Drupal Spaces third party module version 6.x suffers from an access bypass vulnerability.
df3e0fcffa7289c1f26334f4231e81a29adcea09a16966d616fdf1a5fdcb3a0fCisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling fragmented packets that may result in a denial of service condition of the Cisco CRS Route Processor cards listed under "Affected Products". The vulnerability affects IOS XR Software versions 3.3.0 to 4.2.0. The vulnerability is a result of improper handing of fragmented packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the SMU for CSCtz62593 are not affected by this vulnerability. Cisco has released free software updates that address these vulnerabilities.
ed63f824d536f6bf27a168cf61ea113a3a4f38fecf82bf83014bc5a3d93e2f0dGuppY version 4.6.26 suffers from a cross site scripting vulnerability.
8b7dc8f59410bf9a18129eab1a1488495b75587d4c45e6e7a60c33368e3de149Cisco Security Advisory - Cisco Identity Services Engine (ISE) contains the arbitrary command execution and authentication bypass vulnerabilities. Successful exploitation of Cisco ISE Authenticated arbitrary command execution vulnerability may allow an authenticated remote attacker to execute arbitrary code on the underlying operating system. Successful exploitation of Cisco ISE Support Information download authentication bypass vulnerability could allow an attacker to obtain sensitive information including administrative credentials.
f4a9a1b82bf3ddc9ef51a98ce97dca0268226fb4a5465b44488089166821760fCisco Security Advisory - Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 should contact their Cisco representative for available options.
08ccd9dce572e6e9d6b66d224373326a1c84b94213d1a961cba1f28be3e298e4Ubuntu Security Notice 2005-1 - Rongze Zhu discovered that the Cinder LVM driver did not zero out data when deleting snapshots. This could expose sensitive information to authenticated users when subsequent servers use the volume. Grant Murphy discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion. Various other issues were also addressed.
c777310c03c01583333fab2c17424fcb89ab74aada494927544c9f3dc1f62ca7Ubuntu Security Notice 2004-1 - Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack.
49833e618822d71e2bcc8b846d23ba92227a7be26865b3323fd15cf894feac55Ubuntu Security Notice 2002-1 - Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated attacker could exploit this to bypass intended access restrictions. Various other issues were also addressed.
f6c7d78a98e19bff9d96af24e8f2c061c076b9f02b37bf3bb46129464f18077fUbuntu Security Notice 2003-1 - Stuart McLaren discovered that Glance did not properly enforce the 'download_image' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting.
5bcbdd5172766f1b92e4ef0b761c84adf1aef699272f16fcfbd37fb1410bdc54Ubuntu Security Notice 2001-1 - Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption.
73226047ae2dbc4a6888652a822a499a41ebc82357f5abd22238f6d268c6e4d1Ubuntu Security Notice 2000-1 - It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. Grant Murphy discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. This issue only affected Ubuntu 13.10. Various other issues were also addressed.
eb4e594341e0a8e657da13d029ba42e404cf5d54c108b6fc6051975c9ea0508fRed Hat Security Advisory 2013-1456-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
5f2a4d8e195f018a24a54b255421a802c2fe7798ae208c88ddb47eb51cc14a7cRed Hat Security Advisory 2013-1455-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
2a16ca4e3556d5578b8bb8f42cdd84dd4a88fcdcdffc9e83948a5f1f3e4d7b65Mandriva Linux Security Advisory 2013-257 - Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. The updated mozilla NSS and NSPR packages have been upgraded to the latest versions where the flaw has been fixed in NSS. The rootcerts packages have been upgraded providing the latest root CA certs from mozilla as of 2013/04/11. The sqlite3 packages for mes5 have been upgraded to the 3.7.17 version to satisfy the requirements for a future upcoming Firefox 24 ESR advisory.
f1386d2817faab7a95e01d2ce8eef7faadad17f6df2003fbcbe1f9bbbd73a913The PHPCMS Guestbook module from phpcms.cn suffers from a stored cross site scripting vulnerability.
d8b958adc08aeb8a08fa43ea42d741c7372da3163a7d5e5db9b776653e6de0feLiveCart version 1.4 suffers from a remote PHP shell upload vulnerability.
e2a41ce6de3c4aa60db5b72a6cd923cfb719186f387af0bad1c8e9c450c3fe2cThe WordPress DailyDeal theme suffers from a remote shell upload vulnerability.
25e1be2c8c9b97be0f84118170063bb8eed0a22e212c8a9be4176e00df086f59WordPress e-Commerce Payment Gateways Caller plugin versions prior to 0.1.1 suffer from a local file inclusion vulnerability.
4b7cc666e0544bf1b99dc9b0b53a2d7281d3b66937b17f7d862c053ee55c7440This article discusses audit DSOs and how to write one.
c98b346c8f00afa069e1fa4f8056ab5dfc66f7f95ef9a5321bb113a18e4e8d8aMicrosoft Silverlight 5 suffers from invalid typecast and memory disclosure vulnerabilities that, when leveraged together, allow for arbitrary code execution. A memory disclosure vulnerability exists in the public WriteableBitmap class from System.Windows.dll. This class allows reading of image pixels from the user-defined data stream via the public SetSource() method. BitmapSource.ReadStream() allocates and returns byte array and a count of array items as out parameters. These returned values are taken from the input stream and they can be fully controlled by the untrusted code. When returned "count" is greater than "array.Length", then data outside the "array" are used as input stream data by the native BitmapSource_SetSource() from agcore.dll. Later all data can be viewed via the public WriteableBitmap.Pixels[] property. Exploitation details related to these findings were purchased through the Packet Storm Bug Bounty program.
3bb4d92511f689e34dee499a420b6463240d5b229dbaa5033abb953fb0ba3421This exploit leverages both invalid typecast and memory disclosure vulnerabilities in Microsoft Silverlight 5 in order to achieve code execution. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program. Google flags this as malware so only use this if you know what you are doing. The password to unarchive this zip is the word "infected".
52cb4ddd1cdf46517f03dc3f821a50041e929ed003d1d7575ad883ef43571280This Metasploit module exploits a remote command-injection vulnerability in EMC Replication Manager client (irccd.exe). By sending a specially crafted message invoking RunProgram function an attacker may be able to execute arbitrary code commands with SYSTEM privileges. Affected products are EMC Replication Manager < 5.3. This Metasploit module has been successfully tested against EMC Replication Manager 5.2.1 on XP/W2003. EMC Networker Module for Microsoft Applications 2.1 and 2.2 may be vulnerable too although this module have not been tested against these products.
4b4123ce75297cbbade2648fde1e40f016471bf55fff0881e46f5d19e8df6632This Metasploit module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListenerComm to tunnel traffic through that session. The result is similar to psexec but with the added benefit of using the session's current authentication token instead of having to know a password or hash. We do not get feedback from the WMIC command so there are no indicators of success or failure. The remote host must be configured to allow remote Windows Management Instrumentation.
62ddec099dce84f039f9c1e73d6d0a966bff9197effb670f8a09f3099afdb20ascanlogd is a system daemon which attempts to log all portscans of a host to the syslog, in a secure fashion.
556a1c82b3561ea796d2ce8dfd20f578717903fd2c6557ebe27775d8ef8771daMODx version 2.2.10 suffers from multiple reflective cross site scripting vulnerabilities.
7c57fe4cd97450b18471d0a901f38ba5ae88a8ad2b1ace28ba3b004660316352
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed