ProjectDox version 8.1 suffers from cross site scripting, insecure direct object reference, ciphertext reuse, and user enumeration vulnerabilities.
4ade242907fc62a13e4b8aaba0a4f7f7fca6f6b8b57d47b777e66318edf373cbHP Security Bulletin HPSBMU03083 2 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.
ce35fcb9e956bce111332525cf71333def719138641d6da623d6b849c7e7c7b0Gentoo Linux Security Advisory 201409-4 - Multiple vulnerabilities have been found in MySQL, worst of which allows local attackers to escalate their privileges. Versions less than 5.5.39 are affected.
e41d06c2c432439d773fa63fdf7762487fd6cf0cb75e8b0100ef3d33be750cc6Red Hat Security Advisory 2014-1147-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.
250909c1e9c114e640035794e8801256d3ff095d6456107301a6399c233f70ecRed Hat Security Advisory 2014-1145-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
691f7b71079acc6869bdc0eeff14a950e57cbb38968093c3b83afa37188689ecRed Hat Security Advisory 2014-1146-01 - HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
b7867964a0a320426a7d1f8a9bfd3437d615fa6349a8e17e24bda87e263a66f3Red Hat Security Advisory 2014-1148-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.
00566e1dd4883a27e81e93827ef180964178270616fea21292642adcff3f8d59Red Hat Security Advisory 2014-1144-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
8661a22623c489036117bc568cc0fc1778b23ea93a5b6d57d4f51d085d9e72deRed Hat Security Advisory 2014-1149-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.3 release serves as a replacement for JBoss Operations Network 3.2.2, and includes several bug fixes.
24f49bde364d7fdc4054ed807286a1f06856bd84ec4be11874a9ca4a4db78241Red Hat Security Advisory 2014-1163-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
173c01394ad2d26ec93b537c3d1d167a81624a45dd721129f0a9198503bc6a35Ubuntu Security Notice 2340-1 - Tavis Ormandy discovered that the formail tool incorrectly handled certain malformed mail headers. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.
a77f4e132da5132b8d640bf5997b4a27b456ec3ccaec2f5be3655b7df230c941Red Hat Security Advisory 2014-1162-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the fix for CVE-2012-5783 was incomplete: the code added to check that the server host name matches the domain name in a subject's Common Name field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
9e860d7b7fbb3a0daaae325f717bd699f8f9b87320105a7dae1a021e295faa6cMandriva Linux Security Advisory 2014-174 - The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass RequestHeader unset directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states this is not a security issue in httpd as such. The updated packages have been upgraded to the latest 2.2.29 version which is not vulnerable to this issue.
fcee1df5464ebe1c1e6cd586ef4fa054f4e6a4553cd41003cf8e0cff62185e2cRed Hat Security Advisory 2014-1161-01 - Red Hat Enterprise Virtualization Manager is a visual tool for centrally managing collections of virtual servers running Red Hat Enterprise Linux and Microsoft Windows. This package also includes the Red Hat Enterprise Virtualization Manager API, a set of scriptable commands that give administrators the ability to perform queries and operations on Red Hat Enterprise Virtualization Manager.
12da2b1fb272537bd7efd4e4cfc208117e74098ddb780097f6954ec18adffb97Red Hat Security Advisory 2014-1143-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.
6e6a907c5108fb347f64fa02afd63a2328c285c745eaf9682503dbd5a5a30e9dXshopsaz CMS suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
b1d0a631f98a59bef6bb6d6c18d53677c0347b0a1d0b9bf6b712881e6640291fImpress CMS version 1.3.7 suffers from an open redirection vulnerability.
3dad6200960f37651aa5d9d1feb60b462e9e5960d8e2352c110a91a4de811490
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed