A series of vulnerabilities have been discovered in Firefox for Android that allows a malicious application to successfully derandomize the Firefox profile directory name in a practical amount of time and then leak sensitive data (such as cookies and cached information) which reside in that directory, breaking Android's sandbox.
688b048fb5365a45f0a237ef602cef2bde7a27679794b9c23fb305a9ed177a61Beheer Systeem :: Inloggen version 6.1 suffers from a remote command injection vulnerability.
71ed88b33d6cfd66642d0a7f54632ba605ef5c360563a06883fe978f05d0ce06DotItYourself version 6.11.060830 suffers from a remote command injection vulnerability.
4253076bdabe92fa1b44b078b7bea0b2a8c511f30f794954f338db88674e1a85Debian Linux Security Advisory 2886-1 - Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution.
365cf71f1731754a036810b5e0e18bedeb52a4ab1cdcd9b2eebfdb05dca50e84Debian Linux Security Advisory 2885-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b4999786c09114961fe601a3d66c8dd907ab9b138e0d262a4b06dbdd2543a516Debian Linux Security Advisory 2884-1 - Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
d2d7928d1100550c07f523aba820802edcc4d3fc9f39e2823644e4c86301dc95Cisco Security Advisory - A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
b099cd45ced8201a847dacf48fc924497fe7165c4d908be59deb34c1e012a531RSA AM version 7.1 SP4 P32 contains a fix for a cross frame scripting vulnerability on the Self-Service Console. This vulnerability may allow an unauthenticated malicious user potentially to misuse frames and steal sensitive information from legitimate users of the application.
0df87dd0239f954de0f33c622a957f03cff3e625d25c2efe137b1b777b10aa6fVUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the JS engine when processing "BumpChunk" objects while the browser is under a memory pressure, which could be exploited to leak arbitrary memory and/or achieve code execution via a malicious web page. Affected include Mozilla Firefox versions prior to 28, Mozilla Firefox ESR versions prior to 24.4, Mozilla Thunderbird versions prior to 24.4, and Mozilla Seamonkey versions prior to 2.25.
8ec37d142ffe45019d55b44766e907b9f25a969d41aa3e74ea5c6edf7eb66567Cisco Security Advisory - A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
02cb8b78d8d7e0d3900c22ebce4004b2b99138cae3c3a2a1796be9277d535a9dVUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by an input validation error within the "Clipboard::WriteData()" function that does not restrict the value of the "format" parameter, which could be exploited to escape Chrome's sandbox and achieve code execution with Medium integrity level. Google Chrome versions prior to 33.0.1750.154 are affected.
1e839c35cc0103dc89491b813b56882dd52230a8917c7b3e18e00a97251c90ddVUPEN Vulnerability Research Team discovered a critical vulnerability in Google Chrome. The vulnerability is caused by a use-after-free error within the "DocumentV8Internal::locationAttributeSetter()" function when processing "document.location" objects under certain conditions, which could be exploited to leak arbitrary memory and/or achieve code execution via a specially crafted web page. Google Chrome versions prior to 33.0.1750.154 are affected.
64ac9a25643ea00fce3210d758ef5db14c5aa566c56da27b8f97f1377430a60fCisco Security Advisory - The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service condition. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.
0d4a383712ff0282199a25bb4210625c70f16c2c87c4f53b3319173aabba2fbeCisco Security Advisory - A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition. Although IKEv2 is automatically enabled on Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet. Only IKEv2 packets can trigger this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
3ed033886a5bb2ef55bd66f456b12eca7c89d9d2e52708ccd6de0d850451992dAllied Telesis AT-RG634A ADSL broadband router has hidden administrative unauthenticated webshell that allows for command injection.
e3656907ce60bc967c703eead969f7f9b2ab164514e55b51d9246f8a9fad51caVirusChaser version 8.0 stack buffer overflow exploit.
6ecbff68b7197ddb88d7ad80fa57db0def9d0748f4668c04b41b49f4bea3101eHP Security Bulletin HPSBST02968 - A potential security vulnerability has been identified with certain HP StoreOnce appliances. This vulnerability could be exploited to allow remote unauthorized access to the appliance. Revision 1 of this advisory.
f9916c858b8cddf46f16e2652c95490e1dc6a1a18521a597b445d0ba078efa73Cisco Security Advisory - A vulnerability in the Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks models RSP720-3C-10GE and RSP720-3CXL-10GE could allow an unauthenticated, remote attacker to cause the route processor to reboot or stop forwarding traffic. The vulnerability is due to an issue in the Kailash field-programmable gate array (FPGA) versions prior to 2.6. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
3c8d9199071a60dcdd3e347bae1e1bd71ef643ce811a3c7718db399f9ee2c6dbCisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Limited Cisco IOS Software and Cisco IOS XE Software releases are affected. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.
f14a7c744e74a61688552f3dca910fa334cbaabb61d41749c186baaed9f98772Gentoo Linux Security Advisory 201403-6 - Multiple buffer overflow flaws in libupnp may allow execution of arbitrary code. Versions less than 1.6.18 are affected.
e03eb83d2a7aa7021aa08869a4d96954a3dadcdfda9b744e73250ff73718e8e7Ubuntu Security Notice 2156-1 - Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. A remote attacker could use this issue to possibly attempt to brute force user passwords.
5348fba08a330686b2e7b10f988a125fa442b46076c0d25fd74aabe5866964eeRed Hat Security Advisory 2014-0335-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.4.0, and includes bug fixes and enhancements.
6693be76567f1848f315232357e5b073ef0eae20d36558a65313d90bd2e521dfGentoo Linux Security Advisory 201403-7 - A vulnerability in grep could result in execution of arbitrary code or Denial of Service. Versions less than 2.12 are affected.
3300c2cdba3b6b189e247ca96f92523bfd66af9037dc016c6445c91e715d47bdCouchDB versions up to 1.5.0 suffer from a denial of service vulnerability.
c6a608654fa5592ef05092fa31b0f667e9d283fcfdd700bc26d2fcc069fe40e6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed