Debian Linux Security Advisory 2717-1 - Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.
725b2cb7a37e030f1ad6211488f3d9519ceec802f0dec6c149a6cb4feddff9d9Mandriva Linux Security Advisory 2013-186 - Updated puppet packages fix remote code execution vulnerability. When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.
16f6e339b6a971acf0f5568057324baccf34ac55672e355b9b72c2f8fcd7cc2cSlackware Security Advisory - New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4073.
33d0d087342bdf2fa53a28d6a242ae11609f420907abb65ded11817048c7bb01Fortigate Firewall versions prior to 4.3.13 and 5.0.2 suffer from multiple cross site request forgery vulnerabilities.
5e716d94582ec65cc97f47dcfeeb3d561fddabaebd2912e1d7b23f64de396cd8YOPMail suffers from cross site scripting, HTTP response splitting, CRLF injection, and session token handling vulnerabilities.
695a2946cc39df0b7ae62aedfd486a14f8ffc15c2fc2ef1b909e0eeccfa856aeIf you have physical access to a Microsoft Windows 7 SP1 instance, you can leverage the "Launch startup Repair" functionality to gain SYSTEM access.
fac9f4e8231364eeec4b1aecc36f354fe04953186fefb938b3fc672b096c51cbRed Hat Security Advisory 2013-1001-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired on December 31, 2013, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, after December 31, 2013, technical support through Red Hat's Global Support Services will no longer be provided. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.
6651532a366053d7aeef4d6c4d47b1f8d4b2f87de49d4e9f9f09264a620db639Mobile USB Drive HD version 1.2 suffers from a remote shell upload vulnerability.
af5f77c231114e25afd0e7bb7892ab8b042909b94e8970efbfe6ac0a8a8915f3Barracuda CudaTel Communication Server version 2.6.002.040 suffers from multiple script injection vulnerabilities.
40dfe644016b1ad81c1a85043ea8e429a90b78046c7c522200ab93064f1ac717PCMan's FTP Server version 2.0 remote buffer overflow exploit that leverages USER and pops calc.exe.
ebe2ee53f912fbc36e072f14536b5b3d704cb736c0af15df0fafefd130440e39The PayPal Hong Kong marketing site suffers from information disclosure, user enumeration, and bruteforcing vulnerabilities.
9392e6433d56701d485bdda4c180db292d48ca179237ab880ff00fd75ff3f245eFile Wifi Transfer Manager version 1.0 for iOS suffers from local file inclusion and cross site scripting vulnerabilities.
f4659d8f270b07a83389f539606ad8dafb4a5388e016cbf23573ae55c1a4c349A critical password reset (session) vulnerability was detected in the Sony PSN Network web server auth system account application. The vulnerability allows remote attackers without a privileged application account to exchange session values and reset any psn user accounts.
7d2f60f06b1f589958b985c9d294460f3f3b1163bb51e8e1a6e79d4d54e5a3baPCMan's FTP Server version 2.0.7 remote root buffer overflow exploit that leverages the USER command and binds a shell to port 4444.
7f0bb5b4598cb64d889b69fe79face4a1e564281d836fd315c6a126034d7cc32
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed