Säkerhet

Easy File Sharing Persistent Cross Site Scripting

Packet storm - fre, 2014-07-25 13:11
Easy File Sharing webserver suffers from a persistent cross site scripting vulnerability in the forum messages.
Kategorier: Säkerhet

MQAC.sys Arbitrary Write Privilege Escalation

Packet storm - fre, 2014-07-25 06:52
A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This Metasploit module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process.
Kategorier: Säkerhet

BulletProof FTP Client 2010 Buffer Overflow

Packet storm - fre, 2014-07-25 06:52
BulletProof FTP Client 2010 suffers from a buffer overflow vulnerability.
Kategorier: Säkerhet

Ubiquiti AirVision Controller 2.1.3 Weak Settings

Packet storm - fre, 2014-07-25 06:50
Ubiquiti AirVision Controller version 2.1.3 suffers from an overly permissive default crossdomain.xml file.
Kategorier: Säkerhet

Ubiquiti UbiFi Controller 2.4.5 Password Hash Disclosure

Packet storm - fre, 2014-07-25 06:47
Ubiquiti UniFi Controller version 2.4.6 discloses the administrative password hash via syslog messages.
Kategorier: Säkerhet

Pligg 2.0.1 SQL Injection / Command Execution

Packet storm - fre, 2014-07-25 06:45
Pligg versions 2.0.1 and below suffer from remote SQL injection, path disclosure, and remote command execution vulnerabilities.
Kategorier: Säkerhet

Plesk Sitebuilder XSS / Bypass / Shell Upload / File Download

Packet storm - fre, 2014-07-25 06:43
Parallels Plesk Panel version 9.5 with Sitebuilder 4.5 suffers from bypass, file download, shell upload, and cross site scripting vulnerabilities.
Kategorier: Säkerhet

Debian: 2985-1: mysql-5.5: Summary

Linux Security - fre, 2014-07-25 05:19
Kategorier: Säkerhet

Make 3.81 Heap Overflow

Packet storm - fre, 2014-07-25 02:00
Make version 3.81 heap overflow proof of concept exploit.
Kategorier: Säkerhet

Lian Li NAS Hardcoded Cookie / Bypass / Privilege Escalation

Packet storm - fre, 2014-07-25 01:50
Lian Li NAS suffers from hard-coded cookies, authentication bypass, backdoor accounts, privilege escalation, and various other vulnerabilities.
Kategorier: Säkerhet

Omeka 2.2.1 Remote Code Execution

Packet storm - fre, 2014-07-25 01:48
Omeka suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/items/add' script thru the 'file[0]' POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/files/original' directory after successfully disabling the file validation option (or adding something like 'application/x-php' into the allowed MIME types list) and bypassing the rewrite rule in the '.htaccess' file with '.php5' extension. Versions 2.2.1 and 2.2 are affected.
Kategorier: Säkerhet

UniFi / mFi / AirVision Cross Site Request Forgery

Packet storm - fre, 2014-07-25 01:48
Ubiquiti Networks UniFi Controller version 2.4.6, mFi Controller version 2.0.15, and AirVision Controller version 2.1.3 suffer from a cross site request forgery vulnerability.
Kategorier: Säkerhet

HP Security Bulletin HPSBMU03076

Packet storm - fre, 2014-07-25 01:48
HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.
Kategorier: Säkerhet