Microsoft Dynamics CRM 2013 is susceptible to multiple security vulnerabilities such as cross site request forgery, cross browser, replay, and file upload attacks.
6b2cfd8531debcc4385762b23654dceb2f5f418d1dd4aad882be46f1e63e17e0r2dr2 is a UDP amplification attack tool for committing DRDoS denial of service attacks.
90aad7c803a9edd43b0a8e6475f9e30fc2f194c5f679e6328122032f306cfc15TimThumb version 2.8.13 with WebShot enabled suffers from a remote code execution vulnerability.
6c1a5f9fe02b211531e8610b366ae5ef5647ad9b838030ad32e7a11481a4ccacHP Security Bulletin HPSBHF03052 - Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 1 of this advisory.
b47b3c7f4ac3559bddf86c59b1503433af2a0bfc437cd35375d3a4fc1b150437This Metasploit module exploits an remote buffer overflow vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the authentication.cgi with long password values. The vulnerability can be exploitable without authentication. This Metasploit module has been tested successfully on D-Link firmware DIR645A1_FW103B11. Other firmwares such as the DIR865LA1_FW101b06 and DIR845LA1_FW100b20 are also vulnerable.
450e0c17e9ed8a5889f1222fd8943a072ac89cff24fdb5117836d675f119995dThis Metasploit module exploits an anonymous remote code execution vulnerability on several D-Link routers. The vulnerability exists in the handling of HTTP queries to the hedwig.cgi with long value cookies. This Metasploit module has been tested successfully on D-Link DIR300v2.14, DIR600 and the DIR645A1_FW103B11 firmware.
34fd8be52c6556ed2de772a2ee3aff9ac71be9f460f14eb17c88ae1909383dd4SpamTitan version 6.01 suffer from a reflective cross site scripting vulnerability.
f3ac07a043a85c59a96327ff59d22880505e159ff1b3503616bcd8dbd5fce37cThis script automates scanning for the Supermicro IPMI/BMC cleartext password vulnerability. It can check full subnets or individual hosts and includes an option to scan via proxy and to view vulnerable hosts listed in ShodanHQ.
e368bb65b92ec2b0491d4f9bcbea58351c46f62c857e2b132316a9843b04816dMaligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
25d4bc4e590478b83b26d629bca17049d507bdcc5b7e005af9a4b7b761b33434Gentoo Linux Security Advisory 201406-21 - Multiple vulnerabilities have been discovered in cURL, the worst of which could lead to man-in-the-middle attacks. Versions less than 7.36.0 are affected.
090b15096d43be2a5496a00652c5582533b2fa4c98c5f69f159e282331632787Gentoo Linux Security Advisory 201406-20 - A vulnerability has been found in nginx which may allow execution of arbitrary code. Versions less than 1.4.7 are affected.
3e519a84a2acdaf4c4485c9b31a5fdcefeaa8e4c356e434dd87d582ec8ce444eGentoo Linux Security Advisory 201406-19 - Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. Versions less than 3.15.3 are affected.
74e12d781dc2269c43a0d713ed2d5e4560d44b59280cef7ff26ff92e33913982Red Hat Security Advisory 2014-0784-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
2fe962a0ac26681f3b48cc7f43712a45010ac30946e2d8611c69b22787862bf3Red Hat Security Advisory 2014-0785-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. Seam is an open source development platform for building rich Internet applications in Java. Seam integrates technologies such as Asynchronous JavaScript and XML, JavaServer Faces, Java Persistence API, and Enterprise Java Beans. Seam 2.3 provides support for JSF 2, RichFaces 4, and JPA 2 capabilities, running on top of Red Hat JBoss Enterprise Application Platform 6. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application.
06ffa563b022f7b57fa8a4d45d3f1578fddfa7ff5c60e99cce20af00025ce177Red Hat Security Advisory 2014-0783-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
7970ead449f6465fe4c9d9f66ba3f4bd81ac210eff065518739a14c9b7a31fb3Debian Linux Security Advisory 2966-1 - Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server.
cadbb346ed967f6dc5615cdffc603a76e74ec852b15489b482e1e7fbdcfbf707Debian Linux Security Advisory 2965-1 - Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution.
e90896a3995b973826f47abf3ef4a738f398fc2a44b8103de0909eef969c1a38Debian Linux Security Advisory 2964-1 - Oscar Reparaz discovered an authentication bypass vulnerability in iodine, a tool for tunneling IPv4 data through a DNS server. A remote attacker could provoke a server to accept the rest of the setup or also network traffic by exploiting this flaw.
80209052e28549a23409c2154ad25d6f0050a19726489b2590493d4a26aca86aUbuntu Security Notice 2254-1 - Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. Various other issues were also addressed.
2b8da918b6d2a26bf40ceadde3bfdcca411a3dfed0ac5a2df1c150957c5ab312Ubuntu Security Notice 2232-3 - USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.
cc6733f4fffea0f3b6869064e684111e12bbecad4854424c42c0407cf80705b2Ubuntu Security Notice 2253-1 - It was discovered that LibreOffice unconditionally executed certain VBA macros, contrary to user expectations.
b81ffc82c33e804f6dfee7e601bf1524665c2fbc6e1927ce1e0b5e89796cb3c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed