DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability.
f270585f9a138adfc590970e5d69e843b483a83fdff3980b13aa5bef341cd964Red Hat Security Advisory 2014-1400-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
570a8e88f09f85d5c2b07bc86892ad903781336bb1519b3caaf9089c173e2f25Red Hat Security Advisory 2014-1399-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
434765fe9a38cbaebd2a1c1cf50e79ca9b89f4f1faa7db114c4b1b5ada39d920Red Hat Security Advisory 2014-1398-01 - Apache POI is a library providing Java API for working with OOXML document files. It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity attacks. It was found that Apache POI would expand an unlimited number of entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to trigger a denial of service attack via excessive CPU and memory consumption.
6531d2e141841a7297ff161e499539a53f2e4cf21e81afcf45e8d5b64f4fddabRed Hat Security Advisory 2014-1397-01 - The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.
8da86fa87dcbb8b16d01e0c4641731604315c00090936247194af617d03edc73CMS Subkarma suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
ae3db095d704ae8ab010f72eafd34e3f223689c818c5427ec565a8d5302c4ab9Pagekit version 0.8.7 suffers from cross site scripting and open redirect vulnerabilities.
dea6395b2328656b12031779081d98af29550efdc1e5118e68040c10df43a16eCroogo version 2.0.0 remote arbitrary PHP code execution exploit.
caadc51f5dda3f63ab7b6436607e718c4f12b5901a75b377b8390a3e92ffdfc7Croogo version 2.0.0 suffers from multiple stored cross site scripting vulnerabilities.
bd802f1c205656900ae6e8cdfe107614adc0208ea13d7090ded5686824b01ce5Android browser versions prior to 4.4 suffer from a content security policy bypass vulnerability.
c025012db431aa2729019d62795c5330dddd15111cc6d1adde46fceaaa29c232Gentoo Linux Security Advisory 201410-2 - Multiple vulnerabilities have been found in Perl Locale-Maketext module, allowing remote attackers to inject and execute arbitrary Perl code. Versions prior to 1.230.0 are affected.
32e6d90b5adea67193c65f6bf16d55c5ac579bb688c5b448f47a833c088fc51cHP Security Bulletin HPSBMU02895 SSRT101253 4 - Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code. Revision 4 of this advisory.
3dbff429e4c0e9c5875df024a00907c3f57b6494d3f03ce8ecf817bf597992f4vBulletin version 4.x suffers from a remote SQL injection vulnerability via the xmlrpc API.
4d654cafffbaa0e60198185148d72d94e11af44899ca3540c2c4acf99684e1dcPaypal Community Help Forums suffered from a cross site scripting vulnerability.
af1c1b9e6972b8d9da546eafc219eed5871da067e9c6a671a1b22b93410500feEtiko CMS suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
ae5e97fd5a4460b420bab6c641274ce2d3ecae25d087f90dfdd7de13e73e9528Sites powered by MVO - Maquina Vendas suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
71979d571f47beb8f98d9620e53515ce0d4b5e447b2d5a3c6b95900b734e3bd0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed