A security vulnerability has been identified in BMC Server Automation (BSA) RSCD Agent on the Linux/Unix platforms. The vulnerability allows unauthorized remote password resets on a target server by using the Remote Procedure Call (RPC) API of the RSCD Agent. Windows agents are not affected. The flaw has been confirmed to exist in the following versions of BSA on Unix and Linux platforms: 8.2.x, 8.3.x, 8.5.x, 8.6.x and 8.7.x.
42a2cfa91a915ec32a779d0c3890bb6f351677f99bf1f8a691f39f542b36877bA security vulnerability has been identified in BMC Server Automation (BSA) RSCD Agent on the Linux/Unix platforms. The vulnerability allows unauthorized remote user enumeration on a target server by using the Remote Procedure Call (RPC) API of the RSCD Agent. Windows agents are not affected. The flaw has been confirmed to exist in the following versions of BSA on Unix and Linux platforms: 8.2.x, 8.3.x, 8.5.x, 8.6.x and 8.7.x.
a506801b86750add5af2274f8925103e410c0309f514ee92ee12876afa8dc6feCogent Datahub versions 7.3.9 and below suffer from a gamma script elevation of privilege vulnerability.
2ae65153dc3e6b35a12d5c12ec5b362b36f6d464768f9bdd2c17bc2d18c1e488TallSoft SNMP TFTP server version 1.0.0 suffers from a denial of service vulnerability.
f8935126d59fd833b21b23b2631bd40d708bec744aa6ed525ed4cb088eb59e3aSSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
3eb13c1d0164bf04e7602d9fc45ef7460444b953efaee3ee7d52c357adb3a89aDebian Linux Security Advisory 3532-1 - Kostya Kortchinsky discovered a stack-based buffer overflow vulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP routing daemon. A remote attacker can exploit this flaw to cause a denial of service (daemon crash), or potentially, execution of arbitrary code, if bgpd is configured with BGP peers enabled for VPNv4.
cef9d895c39bbbb7661a16e382b449ce003efe7088ec7a48f82bdd410511a3acTrend Micro Deep Discovery versions 3.7 and 3.8 suffer from multiple cross site request forgery vectors. If an authenticated user visits a malicious webpage attackers will have ability to modify many settings of the Deep Discovery application to that of the attackers choosing.
4fcbc0ecd161f07f84b6f494716b66c2911b8b6d48a5b8ad3ba321fb4be6f363A Linux IPv4 firewall and traffic shaper for single hosts to small and mid-sized networks. It allows flexible rule creation, while also shipping with presets for common needs. Rules are written in simple XML, allowing various ways to group and nest the iptables arguments. An interactive mode is available in order to build configuration files in a wizard based manner. Extensive documentation is also included.
4c747ff421514b04d85a245812dc63289687125e8c22e296fad9d732501c0200ipset_list is a wrapper script written in bash for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. The output can optionally be colorized. An interactive mode allows to select the query options in a wizard based manner.
a91e75b6cb8cb107cb890a35522795d33084b9d4aeb07cc15981c44268ec81efWordPress Photocart Link plugin version 1.6 suffers from a local file inclusion vulnerability.
937709f095f23ded1eeaf31ad1fcacb2a5ca7bf97b91f27583ad59fa470cbd8fWordPress IMDb Profile Widget plugin version 1.0.8 suffers from a local file inclusion vulnerability.
835851d014df83981e56e6c795a9db667207a83a17e80527deb4d2c78d0726b7WordPress Visual Form Builder plugin version 2.8.6 suffers from a cross site scripting vulnerability.
d59e3708a15b9db6b5b606ae383991ce223d12827956904e28faeeec5f087565WordPress Music Store plugin version 1.0.41 suffers from a cross site scripting vulnerability.
988d284d6c1d709b5bfdd283880cfa6381231da2fee67fe96e8305120928fdf6WordPress CloudFlare plugin version 1.3.20 suffers from a cross site scripting vulnerability.
391af5fb920c77241b88831fa068d1fc2401dad6b87cddb277f854c56fc39923WordPress Claptastic Clap! Button plugin version 1.3 suffers from a cross site scripting vulnerability.
ce6b8f7bed87ddff3fd682d9b53ada66633787541bcc3983e301782d06ce59c9There's a logic error in the PCRE engine version used in Adobe Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.
7634c378b901e854196bb2c6638f9cdaaeebb56a0a8e8bedc196af24d7ed49f8C2Box versions 4.0.0(r19171) and below suffer from a validation bypass vulnerability.
bc375d41b3055dd7d57b4dcb888c8376a80e14b7eb5b23111b255db7bf853cad33 bytes small Linux x86 / x64 execve(/bin/bash) shellcode.
aee8c9a799a98ddea14c91ece59e18500b71170c825b60cb95d6220e8f654553D-Link DVG-5402SP with firmware RU_1.01 suffers from brute force and cross site request forgery vulnerabilities.
c8410e7fa996a726bd780808ee545d5c8187522011902a3d7b92ba00281dcef9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed