IBM AIX versions 6.1 and 7.1 local root privilege escalation exploit.
2044d2c0c7004c32aa43899957870c25f1b7d0b6493c5f27d7f0d26e92f87580Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.
ba730e1d9e5dba89adb7eb72d4c901489959c46cdbb4688cc1c4ada164dbfbf6Gentoo Linux Security Advisory 201309-16 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 29.0.1457.57 are affected.
293018f8600eb4af907da24f3a7de835c23ff421a14f1d5725376bc9025713ceRed Hat Security Advisory 2013-1284-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.
4bb7805d5def15a8dc28ddfaae2ef552d6d9441335f4d97325b7f1fdf1f7cc80Gentoo Linux Security Advisory 201309-15 - Multiple vulnerabilities have been found in ProFTPD, the worst of which leading to remote execution of arbitrary code. Versions less than 1.3.4d are affected.
791bb06b4102a706095adc46d590ae0b5ea0a225e56966180f59fa840c1de6d2Ubuntu Security Notice 1967-1 - It was discovered that Django incorrectly handled large passwords. A remote attacker could use this issue to consume resources, resulting in a denial of service. It was discovered that Django incorrectly handled ssi templates. An attacker could use this issue to read arbitrary files. It was discovered that the Django is_safe_url utility function did not restrict redirects to certain schemes. An attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.
b392b918c4a2132a058b80068ecb5d6b09912f2551f9368b0623a0e6b05f9241Ubuntu Security Notice 1966-1 - Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.
ac2fb018077ff85b5f0ba303e50222cfa407826452614624bdce0b05b6b38069Red Hat Security Advisory 2013-1283-01 - Puppet allows provisioning, patching, and configuration of clients to be managed and automated. A flaw was found in the way Puppet handled YAML content during Representational State Transfer API calls. An attacker could construct a request containing a crafted YAML payload that would cause the Puppet master to execute arbitrary code. It was found that resource_type requests could be used to cause the Puppet master to load and run Ruby files from anywhere on the file system. In non-default configurations, a local user on the Puppet master server could use this flaw to have arbitrary Ruby code executed with the privileges of the Puppet master.
63ebc0aa0fac12c356a13589f9eb998f453cf710856dedc04932ebb1d46ecd16Red Hat Security Advisory 2013-1282-01 - RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition.
0c4ac21cdde7e806c617a55e30cacf46e89b8ea87b28d067577c29d5569e2e19Gentoo Linux Security Advisory 201309-14 - Multiple vulnerabilities have been reported in MoinMoin, the worst of which may allow execution of arbitrary code. Versions less than 1.9.6 are affected.
6a08d9bee44e6479fda1f205ce909241ff0aff3b3633609ae564bc28978818cfGentoo Linux Security Advisory 201309-13 - Multiple vulnerabilities have been found in GNU ZRTP, some of which may allow execution of arbitrary code. Versions less than 2.3.4 are affected.
af3db29ede5b0c9e93ddaaa1bc876bbedc0791bc71711edafa2fe40be107e27cThis is a brief whitepaper tutorial to help facilitate the understanding of C integer boundaries (overflows and underflows).
9017f0c8e3e11504b161f2abf7f058a5d57d87373489674675bfd92f1d5caf25This is a brief whitepaper tutorial discussing return-to-libc exploitation.
f1935f980e5eab5d3c4772be6b97efb487d82c08b13fc527519a912c04c08094WordPress Miniaudioplayer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
dd8134a154849569a93f038bae0d108d64c84c09b21dab4477b068a0348be4f1Debian Linux Security Advisory 2763-1 - It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL library, does not properly handle certificates with NULL characters in the Subject Alternative Name field.
49f7af93886cb2e4925c18af4a4080e0c1640e728c84299dcb893d6514dbfc87WordPress LBG Zoominoutslider plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
44134a7e3bee4ab9d030999ba0179c1860102c9503e9a2eeff937b036916c103Good for Enterprise iOS application versions 2.2.2.1611 and below suffer from a cross site scripting vulnerability.
9824e01c248eb8f060865f76eace7ae4777a6461f7136f0972ad8ea4dc0eb4c3WordPress Sharebar plugin version 1.2.5 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
d28550236ec0587220af38f8654ee2cf9fccb27b1a29c80ead8598c11f6482e4This is a brief whitepaper tutorial that discusses integer overflows and underflows.
9b9f3ebcd70a62a4189cceeaf49edd91a6d027ae60c29bc9f51bfd8eb1a1f3fa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed