Red Hat Security Advisory 2013-1024-01 - Updated Messaging component packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.
b27517f1b626a0eda896340f34f49bd12b4b6bbb7834967692784fd3d4d3f17cMandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
222e6a9b6c229fb8760fbf864b56dd9ad305b2f5b2210ae92ec97c2c2809405bMandriva Linux Security Advisory 2013-193 - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. The updated packages have been upgraded to the latest 2.2.25 version which is not vulnerable to this issue.
6bb051f28da0e3ffb1ef6f736e950ea307cd11c8d925486e08bc7aa93ce12511Atlassian Confluence versions 4.3.5 and below suffer from cross site scripting, cross site flashing, and insufficient framing protection vulnerabilities.
04b97b6e60bc74d9d3dc996fcb89ad8016e30f85442144fb45955cd70de7cbb7Multiple cameras suffer from having hardcoded backdoor accounts allowing for authentication bypass and code execution. Included are various 3S Vision, Asante Voyager, and ALinking cameras.
e5d05de9ba28af339c8a8385bfca41fad5e26d35ff3a6001d8630ba5675fcbbbPrestaShop version 1.5.4 suffers from a cross site request forgery vulnerability.
569006bfc5d70826e09cb71f57f8aef0f71ab333fe47164b4cb288a5f9fa457enginx version 1.3.9 and 1.4.0 x86 brute force proof of concept remote exploit that spawns a reverse shell.
c08d90d9385b3dfaf58239db1bfee804fe103d21d4ebed131c2c37bd98971111Drupal TinyBox third party module version 7.x suffers from a cross site scripting vulnerability.
68b8c0eff858ede028a885fc8fd53a4323fee40a21aeb4d6befadd4bf113c3b0Red Hat Security Advisory 2013-1044-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. The RichFaces component is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.
d18a74069a96a4aaa1652df273b226c9ec81f840a9d532e9124b8e2d2d808e2aRed Hat Security Advisory 2013-1045-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
81c3cfee3b426df3d700d82b46210967ca52f443a2ad2a47a35bc2782f988cacRed Hat Security Advisory 2013-1043-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
3f195710e9356b035cbdd3ab0f3ee82522528a883a4fa741abf131813d48cd52Red Hat Security Advisory 2013-1042-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
8d99bfdf74e800ed985ade651322e5980dd02d516df4c0faefe2493afad24b8aDebian Linux Security Advisory 2719-1 - Multiple vulnerabilities were discovered in the poppler PDF rendering library.
fcb50182fa2bad45ade94192c613b84468ab1d62c6da5c762196695a733f5ef6Joomla AICONTACTSAFE version 2.0.19 suffers from a cross site scripting vulnerability.
b4bb8004d0a3151453a8c7faca6416303b9cc9330e840b011b75ec6cee0b4adaAir Drive Plus version 2.4 for iOS suffers from local file inclusion, script inclusion, and remote arbitrary file upload vulnerabilities.
3962cd3187d8ce7cf9f15f89a34bc0f1974a6495c284a9cead16289b31d87156
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed