sb0x Project is a lightweight framework for penetration testing. Written in Python.
953f243708008c8e9e0c5ea69aad3cb16ab0c0bda7560bb9d7119548d2637301Red Hat Security Advisory 2014-0559-01 - The Red Hat Enterprise Virtualization Manager data warehouse package provides the Extract-Transform-Load process and database scripts to create a historic database API. It also provides SQL BI reports creation for management and monitoring. It was found that the ovirt-engine-dwh setup script logged the history database password in plain text to a world-readable file. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database.
5f8888f9aa9c43980c066c5c06f05a1024c407ad8a7c6d15802f4a3f4416332cRed Hat Security Advisory 2014-0558-01 - The Red Hat Enterprise Virtualization reports package provides a suite of pre-configured reports and dashboards that enable you to monitor the system. The reports module is based on JasperReports and JasperServer, and can also be used to create ad-hoc reports. It was found that the ovirt-engine-reports setup script logged the reports database password in plain text to a world-readable file. An attacker with a local user account on the Red Hat Enterprise Virtualization Manager server could use this flaw to access, read, and modify the reports database.
bd0f437915b49f2d01976ffbb4ea6447e6ebe809ba39ea5a11c9372893c02d44Red Hat Security Advisory 2014-0561-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP with NTLM authentication, LDAP, SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials.
9b7178c65f513e070e77be94e77db2220728f4e898877c6359747fcc720c3823Red Hat Security Advisory 2014-0557-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A race condition leading to a use-after-free flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled the addition of fragments to the LRU list under certain conditions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system by sending a large amount of specially crafted fragmented packets to that system.
11e08a25ccc9449b51fc974bf55d7895cac1d67aa00b70338d758bd8911c49a6Red Hat Security Advisory 2014-0560-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read access could use this flaw to cause libvirtd to hang indefinitely, resulting in a denial of service on the system.
94239f6d883bee6d500f9c0488f7c3ba34b9d4128102a893c9f3c00863ef0452Debian Linux Security Advisory 2938-1 - The initial organization and setup of Squeeze LTS has now happened and it is ready for taking over security support once the standard security support ends at the end of the month.
55b2d8374ef4e842a1b1dcf7cc65636b8bee542b9491e4d37a0a0a7f7fbce5e2Debian Linux Security Advisory 2937-1 - Two security issues have been found in the Python WSGI adapter module for Apache.
3fc32fb17b4ab3171b0696918d378ce832f0f9298ccdc887b01b36b1574b34ebGentoo Linux Security Advisory 201405-28 - A remote command injection vulnerability has been discovered in xmonad-contrib. Versions less than 0.11.2 are affected.
38fb811a8cac5932b75fa59e16b42be8839538cf9284093511c23adc5ced82a8Red Hat Security Advisory 2014-0565-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.
f1e9f6c1c9be3e43a15d38d75587d92cb3da1e2846c3e184bcdbd280ba0ad505Red Hat Security Advisory 2014-0564-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.
b605c57114719a77fe275c9838251481f50e536e80553823f178ad6e466a9bbaRed Hat Security Advisory 2014-0563-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the security auditing functionality provided by PicketBox and JBossSX, both security frameworks for Java applications, used a world-readable audit.log file to record sensitive information. A local user could possibly use this flaw to gain access to the sensitive information in the audit.log file. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.2.2, and includes bug fixes and enhancements.
881e706fc0bedaff8a0768878e85814423dc159dee27a4733dd69daa905544bbinfo.vmware.com suffers from a cross site scripting vulnerability.
93f373ddd0b15311720ffb4ee10d3fa2ff732de4c159ce7664fe62e6a357c9bcWebBoard CMS suffers from a cross site scripting vulnerability.
b29c1580f47d8601f307bc2caa6aecf04ecec822a34b0158d188ae66779fdd6dThis paper highlights risks associated with unvalidated input in Lua-based applications.
b4f14650e83aeefc80c835944c58d54d354b9a258c6d244b09f76bbd9c1c50beSandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and when you need to examine live web applications.
cf989c86c0521b79f36955f23b5884a66b9f8bfdc0e7670e64ccb43a1afda929
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed