Säkerhet

Debian: 2984-2: acpi-support: Summary

Linux Security - ons, 2014-08-20 10:36
Kategorier: Säkerhet

HybridAuth install.php PHP Code Execution

Packet storm - ons, 2014-08-20 02:00
This Metasploit module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application configuration file rendering the application unusable.
Kategorier: Säkerhet

Apache OFBiz 11.04.04 / 12.04.03 Cross Site Scripting

Packet storm - ons, 2014-08-20 01:57
Apache OFBiz versions 11.04.01 through 11.04.04 and 12.04.01 through 12.04.03 suffer from a cross site scripting vulnerability.
Kategorier: Säkerhet

RSA Archer GRC Platform 5.5 SP1 Privilege Escalation / CSRF / Access Bypass

Packet storm - ons, 2014-08-20 01:55
RSA Archer GRC Platform 5.5 SP1 contains fixes for multiple security vulnerabilities such as privilege escalation, unauthorized access, cross site request forgery, inclusion of functionality, and embedded component issues.
Kategorier: Säkerhet

Maligno 1.2

Packet storm - ons, 2014-08-20 01:54
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
Kategorier: Säkerhet

BlazeDVD Pro 7.0 Buffer Overflow

Packet storm - ons, 2014-08-20 01:51
BlazeDVD Pro version 7.0 SEH buffer overflow exploit written in python.
Kategorier: Säkerhet

Bulletproof FTP Client 2010 Buffer Overflow

Packet storm - ons, 2014-08-20 01:04
Bulletproof FTP Client 2010 SEH buffer overflow exploit written in python.
Kategorier: Säkerhet

EMC Documentum Code Execution / DQL Injection

Packet storm - tis, 2014-08-19 18:52
EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities.
Kategorier: Säkerhet

EMC Documentum D2 Privilege Escalation

Packet storm - tis, 2014-08-19 18:51
EMC Documentum D2 contains a fix for a privilege escalation vulnerability that could be potentially exploited by malicious users to compromise the affected system. D2GetAdminTicketMethod and D2RefreshCacheMethod methods serve a superuser ticket to all requesting parties. A remote authenticated unprivileged user could potentially use these methods to request a superuser ticket and then use that ticket to escalate their privileges.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1076-01

Packet storm - tis, 2014-08-19 18:47
Red Hat Security Advisory 2014-1076-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Kategorier: Säkerhet

Red Hat Security Advisory 2014-1075-01

Packet storm - tis, 2014-08-19 18:47
Red Hat Security Advisory 2014-1075-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
Kategorier: Säkerhet

Melkor ELF Fuzzer 1.0

Packet storm - tis, 2014-08-19 18:04
Melkor is an ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base). Written in C, Melkor is a very intuitive and easy-to-use fuzzer to find functional (and security) bugs in ELF parsers.
Kategorier: Säkerhet

Ubuntu: 2311-1: pyCADF vulnerability

Linux Security - tis, 2014-08-19 14:38
Kategorier: Säkerhet

EMC Documentum Cross Site Scripting

Packet storm - tis, 2014-08-19 01:44
EMC Documentum WebTop based products contain fixes for multiple cross-scripting vulnerabilities that could potentially be exploited by malicious users to inject arbitrary script via some query string parameters. This may lead to execution of malicious html requests or scripts in the context of an authenticated user. These issues are caused due to the vulnerable parameters ?startat? and ?entryId?.
Kategorier: Säkerhet