Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities.
e6d22d7021bfb287cc6ae6f292362183cb62e754091ade52c2acd1b0086f7d72This bulletin summary lists 7 released Microsoft security bulletins for July, 2013.
180019270f7e502d4291099c0b53cd007c7aa0e3cd85bffc2410d975895a3acdWhitepaper called the Poor Man's Security Lab. It provides walk throughs for setting up various virtualized hosts.
a46c8da5a0bbcc6e045f7533314b35492b482573a49ea4b0bc0f4954b92642f1Linux kernel versions up to 3.10 suffer from a libceph null pointer dereference vulnerability.
97fc632dd5328279c3f77035f5bedff6103ed9285f01dcac6d213e5c55b9bd44Ubuntu Security Notice 1902-1 - William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
17b6e172f6f500eb09224783bba48cd4ec53f79cee3f1b516d382ce45ce0368cIOActive Security Advisory - DASDEC-I and DASDEC-II from Digital Alert Systems (DAS), which are used in the Emergency Alert System, have an embedded root ssh key that enables an attacker to transmit false emergency information over a large geographic area.
b32108bd2c0d9441bb1f18cfa9a0bc8a321063c45c679b287a55fffbc1d67034Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability.
bd800eccaafd0f41d9a2aa6be1e7ad144231f64eaa6af3b4f06fce8a84901843Technical Cyber Security Alert 2013-190A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
597aa48cf8f13d8e76203ceb06c30e1a55cac7e00bffd1c1461cda21c9c6e258Red Hat Security Advisory 2013-1028-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 roll up patch 1 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.
dbfdd55df544378dcc45bbf34e83daecacebea4051e3922e1233975573bd1954Digital Whisper Electronic Magazine issue 43. Written in Hebrew.
92c4e2b59d270500c8f8a66357e2d864f89bc5ed73512733e091f655fc582cb1Red Hat Security Advisory 2013-1026-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.
b2762b397b08d9221223dfd977b06176c19c33b3c398947bbd9f500e79632400Joomla Attachments component suffers from a remote shell upload vulnerability.
1118e6723abe23812d4c09d598a6d831cec1b36454e39e2b9c1ca53527c34578This Metasploit module exploits a buffer overflow vulnerability found in ERS Viewer 2013. The vulnerability exists in the module ermapper_u.dll, where the function rf_report_error handles user provided data in a insecure way. It results in arbitrary code execution under the context of the user viewing a specially crafted .ers file. This Metasploit module has been tested successfully with ERS Viewer 2013 (versions 13.0.0.1151) on Windows XP SP3 and Windows 7 SP1.
34af08f8dddf30575d54f3ae715a7d1578f9f140985dc2fe0ec36bc406b9b344OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
aac15aaf0d03d26bf50d2e8bdac74ca9d7211dd4cf20047e529390d3ebdd7df1Ubuntu Security Notice 1901-1 - Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program.
129bfa80ff19162520bf13eed9fe89bfddd3574089068101f024e5bd08c06df6Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.
1d43aaccbe3da7de634097317cf9714ebe9b35ed10bc08f213f6214f84e9bdeb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed