Red Hat Security Advisory 2013-1156-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon will be restarted automatically.
c17175cfabd50dd9b555b366ee3d4d54b0838e4eda7127362bf401fe4f1ac034Mandriva Linux Security Advisory 2013-213 - A security vulnerability has been found in version 4.x of the Xymon Systems and Network Monitor tool. The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon xymond_rrd. File deletion is done with the privileges of the user that Xymon is running with, so it is limited to files available to the userid running the Xymon service. This includes all historical data stored by the Xymon monitoring system.
2d6575b2d17685e51b1feb90665a241df32c9b4eb72d5465d1f0f735b4a1d6c8Red Hat Security Advisory 2013-1155-01 - VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux hosts. It was found that the fix for CVE-2013-0167 released via RHSA-2013:0886 was incomplete. A privileged guest user could potentially use this flaw to make the host the guest is running on unavailable to the management server. This issue was found by David Gibson of Red Hat.
a311e8b49848718d0993bccd584c293b9d923bb4c8a03ba60c49ff49d46f5b42Mandriva Linux Security Advisory 2013-212 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.
5ecc1971b7c3965a30dc10ac0ddd13fa0f59ca6dda6e9dce200dc16ec8e33b23This bulletin summary lists 8 released Microsoft security bulletins for August, 2013.
675a988404633a70907f884dd623b6aa2fb4cd12759adb87a44adeaf8176488eStruts2 suffers from an OGNL injection vulnerability that allows for redirection. Versions 2.0.0 through 2.3.15 are affected.
8dd8aee0be9f1818cac60e7eaadec5a677b61944590e6c481865994fb69abbf0CakePHP versions 2.3.7 and 2.2.8 suffer from a local file inclusion vulnerability.
92c71209b2cf74bbca5dffab287435b8882d6cd95365ae3008c5330a8b79f357MinaliC Webserver version 2.0.0 buffer overflow exploit with egg-hunting shellcode.
0e6dd9ada1044d6bc5665d1aeacad35857c407d2de169610d6fdce8cfe13e5adDotNetNuke (DNN) versions prior to 7.1.0 and 6.2.8 suffer from a cross site scripting vulnerability.
d5fce71c870f5c7156d287f5104511526b84a26432231c7c2bdefd7c00f5a00eThis bulletin summary lists three re-released Microsoft security bulletins for August, 2013.
d923728f628cf440baaee3dd5356e47974e02e9e298e70645af9e96fafb88897ZeroShell version 2.0RC2 suffers from remote command execution and file disclosure vulnerabilities.
a3301b1b1b854ed7a03d68ac3c2b4962977e82f6b314949e717334f8076016a4I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
7b73bdb23c53798054741cbaa4e7d8cce832ee566fbb17df0c803d0c22d099e1Struts2 suffers from an open redirection vulnerability. Versions 2.0.0 through 2.3.15 are affected.
8e587d23a0336a32690f4388769b814ac267b69bb258b88ffb28d65bb7e874dcMac's CMS version 1.1.4 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.
55860ccb862ac3230ea90978d0c9a0651d8fbde8b1659a56b2b92a96e6e5b1f5onehttpd version 0.7 suffers from a denial of service vulnerability.
343b4e9dc058a440e6e7540a36fe630a737e8fac45a599427e1c9b761ff57062
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed