Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.
c57f9ad771a935b26f475d6d4926fe8d395da5205e4f888e8087a2c7dc97b1faSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
c5c3ccebeecbace39df0ff2d50ec4515b541103ffaa5e33cd1dc79d4955c0dfdOnapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.
92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecdOnapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.
525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.
6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121dbOnapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.
b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34eaOnapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.
5119b84d53c0c30a40ccbbf28464d82d82fe294a2f8499c0d10ba47627e64dc2Red Hat Security Advisory 2015-0266-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.
b6086d5a30a8d920f7c48a29debed81f96970f5500250c3604ddf5e177d50cd7Gentoo Linux Security Advisory 201502-14 - A vulnerability in grep could result in Denial of Service. Versions less than 2.21-r1 are affected.
17571fc7011e05dc2a208be4e37864cb8316ec4cfbb4c2172adcc07b37a15a8dSEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.
24bbaf5076666acb1c082a4015e52f5e8aa9a9c44a370c866f118c741c285a66Ubuntu Security Notice 2510-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
004b239ee393759fc7cb311874d2950a7c617c30b47ea5eaf837e1aa8242e9ecRed Hat Security Advisory 2015-0265-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file.
6fb8b5c06984a36c4d611ba9da24a080aee70d51ca3707e453f3588b2581bb25Red Hat Security Advisory 2015-0264-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
fb96a7ad227e19fc4fa2743e05c0242fa499690eb2839e767de61e2ba5dab7c9Red Hat Security Advisory 2015-0263-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. Users of Red Hat Satellite 5.7 are advised to upgrade to these updated packages, which contain the IBM Java SE 6 SR16-FP3 release. For this update to take effect, Red Hat Satellite must be restarted, as well as all running instances of IBM Java.
67e87106d47b830b1bc1b249bc64d5e01b365f1e4e3b35563732d2787a1aea88Various Webgate technology suffers from multiple buffer overflow vulnerabilities.
6d6a87e39a520ec98120ccff8b68f26b54ef6465769b821e910397fd5a27aa7eEVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.
66e5f8134ad653e12601254b070187c2490a4f4b12edc64f2234aa3bbaa5b11eThis is a brief whitepaper that documents how the author analyzed malicious javascript and a host used for slinging fake antivirus software.
e26853153c11af3c368c496b92cb79cc809c59f6efe56f5c321aefba8a22855cI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
6f02f38c933662874c485cb52ca800a9e07c36e74a26fdfeece65e25979beb4bMaligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
546b134942e14428952c2ca513d63be123eda20b6838f21a030ccbaee216ac44Red Hat Security Advisory 2015-0260-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.
792f9e6798b5e25740435a9e04fbf407a18a4febd6f6f49612ad6f8f36b8e4f4Red Hat Security Advisory 2015-0257-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd.
8d76cd4b796bce158991cd0e1051183c70804b81ce9d0272e76292fb6fc1201aUbuntu Security Notice 2508-1 - Richard van Eeden discovered that the Samba smbd file services incorrectly handled memory. A remote attacker could use this issue to possibly execute arbitrary code with root privileges.
8f0eb27d03b4e301f5738acc1808a68c1d0bbee2df8f1929bbc908fecacc20beUbuntu Security Notice 2507-1 - Jose Duart discovered that e2fsprogs incorrectly handled invalid block group descriptor data. A local attacker could use this issue with a crafted filesystem image to possibly execute arbitrary code.
3de6d17500b7985ce0d6caf535a214a5195595178af020699e992b99fc08fd87Ubuntu Security Notice 2509-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 20141019 package.
877b0e4f80b3a39fd254bf9a4d9f4547850d7052585e9cc3fe2f506273ad4a76Debian Linux Security Advisory 3171-1 - Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code execution with root privileges from an unauthenticated connection.
3a3f953fda09a742df9d1191a2a8a008bfb65321af16ac862f950df2fe6b22a1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed