Lantronix xPrintServer suffers from remote command execution and cross site request forgery vulnerabilities.
ff6469302e547e01bb9030847093051785ad3cc7d9ecacc094da02afa766ef4fPHPMemcachedAdmin versions 1.2.2 and below suffer from a remote code execution vulnerability.
19d87edb296c6abb43991e0a8e2a208e67c071926458b687ba07422d91852a16CorelDRAW is prone to an off-by-one memory corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious CDR file to execute arbitrary code and/or to cause denial-of-service conditions. Affected versions include 17.1.0.572 (X7) - 32bit/64bit (EN) and 15.0.0.486 (X5) - 32bit (EN).
d61e01adb66b6c79e68ff44e6a3ed5a2754e9b02ac1089137243b5f364608afdF5 BIG-IP version 10.1.0 suffers from a directory traversal vulnerability that can allow an authenticated user the ability to delete any system file and enumerate their existence.
48c9228a0d762c37bb5420392618ef603f34d99d02096e06b809d1aaf78e9bb6SAP Governance, Risk and Compliance (SAP GRC) suffers from SoD bypass, privilege escalation, and remote arbitrary program execution vulnerabilities.
2c6f6dd2ccedd0df4f801c917ff9f40ee8c504126cec43a0f77af7dde206d446Monstra versions 3.0.1 and below keep a tally client side in a cookie to count login attempts, allowing an attacker to completely bypass their abuse functionality.
e559a6fc29b5452cf0090e6cc326b4afa0c52ebd83000579ad0a03b5b75fae8aHP Security Bulletin HPSBUX03188 SSRT101487 1 - Potential security vulnerabilities have been identified with HP-UX running HP Secure Shell. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.
f48ab840d0de653a028d42f01133ffad6f77ec827e8549cb98d0a31ab37fa27cDebian Linux Security Advisory 3071-1 - In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.
4a2488a91078e9187bd86f7e1d101335a7b44b196ee02e132b0845e7346a16a2HP Security Bulletin HPSBGN03191 1 - A potential security vulnerabilities have been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running lighttpd. These vulnerabilities could be exploited remotely resulting in disclosure of information, elevation of privilege, SQL injection, or to create a Denial of Service (DoS). These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the lighttpd based vCAS Web Server. Revision 1 of this advisory.
6f968d85b22f5fbfed109939f90483ff9eef7b3027bef59336a2b90ece346765HP Security Bulletin HPSBGN03117 2 - A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: The vCAS product is vulnerable only if DHCP is enabled. Revision 2 of this advisory.
e1b44829e163823ba39cf92638eaac5e9924d468dee54cd584402a7214c8137bHP Security Bulletin HPSBST03155 1 - A potential security vulnerability has been identified with HP StoreFabric H-series switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
f3dcc135fd2c1cf8a1c5df3a69efd02a182cdabdb8e9370883499a6a98eeecfcDebian Linux Security Advisory 3072-1 - Francisco Alonso of Red Hat Product Security found an issue in the file thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
c2c275801fcf8dc1f648f13c1c5c3a76942f60ea2fc6e8e71fd5b6f1ecf79ecdHP Security Bulletin HPSBGN03164 1 - A potential security vulnerability has been identified with HP IceWall SSO Dfw , SSO Certd, and MCRP running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
980ee97b143b372b5a1ff3b939f0feafd7414703cdce1d204f657684003c2051HP Security Bulletin HPSBST03154 1 - A potential security vulnerability has been identified with HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
f9534957739ab8f3e7e9de8f9c4bf5789882431d3a5cde51340596d597abe334HP Security Bulletin HPSBST03181 1 - A potential security vulnerability has been identified with HP StoreEver ESL G3 Tape Library. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
cbb07b428d53f1c1557655cd70c5d064f9bc9d949a6557331a6e0111d76d716bHP Security Bulletin HPSBHF03124 2 - Potential security vulnerabilities have been identified with certain HP Thin Clients running Bash Shell. The vulnerabilities, known as "Shellshock", could be exploited remotely to allow execution of code. Revision 2 of this advisory.
c8f6d879ddf7cc323158feb1bb78035393d71910932a07f1d6aa7f0deabbcef6HP Security Bulletin HPSBMU03165 1 - A potential security vulnerability has been identified with HP Propel. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
993d69d889cb57ea4e97b5967566ea9fa56baaa30d0ca057ac83149e29c4add3Red Hat Security Advisory 2014-1846-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS, could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
d7b6ca9e01cfaf62474c6861a3613f29e538664ff430547cb7f087092a159e7bHP Security Bulletin HPSBMU03184 1 - A potential security vulnerability has been identified with HP SiteScope running SSL. This is the SSLv3 vulnerability known as "POODLE" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
f5d4009faa0f2b4a38c2f39e1e8ea7a141f3a0e67dc5a7429bdc067345229661HP Security Bulletin HPSBMU03190 1 - A potential security vulnerability has been identified with HP Helion Cloud Development Platform Community Edition and HP Helion Cloud Development Platform Commercial Edition. The vulnerability could be exploited remotely to allow Unauthenticated access. Note: On October 28, 2014, HP identified a critical security vulnerability in the v1.0 release of the HP Helion Development Platform. The vulnerability is in our Application Lifecycle Service (ALS) and requires immediate attention. Vulnerability background: During the development process, valid user and host security keys were unintentionally left on the ALS Seed Node image. These keys are thus universal on all virtual machines created using the ALS Seed Node image. If an attacker has a virtual machine (VM) created from the ALS seed node image, they could potentially use that VM to connect (without giving a password) to any other VM in any ALS cluster (including ones the attacker does not own) if the attacker obtains a valid cluster VM IP address and the cluster was created with an ALS seed node image containing the vulnerability. Revision 1 of this advisory.
38dde2ca0ee61192adb6609d5eba20d0a98df126cf600057924d3e3c114e5f51PayPal suffered from an arbitrary code execution vulnerability. A filter bypass and persistent bug was also discovered during the testing of the same vulnerable parameter location.
fed3658f23386986e4d659208a3fb49d27afdec96066ad71c77c587d4346e94bMicrosoft Office 2007 and 2010 OLE arbitrary command execution exploit. This exploit will not give a UAC warning. No .inf file is required in this exploit. The size of the executable payload should be less than 400kb. Python 2.7 is required.
67ef05e93ca36b2752d2f86818c0b19ab0cdbed8a586badc23f5f694ed829e86Piwigo versions 2.6.0 and below suffer from a remote blind SQL injection vulnerability.
8e34aa5cc38234e00ec76daa8cd462763d9355b1d33754d7f3b38738477d41ecPHPMemcachedAdmin versions 1.2.2 and below suffer from a stored cross site scripting vulnerability.
9f91c5c2b7e9ffc8b6dd9013cb665d44484399ca18e398533dfb21443be8115fEleanor CMS suffers from an open redirection vulnerability.
84411384c7aa25e58ed05f7ed500b0c0f671a12c0994b2a76e3965c107e7b735
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed