Drupal Display Suite third party module version 7.x suffers from a cross site scripting vulnerability.
42d834b1dadb8fc09188220693cf275eaa243fd771053442e5a3a8e62de32f63Dolphin version 7.1.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.
0cf057a272b2c86b15e073f837b8429da87c6ccef86e5c34f36b8068c5b35a0cHP Security Bulletin HPSBMU02884 - Two potential security vulnerabilities have been identified with HP Service Manager and HP ServiceCenter running on AIX, HP-UX, intelLinux, sparcSOL, and Windows Server. The vulnerabilities could be exploited remotely resulting in the disclosure of information or via cross site scripting. Revision 1 of this advisory.
b1134fffaf395d5a36e4c6f30c2aba8571dd89faeaa74ddcc6a853593042c212Ubuntu Security Notice 1873-1 - Maksim Otstavnov discovered that telepathy-gabble incorrectly handled TLS when connecting to legacy jabber servers. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. It was discovered that telepathy-gabble incorrectly handled certain messages. A remote attacker could use this flaw to cause applications using telepathy-gabble to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Various other issues were also addressed.
475c147ea25f27fd09e417df761aac28b56130610bbc492d82ae1d721f2758b0Red Hat Security Advisory 2013-0941-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-16, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.291.
4fc56529520aea78f3ebc49895cc872cea037936e3a6c333145f00847a51b5c5Red Hat Security Advisory 2013-0943-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes. The following security issue is also fixed with this release: XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.
117d2f483b6238f72059bf5a05de7e975a965fd4e78951c51bd936c54048660dRed Hat Security Advisory 2013-0944-01 - Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw in Keystone allowed an attacker with access to the web and network interfaces of services utilizing python-keystoneclient to continue using PKI tokens that had expired. This would allow the attacker to continue using the PKI tokens despite the PKI tokens being expired, giving them continued access to OpenStack services. This issue was discovered by Eoghan Glynn of Red Hat.
6a10372c8aecfb3cc13a430908942c01b308ed0bef169925ff80a306f8a72dbcRed Hat Security Advisory 2013-0942-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU.
324d902438b6d9e19ed4e06eebdbd7e2f42306f58b641d1caa7d9302b9b0633fMandriva Linux Security Advisory 2013-172 - Multiple vulnerabilities have been found and corrected in wireshark.
b09beca8d9f64555bd3598eeb06a46f0112c9470f0565aaa8c8178eaa85876bdSyslog Server version 1.2.3. remote crash proof of concept exploit.
7840be2362d7313da0aed2f95529e0f8f22236a41d838c5556c811de6f255da0230 CMS version 1.1.2012 suffers from a remote PHP code injection vulnerability.
f7997f1b21b5cccdfda0c6e183d786c03dfe34dec04e28c420e044c913f2003aCore Security Technologies Advisory - The Ubiquiti airCam RTSP service 'ubnt-streamer' has a buffer overflow when parsing the URI of a RTSP request message. This bug allows remote attackers to execute arbitrary code via RTSP request message.
3c57ac195ad89b3237ed4bcc728deeb2fada4feba9b26315e05d5e1048e8ba71This bulletin summary lists 5 released Microsoft security bulletins for June, 2013.
bcd2474c5fd958405bda316e229be260bdda335cba1a9038ee71fd2d0d5145eeThe t2'13 Call For Papers has been announced. It will take place October 24th through the 25th, 2013 in Helsinki, Finland.
092d70174c3a2ff1eca2786b4909687622e6f0467c8bc7df487003869d6de34fHP Security Bulletin HPSBHF02885 - A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO). The vulnerability could be remotely exploited resulting in unauthorized access. Revision 1 of this advisory.
89973d7098050d58960fc1694e7e08e01ea4289ddc3d393195224d347bc19aaa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed