HP Security Bulletin HPSBMU03032 - A potential security vulnerability has been identified with HP Virtual Connect Firmware Smart Components installer software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
e99948f3b70fe22a27a0e00380bdf403fc7ecb69e7c0325ef436c36abbeb6e6bGentoo Linux Security Advisory 201405-1 - A stack-based buffer overflow vulnerability has been found in udisks, allowing a local attacker to possibly execute arbitrary code or cause Denial of Service. Versions less than 2.1.3 are affected.
3a95734b4851905fc4f07042772fc641bfdfa404cd9daa72cfb07218bab2350eHP Security Bulletin HPSBMU03033 - A potential security vulnerability has been identified with HP Insight Control software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
b99cb8a5e90a1c278b7db39db76b3920c2da9203f91415d563a376dd351495eeHP Security Bulletin HPSBMU03030 - A potential security vulnerability has been identified with HP Service Pack for ProLiant (SPP) bundled software running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
4f71cbd4f35cf62637cd23d70fa96daf67f3064724e0993c551aef74c578cc46This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting AlienVault OSSIM versions 4.3.1 and lower. The SQL injection issue can be abused in order to retrieve an active admin session ID. If an administrator level user is identified, remote code execution can be gained by creating a high priority policy with an action containing our payload.
b58a85510e5daac3f9d9b649fd1dbf074e6a06ca09a0eb2b485f9cc59e6e2bddThis Metasploit module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.16.2. This issue is caused because the ParametersInterceptor allows access to 'class' parameter which is directly mapped to getClass() method and allows ClassLoader manipulation, which allows remote attackers to execute arbitrary Java code via crafted parameters.
568fa33a2e2d5a30bbf04a28ef0440ffb1ef8efbbd4f569d313ce10a93ef7a01This bulletin summary lists the one released Microsoft security bulletin for May, 2014.
4406c63fd890c25dadc7954cbefe47917a42a07addaff7636e69f5fda6542acfUbuntu Security Notice 2191-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Two vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
e90043dc8ca673f3ff8e90fda4999842778ef0366565563d6a6db37aa0dfa9aeRed Hat Security Advisory 2014-0463-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the one-year life cycle of Production Support for version 3 will end on July 31, 2014. On August 1, 2014, Red Hat Enterprise Linux OpenStack Platform version 3 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date.
550c5f5dc0690b3d279b45c40a8e0315172414b48f877fbf8adbeb9842c6a118Red Hat Security Advisory 2014-0461-01 - The openshift-origin-broker-util package provides utility scripts for the OpenShift Broker service, which manages all user logins, DNS name resolution, application states, and general orchestration of the applications. It was discovered that the mcollective client.cfg configuration file was world-readable by default. A malicious, local user on a host with the OpenShift Broker installed could read sensitive information regarding the mcollective installation, including mcollective authentication credentials. A malicious user able to obtain said credentials would potentially have full control over all OpenShift nodes managed via mcollective.
5934adfbe6e839fffcbdbdc7b5fd2338268e571c3446597d99cb8d5341a0a227Red Hat Security Advisory 2014-0460-01 - The openshift-origin-broker-util package provides utility scripts for the OpenShift Broker service, which manages all user logins, DNS name resolution, application states, and general orchestration of the applications. It was discovered that the mcollective client.cfg configuration file was world-readable by default. A malicious, local user on a host with the OpenShift Broker installed could read sensitive information regarding the mcollective installation, including mcollective authentication credentials. A malicious user able to obtain said credentials would potentially have full control over all OpenShift nodes managed via mcollective.
d85521f8609f52c9f2a4341d5d66ad65c7ef49734c8358162928861a8cd0628eRed Hat Security Advisory 2014-0462-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The JBoss Seam Remoting component provides a convenient method for remotely accessing Seam components from a web page, using AJAX. It was found that JBoss Seam response envelopes included unsanitized parameter and ID names provided in the request. This allowed a request to inject arbitrary XML into the response. A remote attacker could use this flaw to perform reflected cross-site scripting attacks, provided the JBoss Seam remoting application did not use any cross-site request forgery protection.
a7f77a1d6c86ee29db8cf609f6d1db4c8b761f22f85aecd011aa370d3b1dbb3dUbuntu Security Notice 2190-1 - Florian Weimer discovered that JBIG-KIT incorrectly handled certain malformed images. If a user or automated system were tricked into processing a specially crafted image, JBIG-KIT could be made to crash, or possibly execute arbitrary code.
ea57729f0035f416a9187f98546a27dd406beb7cbf1449e2d0ff976d91a3d7b1Ubuntu Security Notice 2183-2 - USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. Various other issues were also addressed.
8637b20954031a4575400b91505f5fb816d51d9fe2097b94cbc136868f15bf68Digital Whisper Electronic Magazine issue 50. Written in Hebrew.
cc7c39cfe0a01b842b135b7fc90237377dbeddfa80631e4e099faaf88ec5fbb1Netgear DGN2200 suffers from a stored cross site scripting vulnerability.
222353a40c7c7515f7b22a5270e65688a7bc1b700e4f72fa8883849562b8f361
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed