fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
4558b06eb91d9a0b43993abfaea01eb2270bb13da50cb6379a6d96e1aeae2b47SkaDate Lite version 2.0 suffers from an authenticated arbitrary PHP code execution vulnerability. This is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file with '.php5' extension (to bypass the '.htaccess' block rule) that will be stored in '/ow_userfiles/plugins/base/avatars/' directory.
2f06fa68d2220b816e7d3b3b873ab1d8786c653f2c88bfd5a622ef6802184c6eSkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.
a342e8bef5f90b7cfd0703664b106bee5879eec947174e7edebd140cfb15231eRemote exploit for Elastic Search version 1.1.1 that attempts to read /etc/hosts and /etc/passwd.
9f77dafb99af40f2c2d5742a9434d5f9d672d2a7b83bbada56a2713e609f8b41HP Security Bulletin HPSBMU03078 - A potential security vulnerability has been identified with HP CloudSystem Foundation and HP CloudSystem Enterprise software running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.
5d6e7f71334eb28a670d0f277f242ae20b0a2096b54f07c19dcf6c90772314f2Both Facebook for Android and Facebook Messenger for Android suffered from issues such as being an open proxy, disclosure of private video content, disclosure of audio recordings in chat messages, and use of various vulnerable packages.
3a82aa89d021954d0b9932d6fe28234686a74433ba2533d02c1595c597cab340D-Link DWR-113 revision Ax suffers from cross site request forgery vulnerability that can cause a denial of service.
5a469f3913e9c7a0597584d253af79e6f10917e7f751ff2af618fbc68ad4b266D-Link AP 3200 fails to authenticate requests to wireless settings, stores credentials in plaintext, and uses a weak cookie value.
1adee944461c867636ad8a7e90a9b0c101706ca73b2f762045ec1d3ca7ba4e09Joomla Kunena Forum extension version 3.0.5 suffers from cross site scripting vulnerabilities.
7ea555b3d3d052fddd2d76f219568124d96dad6756f324d82fa40f59e64f35e2Joomla Kunena Forum extension version 3.0.5 suffers from multiple remote SQL injection vulnerabilities.
ef0bae7bedab0078d46bc0efb4a3b230e6b1baac8e8e4858ac87eecb25224dfeDebian Linux Security Advisory 2992-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
b301d9f7ff1c8b9091708894011578d9ffcace82fa2e17ac8e78f3fb69432557Ubuntu Security Notice 2302-1 - David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly restrict XSLT stylesheets. An attacker could use this issue with a crafted web application to bypass security-manager restrictions and read arbitrary files. Various other issues were also addressed.
189666d0fdd5b8688f20b755f3d2d041a8e8b55574843f3c4d5cef703fe3b976Mandriva Linux Security Advisory 2014-140 - Owncloud versions 5.0.17 and 6.0.4 fix an unspecified security vulnerability, as well as many other bugs.
367ab066b22696b50ca46161ca38e28db8f30f3ee2f7ccdcce8b90c7d3e63a18Mandriva Linux Security Advisory 2014-141 - It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions ,. Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. The Diffie-Hellman key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. This update is based on IcedTea version 2.5.1, which fixes these issues, as well as several others.
410a89a0f8916dd51868002b877ca25334db121005a195e78ff78eaf6e2697fdMandriva Linux Security Advisory 2014-139 - Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. The updated packages have been upgraded to the latest NSS versions which is not vulnerable to this issue.
3d98eba8862e8bda7926d387ee30decd2d5596f62890e780121cd4d4a07565daI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
30bb7bbfd1ff829dab048bbb6264d6cf20b2a01511e7cddd4fc13771feb6a780OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
53f9c454f331822925d76c9d9e5e7cb3fe2dfb03e3c467f67f9412f10d0fd5ec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed