Ubuntu Security Notice 1617-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
9535b72b28c87a09126bf9f6a5e5371f2b85f0c2a84f7ff222d496b9694461e5Bitweaver version 2.8.1 suffers from local file inclusion and multiple cross site scripting vulnerabilities.
47ea855b5b88d6c3266a6179cebd05aafa03ffcf5121153a984f4e7fad08a2bcOATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
d267055979a3d41e36fb36f193aa9e43832d64e1555b4d2efc6d28083ac40988Drupal MailChimp third party module version 7.x suffers from a cross site scripting vulnerability.
f3f278c3015df5f15e0cb152e82650a5ee9497958bd4a900e7edc2e66be4dfdaWordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.
8eac246e079c2e20610ea5b3fb4b19023d217d4774055a243a7bbe5f34191b0cWAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.
122813253c79cd040ff61afd735813c66e290c911fabf78025fc7d9446b1ab7dThe VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
66dc6819b2fe3e487c6074ac50782425eb1e8e4d69820a4cb144ef9adcd00ea1HP Security Bulletin HPSBUX02824 SSRT100970 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 1 of this advisory.
78f272422d048e4e353a3f120e9e9677eea2dbf0861182ca760963e7f7893d0eThe Wysiwyg Imagelibrary add-on suffers from a directory traversal vulnerability in select_image.php.
f95d8cfa9bbf990cef1d2f8027dcd10b67902dbbb539bb26ac86b28d980af3a3Drupal Time Spent third party module versions 6.x and 7.x suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
2df973f2a15a6e618c72e67e0bd048acde9269ee5bdef3678b3179a29ed6aeb6The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
d9af8230d41a685d5e7bb40755a541e997054f9dc783a564ea76685d82b0f2cdInout Article Base Ultimate versions prior to 2 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.
831d1c4d5bb5f52d532ddd88097b54985d05095d7c28b49e19626e680e99fa2aClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.
50280bcb8c3b2e6ce87a096338f3c12375645758f8f387468802187432e5f378Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
1931d6208c03b7c6be3e7c9a1e3f736d6f4ffc3c455852a5625822b4d83fefbeSecunia Security Advisory - Multiple vulnerabilities have discovered in the Poll plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
455fccc89e3040b1c235441dbde5aa98a6de2b96e00f7a2a02d6f90e8a35a4f2Secunia Security Advisory - Janek Vind has discovered multiple vulnerabilities in phpMyBitTorrent, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting and SQL injection attacks.
53fa64da5dd0648e308ea955ab652574925e5f3e36273aaf934d88bd94d27f9fSecunia Security Advisory - A vulnerability has been discovered in ManageEngine SupportCenter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a3b28993512806dc4f54fb2381ba2b7940312a3421e945e36442567a24e7a75Secunia Security Advisory - Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.
cb57afab30e60d42d505ad49991abdd79dd346a49e0ab029f4c557f07d141ae3Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to bypass certain security restrictions.
2e22d562ee582ca39eed1bfd2791c7ab77388599ea15ccd64e29cdc14f131cf2Secunia Security Advisory - Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
377fcec8ccb5d3afaa3b2a0c5da9fff73b7a783db9ac69d7f3074cd1a64e4adcSecunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
159b13700d34bdb42ac319914b7e934f3c797e944822925df7e008353bd35ca8Secunia Security Advisory - A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device.
f103fc42db133ea79bf8f583dc73e7319850dc5b14089aff2f8bbfa9a6349c4dSecunia Security Advisory - IBM has acknowledged a vulnerability in BIND included in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
e739c6087ff7bd355356f7ecb8ff5482ff666da21bb9d06e620395b43f01a92dSecunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
3a2ce50669fae76c79e644591426a5eea70a31fd36df3f92e57905356c364a48Secunia Security Advisory - Debian has issued an update for viewvc. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.
55d25a13383746e17fe304c76788e4ce5685a2fdbdaaa92a82b23baa35b8d04f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed