Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
05a3793cfb66b694cb5b1c8d81226d0f7655031b0d5e6a8f5d9c4c2850331429Onapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.
51b510290e9cdab39a4eb560d76f8a1a92ad4e2479c00ecb93a399c7bd8fc80aOnapsis Security Advisory - The SAP HANA XS Administration Tool can be abused by potential attackers, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
c6ed0fc760014885e4e1f29f5add689e261aa09131bbce902c5032d4d1638bfdOnapsis Security Advisory - SAP FI Manager Self-Service contains a hardcoded username which could allow a user to access functions or information that should be restricted.
6af964bfb323ace71af49db49e9c09318bd3bd26ffd097eee87a3bcf28af33bbOnapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.
6580ff640350c05f48f65976b0b95f4281af8ee4134bb35be5c0dfed235ecb75Onapsis Security Advisory - SAP HANA IU5 SDK Application does not enforce any authentication when it is explicitly configured. It could allow an anonymous user to access functions or information that should be restricted.
012319929550f40aff45210c9e107a59b2e67cadbe0eba2ea67d08b03dc14274Onapsis Security Advisory - SAP HANA XS does not enforce any encryption in the form based authentication. It could allow an anonymous user to get information such as valid credentials from network traffic, gaining access into the system.
3c59882224f4e683e1189c962e0c8f1e472ad02e008d6bd4c6be59028fba9d6bBarracuda Networks Web Application Firewall version 6.1.5 and LoadBalancer version 4.2.2 suffer from filter bypass and cross site scripting vulnerabilities.
f9aabc1b0f4bff1070f734b4a100285651be2b51f5a95b036752aec6fe50a330WiFi HD version 7.3.0 suffers from local file inclusion, directory traversal, command injection, and cross site request forgery vulnerabilities.
385a35c17ef6e5d6fe31cad54fc9c513afe14f1ef33ed25c6b35b80ff42a5f85Proof of concept project that demonstrates how old FPGA boards can be reused for hash cracking purposes.
a5d7dd772b6f73f7bfd7ffca2d5849a002cf66e9c9f01f669a988bda7fac8011Siemens SIMATIC WinCC versions prior to 7.3 suffer from unauthenticated access, privilege escalation, and hard-coded encryption key vulnerabilities.
7b2386094198c589bb175e6f6352b3527830abc474c16d1dbe09639309362020Lyris ListManagerWeb version 8.95a suffers from a cross site scripting vulnerability.
e824ac215ca489b54cbb8e68ab45e456ebda1efbabb8167f8f80f7e30fe06d18Red Hat Security Advisory 2014-0981-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to crash the system.
de80732b0357d6b9f6be6f8c9e7da59e5a32c6ff3a767b3625c79cfd20dbec82Red Hat Security Advisory 2014-0979-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange parameters. This could possibly lead to weak encryption being used in communication between the client and the server.
7e472af39243b2111c21f2041f546e46ac85697a4ad1633bc4b0836a92c7ee63Red Hat Security Advisory 2014-0982-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
b4ddf444c5203044fecdf2fbe1d797919572413a3765151f718ef34faded1004LinkedIn suffered from a user account handling vulnerability.
dd6ed709186c8feeaebc535e20b97700385afcfc7f3bff6f93e8a57396aa2011This whitepaper discusses hacking with sqlmap and leveraging cross site request forgery vulnerabilities. Written in Turkish.
7130a96bfe8e601c63c6db831c76a47578959bc3aa160183ca7c39ba4c380efdWordPress WhyDoWork AdSense plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
af9bca3fe65b0a9bbf0292a7c524d2bc3961c3d5ba4dc081c13b25eb55493d3dSites created by J&W Communications appear to suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
65f4085262255284edb648a36920c83ccae9bf601ad67291db7f5c7ac9a711b3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed