Red Hat Security Advisory 2015-0035-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. This issue was discovered by Florian Weimer of Red Hat Product Security.
3c1f125f97bc88b4deed7f3ff819084519c1bfeee969557e24c33dd6ea243241Red Hat Security Advisory 2015-0036-01 - HTCondor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user. This issue was discovered by Florian Weimer of Red Hat Product Security.
f40e14038cebb1e9e5adddbc4aaf0976e70afd1097711d9a9f5a1ddf3e8e9d38Debian Linux Security Advisory 3126-1 - It was discovered that libmagic as used by PHP, would trigger an out of bounds memory access when trying to identify a crafted file.
332588a9bfee14ff81a558411e41a3e853aee8ae73cf738d3aff8db20486318dUbuntu Security Notice 2459-1 - Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain handshakes. A remote attacker could possibly use this issue to downgrade to ECDH, removing forward secrecy from the ciphersuite. Various other issues were also addressed.
6f00b72626b6f68f0c06341bf3ac10a1e5f66a900767d453b7c8cff5bbe8ebf0Red Hat Security Advisory 2015-0033-01 - Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or other client systems. This update introduces Red Hat Satellite 5.7.0.
d528679ee7a0b10f41c97597e1bb4c7921846eaf0208cdc258816d9a0a2eaf9bRed Hat Security Advisory 2015-0034-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems such as multiple databases, XML files, and even Hadoop systems appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
1e007824be21106fc9af7fd5ea1906181d5d2596e02ecaa7ab88f6e0c2a9bddeWordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
0d05523785cc3c3d6afe4c0cd58b19ca76dd69c34245e15bfa829cfa9677b80dThis Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
1983d15e14382b842439b7a8129d4ce859b00fbd289876ecee0e865564af878cThis Metasploit module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This Metasploit module abuses the FILE privilege to write a payload to Microsoft's All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.
4f82b9e9bf5035178dee3ab985bc03afde702dd4e7ca3f166360be5aa2dd3474WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
42ecbf4669c89af75d07968bac4f2e5509c6bb5b265890feae2edd0dd0629e00Mandriva Linux Security Advisory 2015-022 - Updated wireshark packages fix security vulnerabilities. The DEC DNA Routing Protocol dissector could crash. The SMTP dissector could crash. Wireshark could crash while decrypting TLS/SSL sessions.
589db02383c5c6ddf52afd78d380fd591cb3edd780d9de5b17bbaf8f9ccb57f3Mandriva Linux Security Advisory 2015-021 - When libcurl sends a request to a server via a HTTP proxy, it copies the entire URL into the request and sends if off. If the given URL contains line feeds and carriage returns those will be sent along to the proxy too, which allows the program to for example send a separate HTTP request injected embedded in the URL.
4b472d23ffe86225843d6b67f6add7d503f380ffb5318312c90de3a21fb359ddMandriva Linux Security Advisory 2015-020 - Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
fd1ce300a03a1ae7c8aa5b610766951094c2ada644a79a3933187761ebedfe3fDebian Linux Security Advisory 3125-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.
6915b9bc098527210f3f8ac74779674ad2abd9a6f7a5d955ce9f880e9dc19e35Debian Linux Security Advisory 3124-1 - Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
7bbeb782b4332cf7eba5793171a4bba0a05ee1778c7d6bff699dabf4b2b6ecbfHP Security Bulletin HPSBOV03227 - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. These vulnerabilities could be remotely exploited to create a remote disclosure of information, Denial of Service, and other vulnerabilities. Revision 1 of this advisory.
388383b2c3d37ee3b91f78f91d186afc077b8a7f693178ebf43e1ddcc4d0db88Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
43f36f577dec1520eff727da3da49af10f27705a92d3ecf435b6d6c1ff4a669aZTE Datacard MF180 suffers from privilege escalation and DLL hijacking vulnerabilities.
61549ca54b62be8573a682ec61570172bcfc6079ecb46713ff0cf356b3781bbc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed