GeniXCMS version 0.0.3 suffers from multiple remote SQL injection vulnerabilities.
56b42b89c53ae00854dd56e9d88622dc91c0daaec73811639535c290e2c3f090Red Hat Security Advisory 2015-1189-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.
39d964d6cb4b4dda9a64b2021f7fbd2ea4a581275c0694de8d847d2d82bfa972Red Hat Security Advisory 2015-1190-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
614e331de01ad1a7352b1d4be6b38996c86ac2ef7653cb8f9b14bbfe9b0c580bUbuntu Security Notice 2653-1 - It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. Various other issues were also addressed.
c92a23a6c2ffef9c5e260503201c22b883bc893d34393a43e5e16c00a1a6be64Ubuntu Security Notice 2654-1 - It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
a174f8e325d9828914e2df7525e1cae37224c8bc3844309db620b32444e9b830Ubuntu Security Notice 2655-1 - It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat incorrectly handled HTTP responses occurring before the entire request body was finished being read. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. Various other issues were also addressed.
b61abbda1322386d4a63d2565e2c7fe0a6030b7c311aa23adfc1d91d678321b9Red Hat Security Advisory 2015-1187-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
b34c749711ea3b7e7d1f8a9142f1a2421a5974fbdf7e052124d26207fc456487Red Hat Security Advisory 2015-1188-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.130, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
8f05ec4a84f19c3c27147f3c264e74d2c2d5cf43d2f907a1d8b59d6321f7e3b4Red Hat Security Advisory 2015-1186-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.
0b7187415bdc0d78cd103b4bbf0cb103aecd6b3554e4079ac4b6be16514b3447Red Hat Security Advisory 2015-1185-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Note: This update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.
d3b8c8863bc4c06cd8091e672ddb9d95b2f56a995bbc755e9e1dcdbb20c55d3bAESshell is a backconnect shell for Windows and Unix written in python and uses AES in CBC mode in conjunction with HMAC-SHA256 for secure transport. Written in python but also includes a Windows binary.
b8a137308d0d953152da794073389bc6abb15be5bc89f85eb493f1ec3b0b236e28 bytes small Linux/x86 reboot shellcode.
7df146a137978005f952bff928c8f3817468d009d0206d617cd250f9e02afa00Joomla Simple Image Upload component version 1.0 suffers from a remote shell upload vulnerability.
931265d47b183868e79e4e49403102abb2912cafb70d9118ab7b037c561ef649find_dns is a tool that scans networks looking for DNS servers.
4da66d417bfefc4925a3eeb9dd2262ff8c71c6e574b06dbc73d0ff5e977c9405Red Hat Security Advisory 2015-1184-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.468.
a5c0b99a7d8734c41f64ace706e34ed4275968ddfaa24d8c4aae2728ea6e2b8dDebian Linux Security Advisory 3295-1 - Several vulnerabilities (cross-site scripting and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.
d2270ddee10b79388cb859232c9460813be0e3e20d67218545961d4dc00d0b4fDebian Linux Security Advisory 3294-1 - Multiple vulnerabilities were discovered in the dissectors for WCCP and GSM DTAP, which could result in denial of service.
857b5e548eed5c842fd18f766ea7fe50474a166ba44c28ee47bb09e8b7140ce7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed