Lian Li NAS suffers from hard-coded cookies, authentication bypass, backdoor accounts, privilege escalation, and various other vulnerabilities.
3beb9f254b611e2bd928ddade1f770e4ee79355c995275396c0bd8b3574ada1dOmeka suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/items/add' script thru the 'file[0]' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/files/original' directory after successfully disabling the file validation option (or adding something like 'application/x-php' into the allowed MIME types list) and bypassing the rewrite rule in the '.htaccess' file with '.php5' extension. Versions 2.2.1 and 2.2 are affected.
0a1342ee773203c952cf130020bde67a3a822d5d3ee8eec7f9380b7a27d2f503Ubiquiti Networks UniFi Controller version 2.4.6, mFi Controller version 2.0.15, and AirVision Controller version 2.1.3 suffer from a cross site request forgery vulnerability.
cf5d956415dfe69bd227bf92fe0ee5baa564b421821ec63c1aeec8494b6581f5HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.
9b97ca3342a8fe043d011e3fbc87f0bef6c8bf5869678631e38d1bc64e95c33bHP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.
1a4d710e9dd7291eeed8fb57906255564db16e374b955cf64cee067d9ffb017eUbuntu Security Notice 2300-1 - Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code.
052eb44f42d6cd5dd14d059c17c5bf9a8bc99472168ac85239a8e82354f16e46Ubuntu Security Notice 2301-1 - It was discovered that Jinja2 incorrectly handled temporary cache files and directories. A local attacker could use this issue to possibly gain privileges.
3a91ff5ebd149d7e0aab5ae4a428957385901e2a8fa50facfe13ef486970061aRed Hat Security Advisory 2014-0888-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Linux OpenStack Platform. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
195082a4a46ffe4559088354e4d5d5cc6eb186e63237e778eda10ca9584098abRed Hat Security Advisory 2014-0941-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks if a user were tricked into clicking on a malicious URL.
d30f5bfd8905d8674b1d746649a38df392d90111e0b2c428837a01b20f20c092Red Hat Security Advisory 2014-0940-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that proxy metadata requests via Neutron.
0dea30bc1e9c22fe2fa05d20778c0dea310d9d7295170dd8826f16158c433de1Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.
13312916ca2068b863e545e519d448ced8d30583209b6ecc7061d6772b243f3cSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues.
800b88b6e669b68b95c950719ea21eea841a6a017de7043e0fe01ed0e04856c5Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
5749f434a5e46d39aece443e0baac9e8e1e5bf270e85ab57d73bb8f77029cdd2Slackware Security Advisory - New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
8b2ce2fa4eaa2da3d41503e0ff66afd040e6de3710d8ec4fb82e11f6fde37915Debian Linux Security Advisory 2987-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
faa288d612eeef5bf4c9f58961bc2f8a33f1a0148d0997c3924c7b9e14b513eeDebian Linux Security Advisory 2986-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.
a4eb9120a7e71d7ea237528df4080150da04d22d7c5825f8d7976d867f97602dWordPress Video Gallery plugin version 2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
fa03954d2dcdb36b2c9e8c2703248818216e1246ba65e78aacd009799544085fWindows Mail will execute a rogue program if it is sitting at C:\Program.exe.
f3534d160722b0c8512076ca40f68dc52eb9958ad735b147cbbd847d80bd678a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed