Debian Linux Security Advisory 2880-1 - Multiple security issues were discovered in Python.
4bbbad989a87630a2521f420870888b954d2c25ff56fe58c1ddac728c24ed5cbMandriva Linux Security Advisory 2014-063 - A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process. A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has also been fixed.
5e7a46c3da2b89998b40b69635b72cb3f81e590d995520288c1ab909242725efMandriva Linux Security Advisory 2014-064 - A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon.
b0b7c0634a5a2ff783abfae0a2fb6403ec56da0680c7b51ed9eb341cd8a07205Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
27b82adda7cb7ed9776d3685dcfbfc3fe196fe892f153a6b846e4276aa1cd841Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
0bb971d1fe276939429c0efeedf4fb567d9869a86ce545903ed51c3087b43ab6Red Hat Security Advisory 2014-0306-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting attack on an application that uses data submitted by a user as parameters to the affected helpers. A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected.
02f09d4cf6f96ffbeda49c48f45c7f2280fc213cb2f9bb62c8f9cae21fd9ca14Red Hat Security Advisory 2014-0304-01 - Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the user running mutt. All mutt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of mutt must be restarted for this update to take effect.
cc3421fd2cf47179a0597aaf0f0d1a110c24a7d362cd7cf0307edae0ddedff12Red Hat Security Advisory 2014-0305-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.
3ec3fc0d3b8fde3a488a8ba2717d80277dafe4a59569f5ce49711decbbb9a754Ubuntu Security Notice 2149-1 - It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files.
543f622bfe3bb7fe528fc224f4699359de9f4893eb9828f3de40efa064f6ece8Ubuntu Security Notice 2148-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
ce272d6112e6a6e0074772ccf2c88f12920d5bc54c5834c8e94218806a3ddccfUbuntu Security Notice 2149-2 - USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files. Various other issues were also addressed.
8cde872057a3b59093e5f6af791629f3c92de754c70fd76ca0e552652468a8e0Quantum DXi V1000 versions 2.2.1 and below come with a static private ssh key for the root account that allows you to ssh in as root to any appliance. They also have a static password set for the root user.
877f1687fa1556a8f78682df032fd2305a2fabba64799e8617ecfc6cb1533e4fSquare version 0.3.1 suffers from a cross site scripting vulnerability.
b644f168b3b52c6ddc1f6420b5e06183a5d0bf11a65cd71bfe307ed24275525fHP-UX rlpdaemon privilege escalation local exploit that appends junk, including localhost +, to .rhosts.
9f28e2f9517fc3a0ffaea11956b8540756cb83e694b513ab706418dc210c0f51osCmax version 2.5.x suffers from a cross site request forgery vulnerability.
5c9c9ee265cfff74fda3e4a7b303328e9c2db77708cf2c56b743ac644b394e1bLoadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.
2f4dfccf5655e5fdfa8f9af30faf107520d3182be78d7c99cf82b293f0d969cd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed