pChart version 2.1.3 suffers from cross site scripting and directory traversal vulnerabilities.
b4febd30f5ce93221ca07adaa67509442b41b186e1b14b8debfe2154c84000b8Debian Linux Security Advisory 2826-2 - A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban.
1bbcb2ef9cd6819e795dc162ddb5c7da744ee0f48217762ade9f578929c5dbefMandriva Linux Security Advisory 2014-024 - Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file.and the acceptance of an arbitrarily long digit list by a regular expression matched against user input. A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.
6996dd421efa9117f4b483fc6c479c51d2d2854a243ed739ddb0e740fc9be9d1Mandriva Linux Security Advisory 2014-023 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code.
91e13eb8f7923827c581c119376fd7f9a940365f7e3775d6636dfeb8210cd760Mandriva Linux Security Advisory 2014-022 - Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.
a4e7b7f5fa921c10736f914500d3700c44b196142c7c1c7ad4fde57f33181a71Mandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.
05feabcd42048ef05480549d29b92bb9644404398225353fca335e295da4c1c2JAMon version 2.7 suffers from multiple cross site scripting vulnerabilities.
05d3cecf7d59ce888a09043a4aa1af1988abd9d302ed9dd5da80c76ff2e50e0aUbuntu Security Notice 2089-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
df92bc480d2bbe6892b45b34f1f7ef44d0eca78db48442c04a95810382a58c45Ubuntu Security Notice 2088-1 - Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.
a0185fb2945b52f58676814f7c2d5a0d59a2bdc2468d9bf7fdbf55f2e85626b7Ubuntu Security Notice 2087-1 - It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.
68b326ff5a9d1bc5579dcfa9d4d047a99dd6f38fdc19188032d750ad6a1721deDebian Linux Security Advisory 2848-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
8de1a42f32bbbd17b73175f40ccc257f1623775f9476c9721e9cee2e5ee35c38Gentoo Linux Security Advisory 201401-26 - A vulnerability in Zabbix could allow remote attackers to execute arbitrary shell code. Versions less than 2.2.0-r4 are affected.
e0fb59bd4a266a7be27464719a779471253f871e5060cc531de6395af2005985Adult Webmaster PHP suffers from a remote password disclosure vulnerability.
5d256374da1c00ac65c89f84b2c767a7ce7a1f53d34c06fd56dd71fcdf7c38b1Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.
88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9eXOS Shop version 1.0RC7o suffers from a remote SQL injection vulnerability.
1e0e8100901e6b54d82414baef8ff4d635720aa18959798a0e446a285227c175The Mediatrix web management interface for the 4402 device suffers from a cross site scripting vulnerability.
aaac0f29a73ffafcff8ac5efaa504c13c38f1455a68a5b60eb56d02d7e93dacbJoomla Komento extension version 1.7.2 suffers from a cross site scripting vulnerability.
d21d15fee1f16a152f0150eda5cc06010930d83f7641b7f52398505dbad2e7ebJoomla JV Comment extension version 3.0.2 suffers from a remote SQL injection vulnerability.
62a75319979a2ea2295519f55e7394ac65bbf8129d425fc67c56a24c882e5accCONFidence 2014 Call For Papers - This conference will take place from May 27th through the 28th, 2014 in Krakow, Poland.
71d2bbc2102f585c9c3e61057e8049f83f85db20322c9d23a475d262ad7ace20Simple E-Document version 1.31 suffers from a remote SQL injection vulnerability that allows for login bypass.
9821aaf3544714230413b34fb96644bebcf27f01db5d4f83eb60bbb5a7d45d75Easy POS System suffers from a remote SQL injection vulnerability.
3790b82422dc9be079b7b09b1cad61a4832ad85eb8330671bd09b7127d6cf1b5Pizza Inn Project suffers from a remote SQL injection vulnerability.
f9bde7ca3b2a31bb0f1e5347f84dadaed0b1882477cdee7ba68fbaa7ab6c9b06godontologico version 5 suffers from a remote SQL injection vulnerability.
ed9c67c234ec933a605da421e78f117ffe73066ee2e7ea7e446a1b9a2232e288iTechClassifieds version 3.03.057 suffers from a remote SQL injection vulnerability.
145eea68b8316a6d18fee347c94403bed02835197d1ca4723d6ec9065f02f52cmySeatXT version 0.2134 suffers from a remote SQL injection vulnerability.
213650dc62c97ff056e942a7aa81bc08cd049a7e3804e30209dbd95c162f2006
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed