Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
ef72f8cf95e036c9e25ca2cbbb15eb95e3313d299510f0c4a7e30bb25127fdc8The Private Tunnel application suffers from an unquoted search path issue impacting the Core Service 'ptservice' service for Windows deployed as part of PrivateTunnel bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application. OpenVPN version 2.1.28.0 (PrivateTunnel 2.3.8) is affected.
1982811cca8c4967ad80bdbb680ede09b9ad33b3645539f9d125c817aa9bbe3aWAGO-I/O-SYSTEM with CODESYS version 2.3 WebVisu suffers from a password extraction vulnerability that allows for privilege escalation.
b4b37b094d65be35ac36e1dcb871c431cca2cb435ddcdc239b6d051e7de27c35Schrack MICROCONTROL versions prior to 1.7.0 (937) suffer from cross site scripting, weak default password, and data disclosure vulnerabilities.
ac3daaa3ec1fea3bd206d4c88bfd45b9b0def76b61c4b06bde03b01f98f45c67Shopizer version 1.1.5 suffers from authentication and authorization bypass vulnerabilities and also has a hardcoded default encryption key.
3151b133fe3a990ab5b4430efd7f97f3a1ea24619f03afeb2acc81fee40ad78cShopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.
e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8dThis Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is an stack based buffer overflow in the my_cgi.cgi component, when handling specially crafted POST HTTP requests addresses to the /common/info.cgi handler. This Metasploit module has been successfully tested on D-Link DSP-W215 in an emulated environment.
43736a283718e26edea62c6eac8d7fee90f2153854e5ba828b05e5d93aada113This Metasploit module exploits an anonymous remote code execution vulnerability on different D-Link devices. The vulnerability is due to an stack based buffer overflow while handling malicious HTTP POST requests addressed to the HNAP handler. This Metasploit module has been successfully tested on D-Link DIR-505 in an emulated environment.
d5c1234114f0d3f1eea91c96527721cb48a9b2b6cddece427779fb9fdccd3e20Different D-Link Routers are vulnerable to OS command injection via UPnP Multicast requests. This Metasploit module has been tested on DIR-300 and DIR-645 devices. Zacharia Cutlip has initially reported the DIR-815 vulnerable. Probably there are other devices also affected.
fa69b72b39331733dc17d58a1b790184d23e6c23fa2a9e676f656d47d0fcd96fHP Security Bulletin HPSBMU03070 - A potential security vulnerability has been identified with HP Cloud Service Automation. The vulnerability could be exploited to allow unauthorized access and disclosure of information This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerability. Revision 1 of this advisory.
1fafbd8fecbed0cec79bbf1a7c32ac6975fed0069dc7592805beeacca7c6f792HP Security Bulletin HPSBMU03069 - Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. This OpenSSL vulnerabilities were detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Revision 1 of this advisory.
ef1f29ac5ba91c5848105e696dc6e7c2126999c14cf33cd9e5983d066a8dbd98Debian Linux Security Advisory 2975-1 - Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
bfc5fc0210e27cc84c88de3c05372ca86215bab01f9987d8de50ef36e62142e9Debian Linux Security Advisory 2976-1 - Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.
94c9d56b614e336f0300c3fd5f848715f37c4785060190c3964e8ca986c48b52Mandriva Linux Security Advisory 2014-135 - Updated python and python-simplejson packages fix security vulnerability. Python is susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. This issue also affected the python-simplejson package, which has been patched to fix the bug.
2e1ca44b3c7d0495fc892ad6c604a6c8751d93020484cf8a66712eb8e88b1b55Mandriva Linux Security Advisory 2014-134 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.
09f3697bd7c1262d63ac7bceb9874b1046533a6d16eef40e1a9088a4a91adca4Mandriva Linux Security Advisory 2014-133 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
d460aaf876807f15872b4b5bf6c5498b0747b4ec864db29789daf7a30e6ee5f0FoeCMS version 1.6.6 suffers from a remote SQL injection vulnerability.
7ee629cd6d58c6489b5b1ddf00e563510af28766ba079ea1ab9001ca41154f64Yahoo! Mail suffered from a cross site scripting vulnerability via the file attachment upload functionality.
8945f1f89b8ce25eda6550fcc02dc3e0f251dd0d613214792dc3867ab3a2b462Yahoo! Messenger version 11.5.0.228 suffered from a cross site scripting vulnerability.
7e8e628207f2117ebd6547af3d631e69042df4f345a5051befbc9558c8f5786dWordPress Download Manager plugin version 2.6.8 suffers from a remote shell upload vulnerability.
9a523713be98ae6895b4babac67e3d128a5811593a45e46b4784da404b6813a7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed