A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user.
518c9bcbcc800ca3f2eabf30aca38ce8d0b16a83ab93ae8b359b37e023aa64a9Red Hat Security Advisory 2015-1945-01 - Kubernetes allows orchestration and control of Docker containers as used in OpenShift Enterprise 3. Kubernetes fails to validate object name types before passing the data to etcd. As the etcd service generates keys based on the object name type this can lead to a directory path traversal.
882467afb0898ac1a735a92bbc5d832bf82bb3be24e8fb4c74d957d8972dd89eUbuntu Security Notice 2783-1 - Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. Various other issues were also addressed.
8debc928995cb2a3718e301aeb27ac0484aa5e83482836add27bb9e46982d590RootedCON 2016 Call For Papers - RootedCON is a security congress that will take place between March 3rd to the 5th, 2016 in Madrid (Spain).
3fe522d5ca02a346175338ca9eef6fb8c59b17fb021d4b322ac926e81dd62fbcOracle E-Business Suite suffers from a cross site scripting vulnerability. Version 12.1.4 is affected.
330164019ca36985ae57a2a7d3254a6caf05cc6e3de339d6d2d0609cb18a4c10Oracle E-Business Suite suffers from a remote SQL injection vulnerability. Versions 12.1.3 and 12.1.4 are affected.
bed7d6cdc8769e52a8aa6079d2197b1a4a13e686111b6e01d1e0c62a2b41c50dThere is a script in EBS that is used to connect to the database and displays the connection status. Different connection results can help an attacker to find existing database accounts. Version 12.2.4 is affected.
1aa0dba66e594f4a17c1c25ee299403e80adb017253f58e948040cbe8038ad7fUbuntu Security Notice 2782-1 - Gabriel Campana discovered that Apport incorrectly handled Python module imports. A local attacker could use this issue to elevate privileges.
4f0da2c3488b13558540107d7c73929bd778fa76d8ee3f78698bce5e5f36a5f0Red Hat Security Advisory 2015-1943-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. This issue was discovered by Daniel P. Berrange of Red Hat.
e5533509473a6a8fde2e5b8dec5e9bd0cc2b48c4f5724d388833ba73b6742d8cRed Hat Security Advisory 2015-1931-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. This issue was discovered by Daniel P. Berrange of Red Hat.
d93ac13fdbf51688970ebeb6f32cac88de3bebc4d39983f98b817cb2247f04c3Joomla remote SQL injection mass exploitation tool that affects versions 3.2 through 3.44.
e74d1c2612f862d1907efcb6f9e66646454d21ba0f9e08e17b7c11c0ed22c84dRed Hat Security Advisory 2015-1930-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value.
08e79a7902ee8bcd7e147cff04dc775db97366989509368f2e8b20bae782a19fUbuntu Security Notice 2781-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.46 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.04 and Ubuntu 15.10 have been updated to MySQL 5.6.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
49c9f29f0cbae472d9260a0c28a6213364091f4b0de6b29d0a01d9672cd60066This Metasploit module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).
1959cf26f98a303dd73293b46328a6156cc9e858b22283d3803da877cf76e849This Metasploit module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the php_uname() function.
a6cc00b9d3f5414b03d4d4a58644c38267378b49d138c71d6af4288198c8112c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed