HP Security Bulletin HPSBMU02931 6 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Revision 6 of this advisory.
f18d8e9a38fbec74751a171a85472953f11d96aeb648f1741583667ee28e7963Skybox versions 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 suffer from an authentication bypass that allows for information disclosure.
b6577ee84b82da6363a70c44b64b784062307075797b6893168d94181b4ef9c0Gentoo Linux Security Advisory 201405-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 6.6_p1-r1 are affected.
fe1b9df26b1a25aa71eeff1f99186e2674ad6030343ed863a7fff0e2837a9529Red Hat Security Advisory 2014-0469-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. A flaw was found in the way Ruby on Rails' actionpack rubygem performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.
9e63df1d66cd85532d1dc64685b0473fdfdedf972277fd9d80044d352af74886Debian Linux Security Advisory 2926-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.
2ff6a9cef6f75173fbb9a851496e91bcebf16f3973bcc56986a4017694bb405fMandriva Linux Security Advisory 2014-086 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.
d404a08a5cc0f16dce907a42080b5f7aa2e914d54fe5089305065117c76c4b23Mandriva Linux Security Advisory 2014-085 - ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable.
1382b581142ae375a156aac473c1a0184a11b3ba3effde06fb79be4a6d4e5528Mandriva Linux Security Advisory 2014-084 - An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application.
a60abe3fca9dbfb31e8be94464a9a310e779cb905f75d8613acc47d39ac65940Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
37c63eaae62a1613f8622c17c0cf5a902f6836c2b90af14b84879e331644f672Netgrafio is a tool aimed at visualizing network data. It provides tool and libraries to visual datasets to more easily represent the information.
d6a789c7e137dddfa08a561ee38f9765ca72a780c3dd31deb4bf4b3a74c191b6Skybox versions 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 suffer from multiple denial of service vulnerabilities.
e7617acc925a011b41ff8e5642ffcef3d4a40718ea3d3fc31a5afac47abaf899AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.
a9975b7a4973487f05e5a7fa0360aa22d01b19f6674d3108fcd210ec0f9bb893Easy Chat Server version 3.1 suffers from a stack buffer overflow vulnerability.
b295bcff7a6f95ee439df3c5e58df65ecf1d07987d149d6d786b72a28f96ea15metafang2 interfaces with a Metasploit RPC instance to generate .NET executables that run x86/x64 shell code in a platform-agnostic way. One binary to rule them all. Also provides an encryption mechanism that will bruteforce the payload's key at run time.
20c10c631c9a70070002d5cea6ff36b38cb38808dc41c913cab9d88308c1ebbbXshop suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
673ba84e47a46842afbfa0818ae8472e35b98d918bf563ed6e2f4602138aaf18WordPress Bonuspressx plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
aec03fc2e227a6dea33b5812588e9d3f7551e471c19b7c4c05936f9911f8ca9e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed