Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.
8cb488d94f0f24c541295b45894955646b915f06b2bd3f2038f2c4e7aac4422fpyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
ed77743c32298b151c881cc52a211e188bd24203ae402f2640def858c6a2bca7Bitdefender GravityZone versions prior to 5.1.11.432 suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities.
af619d5dbc0d5687b495f706bf14196eb93f0a0131142a9608bdc0bdfd57b826VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an input validation error in DirectShow when processing and unserializing "Stretch" objects in memory, which could be exploited to elevate privileges and execute arbitrary code in the context of the logged on user, or e.g. bypass Internet Explorer's Enhanced Protected Mode (EPM) sandbox.
40f607f1e58adf819a7c42c06abb4eb9360e75d0caf490c0619a31a7fb069410e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
56bd876fd3e9e58a94c3248fcca4128f67bd75df9310ba5fdddc5ae0a7a6879cCitrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.
d1476599affa41b884dec786579a526abb8aa5d7a7e7ce2a41d003a8d5c21aa6VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
700a7758a2ea45f7d7adc64c38c0a1f3ef968cb15f258ae383dc779133000acaRemote attackers can execute arbitrary code and execute other attacks on computers with the OpenVPN Access Server "Desktop Client" installed.
3f95a17f5a3e3e08e1e5b964c913a1f26f928b80824fd0094146709d8a80f674VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by an object confusion vulnerability when processing object types within data shared between the broker and sandboxed processes, which could be exploited by a sandboxed process to achieve code execution within the broker context and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.
7b2092a65c7957bd27e081adb9fb8fc46c778ffa0f86266785a00a12ab75e46fVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when manipulating CSS @import statements through "addImport()" or "removeImport()", which could be exploited by attackers to leak arbitrary memory or execute arbitrary code via a malicious web page. Versions 9, 10, and 11 are affected.
cd96a783b0ba06438db8d155e68c36b5c423d9b3a31f74080fdd6447b9005d44Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.
19ce2a94ba7b3ac977579971c45cb86e989ade80fc0002971cfee5378a52f153HP Security Bulletin HPSBMU03072 SSRT101644 - A potential security vulnerability has been identified with HP Data Protector. This vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
b2ab6e14584863667d15fb117618e07354ef9957457802c05b651e4fba71c1feUbuntu Security Notice 2280-1 - It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. A remote attacker could possibly use this issue to cause applications using MiniUPnPc to crash, resulting in a denial of service.
5117542815fcf93452faef16813bce06800a6e938b6b81dd1edc398b7cd296c0Ubuntu Security Notice 2279-1 - Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
102c3b451b291373563c086d75532664f1f5b37b475c6c040d5b1359c0209760Red Hat Security Advisory 2014-0889-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
d955c02b6fb6ac14d03885483e62d7eae4828a382f7ace3097c1309e2b00fc3aRed Hat Security Advisory 2014-0898-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
18741ed083fd88bef12746d5d7cb90c7633e1bbdee424711f7b3da2352532b3cRed Hat Security Advisory 2014-0897-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
80ff770a940677ba6ce6e5fd9f188c8b53262afdde5337e1bd2d8f9c30bc6b65Red Hat Security Advisory 2014-0896-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.5.0, and includes bug fixes and enhancements.
f3cb7fd4bf3ab53aa837fd1043fd374cbb2e9e4e0d0f3b86eac19d2b75a3056cRed Hat Security Advisory 2014-0895-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.0 serves as a replacement for Red Hat JBoss Data Grid 6.2.1. It includes various bug fixes and enhancements which are detailed in the Red Hat JBoss Data Grid 6.3.0 Release Notes.
aeb0b570938a9a6265d4028ddf3b4294b3853a5be7bb3907f9ec1aa0586df308Gentoo Linux Security Advisory 201407-4 - A vulnerability in GnuPG can lead to a Denial of Service condition. Versions less than 2.0.24 are affected.
f7be745ceed87b9b64547f9e9de4ec5241c8f3295bfdc3031551291bb5a16cedRed Hat Security Advisory 2014-0890-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
b3aae823004ba1feeaae51546b3ea5b2573c2738250f2333c1900c5b9508acaeGentoo Linux Security Advisory 201407-3 - Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. Versions less than 4.3.2-r4 are affected.
600ec9e94e030b36e7d0770eb003e8d183518912299983d949f22aba378524acRed Hat Security Advisory 2014-0887-02 - JBoss Remoting is a stand-alone project that provides an API for making remote invocations using pluggable transports and data marshallers. JBoss Application Server 5 and supported Red Hat JBoss 5.x products contain JBoss Remoting, which includes a partial implementation of the JMX remoting specification JSR 160. This implementation is provided in jmx-remoting.sar, which is deployed by default in unsupported community releases of JBoss Application Server 5.x. This implementation does not implement security as defined in JSR 160, and therefore does not apply any authentication or authorization constraints. A remote attacker could use this flaw to potentially execute arbitrary code on a vulnerable server. All of the supported Red Hat JBoss 5.x products are not affected by this issue in their default configuration. These products are only vulnerable if JMX remoting is enabled by manually deploying jmx-remoting.sar from the jboss-as/docs/examples directory. Unsupported community releases of JBoss Application Server 5.x are affected. All users of the standalone JBoss Remoting project are also affected.
135d5c4a321a8fbc578a3508486fc58852de448195dd8f13ec7114baf60130ffPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ba825885413fc4d7679b701155a73856cd1ffdbf16a187bbb079a88d43c69956Joomla Youtube Gallery component version 4.1.7 suffers from a remote SQL injection vulnerability.
8eb97c488001bd59478d014e3535c51b5f47ba324ae8929abe3595af874685f8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed