Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.
Monthly Archives: December 2014
CVE-2014-9193
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.
GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection
GQ File Manager version 0.2.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
Vulnerabilities Identified in Network Time Protocol Daemon
Original release date: December 19, 2014
NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code.
US-CERT encourages users and administrators to review Vulnerability Note VU#852879 and update to NTP 4.2.8 if necessary.
This product is provided subject to this Notification and this Privacy & Use policy.
Ettercap 0.8.0 / 0.8.1 Denial Of Service
Ettercap versions 0.8.0 and 0.8.1 suffers from multiple denial of service vulnerabilities.
DSA-3107 subversion – security update
Evgeny Kotkov discovered a NULL pointer dereference while processing
REPORT requests in mod_dav_svn, the Subversion component which is used
to serve repositories with the Apache web server. A remote attacker
could abuse this vulnerability for a denial of service.
DSA-3108 ntp – security update
Several vulnerabilities were discovered in the ntp package, an
implementation of the Network Time Protocol.
DSA-3106 jasper – security update
Jose Duart of the Google Security Team discovered a double free flaw
(CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138)
in JasPer, a library for manipulating JPEG-2000 files. A specially
crafted file could cause an application using JasPer to crash or,
possibly, execute arbitrary code.
PHP Shell Backdoors
This is a brief write up noting javascript backdoors left in common PHP shells.