F5 iControl systems suffer from a remote command execution vulnerability.
3bb67baccdc0e397583692f37c40518c602a130776335c7f7b2de6042944cd0dCisco Security Advisory - Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker to cause an affected player to crash and, in some cases, could allow a remote attacker to execute arbitrary code on the system of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx server. Cisco has updated affected versions of the Cisco WebEx Business Suite meeting sites, Cisco WebEx 11 meeting sites, Cisco WebEx Meetings Server, and Cisco WebEx WRF and ARF Players to address these vulnerabilities.
59c4296af5b6ceca8e5b74de5fd6b6d22992aeb1fe2b1d7f7edacfb749f4de6eHP Security Bulletin HPSBMU03018 3 - A potential security vulnerability has been identified with HP Software Asset manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. Revision 3 of this advisory.
0e7d0b8ece89f46abe0b7aabc8e34444d04b7cf5220ce1b9f9c8b7dbeb2ecee7FortiWeb versions 5.1.x and below suffer from a cross site request forgery vulnerability.
348864acff9f9973120d33162b0f9a517791d4941d91591f5a9b3c03290565dfOffiria version 2.1.0 suffers from a cross site scripting vulnerability.
025b9cc75f03eaf22ce2c6ff43f58faed7d6d01e2abb67350a626700ff82d560Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the netlink socket and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules, and traffic control.
39905bd42aa4ad95f5542059aa12ec489efbcd158bd484eaf52c6bf29e65c673The Breakpoint 2014 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 8th through the 9th, 2014. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.
51295251d034007a82e1fcd395c19ee9d0d2a864ef12982d4645554778062163This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.
9499be52d5cfed9d72ecaf10bc20f2276bb6bc14fd6d1eb70d8afca6916fdf70HP Security Bulletin HPSBMU02994 4 - A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 4 of this advisory.
bd6e50aa40efcf27d2a55702821100a9e57b90bb9cc5e357d0771a96e60ef110Red Hat Security Advisory 2014-0474-01 - Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect.
d012c34ca5796768ff82182aacb36f0a7e897e45e96c86d8e528eb920b2fd870Ubuntu Security Notice 2208-2 - USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides the corresponding updates for OpenStack Quantum. JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default. Various other issues were also addressed.
d0d5156d5df85a3712f3a696f3471fd131bc63c5a190a82aa2f593f624ebb58dUbuntu Security Notice 2208-1 - JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce SSL connections when Nova was configured to use QPid and qpid_protocol is set to 'ssl'. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Ubuntu does not use QPid with Nova by default.
53acf4004418f2da4a2339679b5b8960dea74b9702a0c8eb99b88eef60eba10eTilt, aka Terminal ip lookup tool, is an easy and simple open source tool implemented in Python for ip/host passive reconnaissance. It is very handy for first reconnaissance approach and for host data retrieval.
e6aa0d6a3853455672f7b9eac9259f2ab799338ce64330ca99b428a3c6335aadWordPress Photo-Gallery plugin suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.
c782dc85e948b6e33fa0638384eb3d60963677fc0c110663b3ea8899d7e182d7Sites by Global Domains International, Inc suffer from cross site scripting and directory traversal vulnerabilities. Note that this finding houses site-specific data.
0f6600539c8143a8fa9d056116a8e385d2f7f10edcf47301dbf33bf88f5ab309InvisionPower CMS Links to Titles utility version 3.0 suffers from a persistent cross site scripting vulnerability.
d003bac19ce9abb550ac27edf8a886c7e70a1c1cf25d4cb98871573a9b3f7aca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed