OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the tools_command.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username.
a3a633df95163ac8abfd1b19d769fa3b73f2a1713b3feb2b4d0ff3be073861e7EventSentry version 3.1.0 suffers from a cross site scripting vulnerability.
da0f4374ef92f5ee3eea2636f7aa15246d345cf90fa0777320bc476ba11a4c44Mango Automation SCADA/HMI version 2.4.0 suffers from a cross site scripting vulnerability.
704e29f5301856f265965bf91b0847bbf30b4043a406207865521cb452b58b6dX-CART e-Commerce version 5.1.8 suffers from a cross site scripting vulnerability.
555b632a4f5d3cfbee4028e75235fa7360c2220cfa003692dc1d0d40899feee8Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.
c2294e75032fb839b9cb87eecedc88efda3874129c4fc1fbc3e1c516eb643ca7The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. Versions 1.900.1 and below are affected.
3c1005efe0f84a5d1c16b4cda12795276863a2d60100bb8a67371fa3e2b20f21Exponent CMS version 2.3.2 suffers from a cross site scripting vulnerability.
48c6e80dad6478f82d642f57814f2a221955d4230c4eeb2b6b29cf0bd4259847osTicket version 1.9.4 suffers from a cross site scripting vulnerability.
8003e3196ed9e2fd6b263aace480f15a18ea6434721e52f87dd4a81d355e4753Slackware Security Advisory - New samba packages are available for Slackware 14.1 and -current to fix a security issue.
d460223d2ac3abb4361c3dadd8f8874b93c80a63a253ec7b5b6916c7c34bd4e6Ubuntu Security Notice 2481-1 - Andrew Bartlett discovered that Samba incorrectly handled delegation of authority when being used as an Active Directory Domain Controller. An attacker given delegation privileges could use this issue to escalate their privileges further.
026bae5f16a8316f55f7d8076927a930f035e43ceda09a24057037a4b553ae5cUbuntu Security Notice 2480-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
2d7b66cb2f0d53c0fed43dde1bc3c860050458dc5d305831c9dd351478ee8614Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
69950b9dcb1a630982b5f680554d73d27ee0dc856fc6aeef88c8d04eb5ac33eaCAS Server version 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.
acdd49563e5c313169658b0544468eb337857711cbf273a6c35da6f861cdb17cRed Hat Security Advisory 2015-0067-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
9bed3faf7e1e42e67e8121e6d47f976e763603a39292c4940797b9d5e8a48fc2Red Hat Security Advisory 2015-0066-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server.
77c9363f84cc9036c23105167adcebb2c9a5907fce6ae9726544fa0f09b031e8Red Hat Security Advisory 2015-0069-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
5ff8d2615b49aa68191f67efff8d0b990e75eb442be30e9d8571a4531c27797eGoogle Drive suffers from a full name disclosure information leak vulnerability.
1796e327e19e3a16fd8c5e4b451692d2b08ffefa625873becebca0eec57951a8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed