PhonerLite SIP soft phone version 2.14 is vulnerable to revealing SIP MD5 digest authenticated user credential hash via spoofed SIP INVITE message sent by a malicious 3rd party. After responding back to an authentication challenge to the BYE message, PhonerLite leaks the hashed MD5 digest credentials.
7a34b13b986e3c819eec422d90f73dfa5a7fe4225fdb3fbe73a15891c3c278e5EMC Cloud Tiering appliance version 10.0 suffers from an unauthenticated XXE injection vulnerability. Metasploit module proof of concept is included.
8191ae1d7b8520f1907f9a4102488831c9cce91d284f870d73ce4c7105f6ce7cVanctech File Commander version 1.1 for iOS suffers from local file inclusion and remote file upload vulnerabilities.
4cdbd24ff9f1d7ae738fbdc61b7fbef14fde6a8dd945fdee07e390600c8d5657AlienVault version 4.5.0 suffers from an authenticated remote SQL injection vulnerability. Metasploit module proof of concept is included.
40ee4d126c36742998c3f763beb792fa2eaff2e289df522b3fa9296d803a35a6PhotoWIFI Lite version 1.0 for iOS suffers from command injection, local file inclusion, and remote file upload vulnerabilities.
9359a3d21802973d03730bfc312fb55fed478a1b39122f4166292c87c4f0dd57Debian Linux Security Advisory 2891-1 - Several vulnerabilities were discovered in MediaWiki, a wiki engine.
cd5776f1a1d81c9161dcf857098c8b2d1dd8f0ecc0834c564f76e6445537d711Debian Linux Security Advisory 2890-1 - Two vulnerabilities were discovered in libspring-java, the Debian package for the Java Spring framework.
27f9ee57599c732f28379d5fd74abab6f97c737a3bcf24f10c2f7392d21aa918Red Hat Security Advisory 2014-0344-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
3f3acd558c38d4a1ccfb6f2b8bec52c3ae93d8bb93ba8db626244df22e8c8a38Red Hat Security Advisory 2014-0342-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
fb4636b121cc06c3f8f983ea3435be6d5e3e08969f2723469ce849ffee9c90ceRed Hat Security Advisory 2014-0345-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
d60440c19355c7c09e42866458a7ac9981825da1b0b456b641cb370c61340940Red Hat Security Advisory 2014-0343-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that when JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
2c3501de41dad7648e0b0ec1fc7cf09a1c34b786bb2e3f7402306edcde85d3e2Red Hat Security Advisory 2014-0341-01 - Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.
b531a7447c88b6daa2a1487c069a72622b42551b72216051e073e1ca4e49bc98Red Hat Security Advisory 2014-0340-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering will be retired as of June 30, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 1 after June 30, 2014. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 1 after this date. We encourage customers to plan their migration from Red Hat Enterprise Developer Toolset Version 1 to a more recent release of Red Hat Developer Toolset. As a benefit of the Red Hat subscription model, customers can use their active Red Hat Developer Toolset subscriptions to entitle any system on a currently supported version of this product.
fad6fd6b2752093091cbe4719dd22ca5b0fd8130476fe260d36fe381ec81137dRed Hat Security Advisory 2014-0339-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.
27433747bde26addd9b3464670fd4f3098c0354c6a1ecdaa823c9aff3f2c26eeDebian Linux Security Advisory 2891-2 - In the Mediawiki update issued as DSA 2891-1, a few files were missing from the package. This update corrects that problem.
9f5bf02fc06867cb3e9bab406d4c6f55a8099580c8d026245672cf4672def2a2This is an Immunity template plugin for function hooking while reverse engineering.
4f540c9274c23c9ad1693cb060f324330b4f61ac079c288de7734e407dfd7a77w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
006731b74f58960a1f3580194979bb988fa52df2bc92f6f36b1ce36ffcdd6003Primo CMS version 6.2 suffers from a remote command injection vulnerability.
f990681225f7a22b115820d8c6849ce605618fbcd204bdfafd97a632de467801Apache ModSecurity versions prior to 2.7.6 appears to suffer from a filter evasion vulnerability via chunked requests.
b4577633493ef0b6de597cd73adb4abb6e8f136bc25547ae839a067e7209bd00Horde Webmail version 5.1 suffers from an open redirection vulnerability.
f3bfdd6bd23da3ad823bbc2c0e6dd878f8671a1ae58971fcb65267ec1cb64052This write up is a proof of concept end-to-end correlation for Tor connections using an active timing attack.
9dae24b1d19e1e4a4b9cb0e31a8b16804e47159fc6cf2372976e60fe0026ce9fWordPress Js-Multi-Hotel plugin version 2.2.1 suffers from cross site scripting, abuse of functionality, denial of service, and path disclosure vulnerabilities.
b0710350332e42b116bfa62641fb48da142ad7b2686b5d41ac322c55648e6fbfAudioCoder version 0.8.29 memory corruption to code execution via SEH exploit.
0f1d5e9ac2a09a11a1cf2de974edcdd6ae678079675b1f5f5aca4fa2fa9c1130
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed