Drupal Slickgrid third party module version 7.x suffers from an access bypass vulnerability.
b82495ac12980498ae19fd2c3fa6a88d0ba085f50649e1069079841e6635be62Drupal Maestro third party module version 7.x suffers from a cross site scripting vulnerability.
2ef084f5b4cc54fe1dc67b659959f605be95c7487e7c178f6f67bf4e8b3e199fLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
77e9015adf20f1a1397e9fa7fc2ac4b73f43c75a47f67bb7b020872373a6ac27VideoCharge Studio version 2.12.3.685 suffers from a stack buffer overflow vulnerability.
73fd64057ffa4960396c8186ba3b099299420ab0955d8d2a7ad8d4308d44e0ebGrrCON is an information security and hacking conference held annually in the Midwest. This conference was put together to provide the information security community with a venue to come together and share ideas, information, solutions, forge relationships, and most importantly engage with like minded people in a fun atmosphere. It will take place October 16th and 17th, 2014 in Grand Rapids, MI, USA.
3b5484ae6a6a13324183db506359575667832d052ccfc9c3d9afe68d0870c75aBarracuda Message Archiver 650 suffers from a cross site scripting vulnerability.
c5e54f9d0079086202b8f53bdb2e3aae88194dc2ae39e9f989565f1b9d4ec9ffD-LINK DIR-615 hardware version E4 with firmware version 5.10 suffers from a cross site request forgery vulnerability.
79c1fce86910caf00ee360dd0bfae7427428d7e44f5672f4781cd8741683517eSolidWorks Workgroup PDM 2014 SP2 Opcode 2001 suffers from a stack buffer overflow vulnerability.
b53b0842f06abd5f681b92c8635f73be4d64f335c2f4519000c78f057c047e85ICEWARP client versions 11.0.0.0 and 10.3.4 suffer from a cross site scripting vulnerability.
2c88f1ef76dc5398e8df3835afc5073a52f444ebc0c66b2712321aa934123890This whitepaper documents how to compromise CA ControlMinder versions 12.5, 12.6, and 12.6 SP1 running JBoss version 4.2.2.GA.
d79c4e8b7e01e49acdda05ad5eceda4f0bf7d0d76f4b960c5d9135475bebc7d6WRT120N version 1.0.0.7 stack overflow exploit which clears the admin password.
e1aa2a251a9986b0b7cc00e00e274da9c8e78a9cfc2a13541756864a4b3830d7Cisco Security Advisory - A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
263d52d0a8e480eea065400653b0fdc7afcef68f1eee6b4bf79831817897f504Cisco Security Advisory - A vulnerability in Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to take complete control of the affected device. The vulnerability is due to a default root user account created during installation. An attacker could exploit this vulnerability by accessing the server command-line interface (CLI) remotely using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which provide full administrative rights to the system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
455d4762adae3d53ac5f9a0be511be629af140dfb873bcfee3b94ecc53315070Grails by Pivotal versions 2.0.0 through 2.3.5 suffer from an information disclosure vulnerability. The Grails resources plug-in, a default dependency of Grails since 2.0.0, does not block access to resources located under /WEB-INF by default. This means that both configuration files and class files are publicly accessible when they should be private.
451b602b09ccce7eff090015aff878aa007f796e3c4b5d2deb17b38dbd1a45a0Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.
64260d9a672fe5d35579393d66ab0047c1d1ed3a7ca49c30bcfd2138e3c204d5Cisco Security Advisory - Cisco Intrusion Prevention System (IPS) Software is affected by multiple denial of service vulnerabilities.
087b1f35eb691046fdadd7e1fc8310b32781c77a9caf1c1cd2a1b0f0b23ac858Cisco Security Advisory - Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to a race condition when releasing the memory allocated by the cut-through proxy function. An attacker could exploit this vulnerability by sending traffic to match the condition that triggers cut-through proxy authentication.
5459e6bb915e633b8b42ae60ecd4bef2461e0ba288585381f58d06ba5e554903Mandriva Linux Security Advisory 2014-042 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. A frame injection in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.
899f987c3224ac9faee7d0f8a77e88d81115d42fecc6807eb47c8c4790da5b05Mandriva Linux Security Advisory 2014-041 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. The updated packages have been patched to correct this issue.
da50f71992b9d1a2c03c6502e8bd1dbe854857f25d456e1a32f4008d58362066Debian Linux Security Advisory 2863-1 - A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter.
0e11e3769923befebdd733c1caad998bee809266d37f48e3bae036e9d3d90faeRed Hat Security Advisory 2014-0189-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. A buffer overflow flaw was found in the way the MariaDB command line client tool processed excessively long version strings. If a user connected to a malicious MariaDB server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client.
9363f0425f3e1aa13fb9ec359268ed701ecf985bc1020734a200c6db13333cfdMandriva Linux Security Advisory 2014-044 - Robert Scheck discovered multiple vulnerabilities in Zarafa that could allow a remote unauthenticated attacker to crash the zarafa-server daemon, preventing access to any other legitimate Zarafa users. The updated packages have been upgraded to the 7.1.8 version which is not vulnerable to these issues. Additionally kyotocabinet 1.2.76 packages is also being provided due to new dependencies.
a53f386b9882d580e087a3e6c1faa105aaaac76b817adb4cc3a4774c7a9bd33fUbuntu Security Notice 2119-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
5d3902230b50cfd2bd1b1b1aa5ebd526fbc1fd4a01b7b4e886ba19146d65c11bUbuntu Security Notice 2102-2 - USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem.
085d3227e717c4fbd89c5b5e3cb5eff85c21ea506f206c55ffa9a456ae32b368Mandriva Linux Security Advisory 2014-043 - Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default .
ccb53c0c3fb168128935e2e504f9dc6c12abe0742874f1a2f750a22fb46a0a0f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed