Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
53da89d5c48f26c0de9020e49b3846f04e034b5b376537463c65565ab2d9503fGentoo Linux Security Advisory 201512-4 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 7.1_p1-r2 are affected.
38035e26bd7635f4b3c4c04b5e7c5b82008cd054c3eea0114d71032d4c0e665bRed Hat Security Advisory 2015-2673-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
969f35c86c24c7d1b1f9d33a4492eaeb80195425deabb40fc950705f06c4fcc6Red Hat Security Advisory 2015-2650-01 - Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat Enterprise Linux OpenStack Platform. It was discovered that the director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests.
d0f1e8ff661fe339ce803a3398060afcb6a6a1222c80140dd8a377c45b05ea10Red Hat Security Advisory 2015-2685-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console.
451c08033547e5a8e92a85c916b75301b75aa87cda617b5fa03c72470715901fHP Security Bulletin HPSBGN03527 1 - A potential security vulnerability has been identified with HPE Helion Eucalyptus. The vulnerability could be exploited to bypass access permissions by a remote authenticated user. Notes: - In Eucalyptus, following the AWS model, IAM roles are used to temporarily allow users or services to access resources within or across accounts. Access to roles is determined by the role.s trust policy and a set of user permissions. The trust policy is associated with a role and defines which accounts or services are allowed to assume the role. User permissions are defined by the policy associated with the user, and define a set of actions and resources that the user is allowed to access. - An issue has been identified in how Eucalyptus checks user permissions when allowing a user to assume a role. Given that the grant policy allows the user.s account to assume the role, any user in that account would be able to assume the role, even if the user.s policy does not explicitly grant the AssumeRole permission for the role. As a result, in some cases authenticated users could gain privileges by assuming an IAM role that they were not intended to have access to. The impact is mitigated by the fact that the role.s trust policy still has to explicitly authorize the user.s account to access the role. Revision 1 of this advisory.
2503231940024a6e3e8b742a105e37a6cc7ada64c00d60fa8ac15b9667483aebGentoo Linux Security Advisory 201512-5 - Multiple buffer overflow vulnerabilities in gdk-pixbuf may allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.32.1 are affected.
ef788de6dcb6d9c9f6bc6430d2f938d5eb72df557d8948250280d3d8e79d97c3Red Hat Security Advisory 2015-2684-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A vulnerability was discovered in the way OpenStack Compute networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances.
8002f61d7727d8aeef6be6e1d3e25856058a74a5a791db67c197cda7d77cdc38The 10th edition of YSTS (You Shot The Sheriff) has announced its call for papers. It will be held in Sao Paulo, Brazil on June 13th, 2016.
bb0f28de281939b572e00fba1f21cdc33929e5032d05cbe798180a21c84589d6Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
9c451054d240e594fbc81ca20259fac9c5d3c667142311f0e65886c13fd7ccfbHP Security Bulletin HPSBGN03526 1 - A potential security vulnerability has been identified with HPE Helion Eucalyptus. The vulnerability could be exploited to bypass access permissions by a remote authenticated user resulting in unauthorized modification. Revision 1 of this advisory.
1917a28daebe8d4f31abcb5f781ef649cf0478246ad6653b38bf5da3ddf8922aRed Hat Security Advisory 2015-2671-01 - The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization.
255fd5c7c552ccd1e430eb16fa3bd6c12a21497614c3d57bb729f36b13d38515RSA SecurID Web Agent contains a patch that is designed to fix an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the confidentiality and integrity of the affected system. RSA SecurID Web Agent versions prior to 8.0 are affected.
56a2b51dcce86a5954dbd192f931aa6b7d8a29ef61e3366a573f528cecc16a0cPHPDolphin Social Network version 1.2.8 suffers from a cross site scripting vulnerability.
1e2892fa0b2a402d8aeeef166dcf16df948e1ea7c7479481e5b1f18f52fa997ephpMyFAQ version 2.7.9 remote PHP code injection exploit.
28ef4ddf5dbc1a91285aed596e0f9920e5a063689c5832161b764725803d58b4DBKiss version 1.16 suffers from a cross site scripting vulnerability.
3966ce413f16038341c1cc0374d8fa1245e79f98e37adae83588fb0c989551ebESET NOD32 Antivirus suffers from a DLL hijacking vulnerability.
2ab38e92fa5ab7b2c39968a50d43d16d344f909670ba6b199faaa3c955fb61d1Debian Linux Security Advisory 3427-1 - It was discovered that the Mechanism plugin of Blueman, a graphical Bluetooth manager, allows local privilege escalation.
6136f7153e98f9e41be6ab3e4c3cba74952d0d8d154ade9dbf387b86b1dce7b6Music Cloud version 1.3 suffers from a cross site scripting vulnerability.
f4d5532ee87a0f36b3728ba9a0c264e25a8c6dbe84104b562cc385ca7cd58afdWordPress Gallery Master plugin version 1.0.22 suffers from a persistent cross site scripting vulnerability.
125e65f3414e32a56870065345499c7ecdcb1682aa4ebdfd986de2b0949e860fJoomla Jomestate component version 1.0 suffers from a remote SQL injection vulnerability.
93daf644ff1c2f286ca07f9924df33d30564f22fa6fc3fac04db46a1723ad73d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed