ALCASAR versions 2.8.1 and below suffer from a remote code execution vulnerability.
50969539e307aa3836b82e6e37ce5621a9257c22e78102c9e7849b899b4f8b8fOpen-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities.
a67a92350a6eb49fcfcd83bb5f4009ea48632c5c129805bdc644ed7b80ed0a6bBriefcase version 4.0 suffers from code execution and local file inclusion vulnerabilities.
ee4769ddc3ccb478d6f4b3846b15011421dba91117c82dee9377af11ba04b175The PASSWORDS'14 Norway Call For Papers has been announced. It will take place December 8th through the 10th, 2014 in Trondheim, Norway.
a270ae5136e49e09f525068c54f96fe43d036add98f294ae63d3bfe720c708faAztech DSL5018EN, DSL705E, and DSL705EU ADSL modems/routers suffer from broken session management, denial of service, file exposure, and parameter tampering vulnerabilities.
f6d378232da2f6443ab2049ec99245e887f6a80eb6f0844fa10661d9cbd6ca5dMaligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
fe2122fa4c8903c6f94454c7940fbe1d8bc432820eaa3829a22a22f7ac9ff938HP Security Bulletin HPSBOV03099 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or disclose information. Revision 1 of this advisory.
aae3e2a1d333eb054bbbacfd312875f79f591047aa6e4a71ea420ee9f8f26a54Red Hat Security Advisory 2014-1187-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to supply a malicious image file to QEMU or to helper tools used in image conversion by services such as Glance and Nova could potentially use these flaws to cause memory corruption, resulting in a crash or possibly arbitrary code execution.
9c0df0a65b9932b94391bd604c5ef39b8c0c257126ec2cb11ae9e065c3c02c92Red Hat Security Advisory 2014-1188-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.
06a9c4363ca80ae7ee73bcafdc3503c6698bbfff7d64fb4ec71efe94fc24c35dRed Hat Security Advisory 2014-1193-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
19e657455acf991df2d00feb9250321dbe674862f71eba14f81135c0e2dec851Ubuntu Security Notice 2346-1 - Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top Level Domains (TLDs). This could allow a malicious site to set a cookie that gets sent to other sites.
569add75b7a86ea622af485c4086142e1e91cb1b462d2168fa594424e1de799cWordPress Wordfence version 5.2.3 suffers from bypass, insufficient logging, and cross site scripting vulnerabilities.
a79b5eed16cbe3a5519923c18144c38d29237501b95a7b4288d52f305e3b4539SingleClick Connect installs a vulnerable web application, unpassworded MySQL instance, and handles set up of VNC poorly amongst various other issues.
e3202fce8e302bd9f029650fbff05b5533d1086d2690e0533030aa3c37fd383dDamn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.
75399c599af8214d734313a75983c0648c16b80932511c55319919111ea07883
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed