Debian Linux Security Advisory 3133-1 - Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing HTTP proxy.
4978681b5f1311a5a45f38e60a7fbec5f75d51085ce14c19b4051a5b5bd55ec0Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key issues, and various other problems.
5c42032507e2bcde6818fa49b6b98725db14f0fa3e856bb46af8de90d060d086Prestashop version 1.6.0.9 suffers from a cross site scripting vulnerability.
895d65c3f6ea1f1c1f7afa03abbc7aa0cb28bab5b47eff3d072c5bfa9ffae180Since 2010, Sysdream organizes the "Hack In Paris" event in Paris, France. Aiming to bring together security professionals and enthusiasts, Hack In Paris will focus on the latest advances in IT security. Hack In Paris will be held at a totally new location in Paris from June 15th to 19th, 2015. The Nuit Du Hack will take place on June 20th at the same place.
68239e3a8f826937f214515874c3e88c943d5b1229ff295d9a9b28c2c7774cecOS X networkd "effective_audit_token" XPC type confusion sandbox escape proof of concept exploit.
26000ca21e50478d63a5ca817398f053658a3693b62adac8eb4a3b8c6669b930Vorbis Tools suffers from a division-by-zero bug and integer overflow vulnerabilities.
cb728a9c129d83a52648cfa3d767d20a9d0a57fd06b201dd2c27d486a7b8099bEMC M&R (Watch4Net) suffers from heap overflow, remote file upload, insecure cryptographic storage, cross site scripting, ntp-related, java-related, and path traversal vulnerabilities.
7adceeb57a3368887bb1d10e104821dd7f027effb3815bf97aaaae498b047491Ifchk is a network interface promiscuous mode detection tool that reports on the operational state of all configured interfaces present on the system. In addition, it will disable those interfaces found to be promiscuous if told to do so. Per-interface statistics can also be displayed, allowing administrators to perform traffic trend analysis, which could be an aid in the identification of possible inconsistencies or spikes in network traffic volume that may warrant further investigation.
3a46d086bc6d38af96da063d3b38b7f844b4115afb2246133f6ebfabfadecad8Remote Desktop version 0.9.4 Android suffers from local command injection and cross site request forgery vulnerabilities.
81c31b606da552a492c3156c3ce1015ada9039256b0cd83c13a8feb14c06663aWebinars version 2.2.26.0 suffers from a client-side script insertion vulnerability.
95540c3f1a53b361187b285ddccd27b26ed9baa6240a8ce04205aacfb2574a3cRemote Web Desktop Full version 5.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
b223fe2da6af965eb62693f470a44f543390166fd7bb6f547b33a5c0b6cebd3cSites "Powered by INVEM" suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2ecdb5b1b4c52f845930bec8a4e59a89a979083e492ab914fa6ecc4297f5ab9fTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
966b7652d7133037134b30ff4cc54bdb82b1a220daf1667ccfe0df7292d201faThis Metasploit module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write in the file system. Authentication is needed to exploit this vulnerability, but this module will attempt to login using the default credentials for the administrator and guest accounts. Alternatively you can provide a pre-authenticated cookie or a username / password combo. For IT360 targets enter the RPORT of the ServiceDesk instance (usually 8400). All versions of ServiceDesk prior v9 build 9031 (including MSP but excluding v4), AssetExplorer, SupportCenter and IT360 (including MSP) are vulnerable. At the time of release of this module, only ServiceDesk v9 has been fixed in build 9031 and above. This Metasploit module has been been tested successfully in Windows and Linux on several versions.
cfe15941681878a96b266d26c1d7d9356a553c192cb7478e884d2b24e8196dcbUbuntu Security Notice 2460-1 - Christian Holler and Patrick McManus discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Muneaki Nishimura discovered that requests from navigator.sendBeacon() lack an origin header. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. Various other issues were also addressed.
7c9e1ac240c3519c3587b84179a25fea5b2eb6a7034f2fbed342a1fb60bbf0bbDebian Linux Security Advisory 3132-1 - Multiple security issues have been found in Icedove, Debian's version of errors and implementation errors may lead to the execution of arbitrary code, information leaks or denial of service.
128b40b04a97f4be794c7c1a3c99effc13157869a11b21cf0ca36e25a668807f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed