546ea50c16e0ae0faf9cda833960Dotclear versions 2.6.2 and below suffer from a remote shell upload vulnerability.
31ef78e04a371a4e90bcaf14ef4a3350c0869ac317a39cdbeb7a37d65897f61eDotclear versions 2.6.2 and below suffer from an XML-RPC interface authentication bypass vulnerability.
0ba9c89e27c9ba118a254a769b3bfb910bbbcfd3ba96f87cd6f39126a26f52b7Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
2e9b6c04e3affaf652ec6a25f56fbabe85ee3ff890d082b6c0a0f239338c22cfThe eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.
8e82def158ebfbe41cc7595829128a612d02d271dadd2f1c5596bfb75b802a36This is a brief write up that discusses NULL page mitigations on Windows 8 and includes a piece of proof of concept code.
a7d45dd13990e785f7ee6bbec647ae6693fc0348799ef70a34911098b0fb2da6MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
7852da1039ed22bc8df4e43c3094ee8c6d6ba154479efd37b643d488a3c85a42Binatone DT 850W wireless router suffers from multiple cross site request forgery vulnerabilities.
8d9c3eeed475845a253f821c47a2ce2c767601f741f279d533f68fce54e765dcEasy Address Book Web Server version 1.6 suffers from a stack buffer overflow vulnerability.
eb3749421af48dd72ae5531d12a661999239e19e1c8b9971b9aeb7d94178bfa8Easy File Management Web Server version 5.3 suffers from a stack buffer overflow vulnerability.
01960135cf899303cf1fae8be238f11e79604d56f7f20d97c009897fa7e524b9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed