Red Hat Security Advisory 2014-0512-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
fa55406cf632fc5cffe50d9de595748c36a5faeed71c118696960fbef60173deRed Hat Security Advisory 2014-0513-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash.
3d551b6c132f55a4510bfa07d62cbc76c5971974060b32e4b1e88be27977c857Debian Linux Security Advisory 2931-1 - It was discovered that incorrect memory handling in OpenSSL's do_ssl3_write() function could result in denial of service.
3f131205b5bad70a4b0c2968f610fdfe51b874d320d478dd3e6a32fece1b4fcaDebian Linux Security Advisory 2930-1 - Several vulnerabilities have been discovered in the chromium web browser.
6705791b0d2338a1d0d3e61db86868bf7a15dc26285570bd2b3b0f99dd124a53Gentoo Linux Security Advisory 201405-26 - A local privilege escalation vulnerability has been discovered in X2Go Server. Versions greater than or equal to 4.0.1.12 are affected.
96dee0802bacb92e7c729081527ca8041b571a4ba775b09701a9c9183aa1e8c9Debian Linux Security Advisory 2932-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
af995b245f580294572b97f383cf24b6f963fccf80a5d40dc7189c0e88bd2c6dSeo Panel version 3.4.0 suffers from a cross site scripting vulnerability.
a478c32cb9af5fb501f74cbb29a394595bb4f20a6926285d8f761e38231064c9CA Technologies is investigating an OpenSSL vulnerability, referred to as the "Heartbleed bug" that was publicly disclosed on April 7, 2014. CA Technologies has confirmed that the majority of their product portfolio is unaffected. There are, however, several products that used vulnerable versions of OpenSSL 1.0.1 and consequently may be affected.
cd70166d5a87d345097aa5d535e0e71a59c770f9dfeb06ac3274b16b979bdcfdThe ARRIS / Motorola SURFboard SBG6580 series wi-fi cable modem gateway disclosure username and password information for the user interface as well as wireless network keys via SNMP.
68baa90946e554834f316f5ad452d3b5148fcd52b9dc9efc01e2fec10f34f92eThis Metasploit module takes advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This Metasploit module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.
32678ccb2a4454a4f3176a572bfd08436712de26dce1cdfb8b2986d281d3c14eXOOPS module Glossaire version 1.0 suffers from a remote SQL injection vulnerability.
a4470aa99ea11a5f9c282b6f993f8063c3a3288f96bffe613ee69ced409f8c79Wiser version 2.10 suffers from a backup disclosure vulnerability.
c26e09ae50d4b608b25cd47bc4c0eb2709de37db147ba812378aa9348bd8f835SMART iPBX suffers from multiple remote SQL injection vulnerabilities.
0e228b7ec6d89267b0aca22b0aae4fd724817db1d8173289e79cab2dafe203a9SIP Server by Kerne.org suffers from remote SQL injection and backup disclosure vulnerabilities.
fe39892f12c45c5cbcc5327efd59baceaf7617936f8dda149687a54792646c31PHP-Nuke Web Links suffers from a remote SQL injection vulnerability.
7d294df4f893166c5d430655e923ffacdae294f6c98718bca8371ebefc94493aCRMAPP suffers from a time-based remote blind SQL injection vulnerability.
7a1d6906587fbf34c99caa70266be93714a76f56d009b6016009ad37a07574e3Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
205775a4ff0cdf3dffe257228bdcbdc5752b7e5fed122f67d2330fb12a901957codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
a320f519e0ebd25390f45bda5d94e3f2fe48019e037411b2c99d807795f9188bMandriva Linux Security Advisory 2014-098 - Due to flaws in the embedded copy of dcraw in rawtherapee, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference.
07ff6eb1ad4336835cecc21a788c476ced6573f11a2ba4662dd3e4a789815a1bMandriva Linux Security Advisory 2014-095 - It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions.
bdda9e490d58910aa0c5c618c3765ea30a160f6fb71b2be4423f4076d612bfb3Mandriva Linux Security Advisory 2014-092 - lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving.cups/client.conf. Cross-site scripting vulnerability in scheduler/client.c in Common Unix Printing System before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function. The updated packages have been patched to correct these issues.
42c1c60c5b38f63153e3d145588b75d3bd5cddd4e0f739227eba41ec8a6c26e7Gentoo Linux Security Advisory 201405-25 - A vulnerability in Symfony may allow remote attackers to read arbitrary files. Versions less than 1.4.20 are affected.
feb36ab99419e287a5143c2b3e211068bbac6fc1a57c4548f5fa6a3feb279a1eGentoo Linux Security Advisory 201405-24 - Memory consumption errors in Apache Portable Runtime and APR Utility Library could result in Denial of Service. Versions less than 1.4.8-r1 are affected.
d9222b06fe4084a9196c4106e29e02ec8051b6ed75b924156e34d9b342dbb8a5Gentoo Linux Security Advisory 201405-23 - A vulnerability in lib3ds might allow a remote attacker to execute arbitrary code. Versions less than 2.0.0_rc1 are affected.
a625ca18ebf43ec3b64c1856da0bf137bfbeab77530e25c6d4982e5b23354d6cGentoo Linux Security Advisory 201405-22 - Multiple vulnerabilities in Pidgin may allow execution of arbitrary code. Versions less than 2.10.9 are affected.
d6ade25d1829f578c0c4b87491c29680a25c44d0e8a781b9891d64b725a269ed
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed