Debian Linux Security Advisory 2803-1 - Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP routing daemon.
bb3b05ec11b37b0531a2aca1e1d48ff15bede13374e77f396d94caf2a28756abMandriva Linux Security Advisory 2013-286 - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using JSON.parse. The updated packages have been patched to correct these issues.
cfc0fd3fa54abb9bde25559ea8dbc09a703b2fccbe2ead469de45ba5d983b687Mandriva Linux Security Advisory 2013-285 - Cross-site request forgery vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs via vectors involving a midair-collision token. Cross-site request forgery vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. Multiple cross-site scripting vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the id or sortkey parameter. Multiple cross-site scripting vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. The updated packages have been upgraded to the 4.2.7 version which is not affected by these issues.
218ee3f02337407ea357a0fe94a4fa234c1430469d582fb26b223bd5e81d8b83Open-Xchange frontend6 and backend components suffer from cross site scripting vulnerabilities.
2ba2cbc9a883832dff4e72cc423bdd151e4c15a2909a181acd3f69ebb3b75e51Audacious Player versions 3.4.1 and 3.4.2 denial of service proof of concept crash exploit.
2108629d3923e262d6697e389444978f6e9c5342756dce80acc4e5852cb48f96WordPress Optinfirex third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
406b64a71217b4d7101b4e75837a87536ec5f4df1b52cca998fe666d372c6537WordPress Amerisale-Re third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
dd9af24538474b4be70e9304d308e609bd382701c86aaeaaa6dd00cff815eaddPalo Alto Networks PanOS versions 5.0.l8 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
0128c8519b469367add23f825da0f04e65d811cb5874370e064fdbed3fe6a5fcThis Metasploit module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field, counting the number of elements on the collection. By calling the remove() method on an empty CardSpaceClaimCollection it is possible to underflow the length field, storing a negative integer. Later, a call to the add() method will use the corrupted length field to compute the address where write into the SafeArray data, allowing to corrupt memory with a pointer to controlled contents. This Metasploit module achieves code execution by using VBScript as discovered in the wild on November 2013 to (1) create an array of html OBJECT elements, (2) create holes, (3) create a CardSpaceClaimCollection whose SafeArray data will reuse one of the holes, (4) corrupt one of the legit OBJECT elements with the described integer overflow and (5) achieve code execution by forcing the use of the corrupted OBJECT.
58f2175e1ed88e1751853e1d2aa79f7740fb2c4be64b98ebf51299e06cc219c0This Metasploit module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible to dereference arbitrary memory which easily leverages to arbitrary code execution. In order to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class from System.Windows.dll. This Metasploit module has been tested successfully on IE6 - IE10, Windows XP SP3 / Windows 7 SP1 on both x32 and x64 architectures.
3905f49c6a63195a8b150b72b89466bf89d932607328806dbfade7ebf03e25ceThis Metasploit module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The vulnerability is due to an OGNL injection on the UIAction controller because of an insecure usage of the ActionSupport.getText method. This Metasploit module has been tested successfully on Apache Roller 5.0.1 on Ubuntu 10.04.
f01bd114b927e26a90df13f09d56f596bd7f9e60085c40975d0c9cb27ffe8c08Kernel MSM versions prior to 3.10 suffer from a memory leak in the Genlock driver.
bab34632681acb34290802692cd529eb033d5bfde86c6aaad103565ca18886e2Ubuntu Security Notice 2034-1 - Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.
ef9b36d31a347025ca7888b49d3b6bf656af60651b29c0135174ed51b7115535Debian Linux Security Advisory 2800-1 - Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.
f80c6fc4a8ef5c52c6f5c13383f4c4b79773a88280a6478b8a2c3b12073ca5fcRed Hat Security Advisory 2013-1763-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
94602687dfe230a8f38b662786c823e24d043fb7a357ccc9fb03fb0ae8c5a237Red Hat Security Advisory 2013-1764-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
00d43abf0a3546711d0711a5ec5c75bc3a8f3b962ebe380f5589285b7d3d941dRed Hat Security Advisory 2013-1762-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operation Network configuration files, for both the server and the agent, were world readable by default. A malicious local user could possibly read sensitive information regarding the installation, including various authentication credentials. This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
4181ab416ac2e7466f3f2fc0b2021f0561f5ddec2bb35696ce1375939bb7c123Mandriva Linux Security Advisory 2013-284 - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service via a large value to the aligned_alloc functions. A stack overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to this affects AF_INET6 rather than AF_UNSPEC. The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. The updated packages have been patched to correct these issues.
00fea704bf1f1055d112be7b211b292f2d6fed3a9a06d1f22b451064014e9b25
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed