HP Security Bulletin HPSBMU03263 3 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 3 of this advisory.
77a518cb0ccf0a4c04a46e8ea0991baac6b0eafce5c9e8a2db3164eaa98ae5a3
HP Security Bulletin HPSBGN03332 1 - A potential security vulnerability has been identified in HP Operations Analytics running SSLv3. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
cb810cc00faa60f39ac5e93a3c429e996fe9dc854eeaed218dbb42a7380d0270
Debian Linux Security Advisory 3274-1 - Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in the potential privilege escalation.
e4f75683caaa34fdaecddd1a7828d4612e7cf4a264154d8b544eb04587da551e
HP Security Bulletin HPSBMU03223 1 - Several potential security vulnerabilities have been identified with HP Insight Control server provisioning running SSLv3. These are the SSLv3 vulnerabilities known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. Revision 1 of this advisory.
36ba059b9acedf2bacaf76b60979c8057c5973ea903070f309a681ca4a388e4a
HP Security Bulletin HPSBMU03261 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running OpenSSL on Linux and Windows. These vulnerabilities are related to the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
266edbc2c77cb9a27d028900097a82c14a33598b9d019eaa48c5d447c4276489
HP Security Bulletin HPSBMU03267 2 - Potential security vulnerabilities have been identified with the HP Matrix Operating Environment and HP CloudSystem Matrix running OpenSSL. These vulnerabilities comprise the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
b0d83a45ccd554287e2918d69e2b966916bb6e4a34595e69cc5962c44381597d
Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.
a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bff
This Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9a
Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
e20ef0dd89ff88caf92c753721ba8454b95e56f6cc1668c930745008c71c7246
Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.
4020cca47ad48bad8205cc27d4fc29cfb9c596aa0ec345c05d58ff93a38af714
ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.
ca946d1c96a67953dcdbf356af61138199a591b19f2e94b31632830e11113290
This is a tool to replay packet captures and simulate client/server models when doing analysis. Written in Python.
bbc82f1d4197ab39b95472137a8ac96adbcfc361152b02976825089cc906d144
Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.
a557a41cc14f0fa4371e88173d14cc9d2536437e1d9f3a70dba00fcae55b4b4b
JSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
8c8845746909deb94bd650f31176c3002998cc354834cd3fceef8f287bc9ffb3
SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.
b2f2c880262864949aed2787d7dbd1a1af58648ac6dc6fce4d75c119ce30c8a3
HP Security Bulletin HPSBHF03340 1 - A potential security vulnerability has been identified with HP ThinPro Linux and HP Smart Zero Core running HP Easy Setup Wizard. The vulnerability could result in local unauthorized access and elevation of privilege on an HP thin client device. Revision 1 of this advisory.
355c585f8c958b94f6362d293f801561c9df1b4c0315d1c836d83e169585da08
Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
ccc8d7042208971ccc1a5b517c5d3acce70ae9a88bb02dfb50ca9bb3a7a31ca2
Vevocart version 6.1.0 suffers from an open redirection vulnerability.
d7f23912aab51e824ef12b4488419191ca88592fdd7e16d5a9c8952118503303