EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.
5c724dc11b55e6135597280fe27cc4c8461fd6d24bff85235297e73f979e85f7
Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user. Versions 1.2.0 to 1.2.19, 2.0.0 to 2.0.13, and 2.1.0 to 2.1.3 are affected.
d79a592a24e0f1d275de2bef522ee3e10d9c60eb83bb3d79b0647c9167894d02
WordPress VideoWhisper Video Presentation plugin version 3.31.17 suffers from a remote shell upload vulnerability.
0cdf8fc7a9feac538d33e69e93b9182196c71f2c1f39612f108f6f9080c9a631
WordPress VideoWhisper Video Conference Integration plugin version 4.91.8 suffers from a remote shell upload vulnerability.
e278241b1e17374bd7cd8ca7f287302c9cf41039908640797121a0fcd68e6669
Ubuntu Security Notice 2555-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
792642a0875ba38ffc370521446151efc3f78fb089ed47720138b797c6d3ce23
Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
acd1c36d18e0b5be95a85b1785f915c0f1383d9bbab5c56b752b2a664eb94d1f
Red Hat Security Advisory 2015-0766-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox.
f5a17a96e41d985f75d84a54fae9943e91331791c98f7bb1aa35dbda72003f2c
Red Hat Security Advisory 2015-0768-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 was retired on March 31, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
648825d8dc73c56e29a90b36d4f1d1953511dfc6988e0af5f1758d63f50007de
Red Hat Security Advisory 2015-0767-01 - The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read.
2f7e195b6925583791596a7cda6298ad5a59aee71434723dad31751db6670d60
Red Hat Security Advisory 2015-0771-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird.
e3b030f24b184337237186d9ff8dfcababe9115af76fa2f8eafacd5b5c61dddb
Red Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.
7d553cdde3aceb92018ddd32ec0b04e6ea93bb9c088302da1d9beeb4a352330c
Ubuntu Security Notice 2550-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. Various other issues were also addressed.
7a4778580cea3216629da61c7d110c82995a0a2ca6fbe876e5ada7c5c46b1841
WordPress Revolution Slider suffers from an arbitrary file upload vulnerability.
e6c7e3bc6c252d322d8087bddd624d4a930d413f4c71837c4cbae469de19d55f
Joomla Simple Photo Gallery component version 1 suffers from a remote shell upload vulnerability.
471485860c354827e6f307364df426dfbf967d23cb77e28a8e4d4842c366166b
WordPress DesignFolio+ theme suffers from an arbitrary file upload vulnerability.
3156a36497d0f89281ca8225242aef3c4d8fc0c7745cd563f57c0c9350fab3b6
This archive contains 224 exploits that were added to Packet Storm in March, 2015.
ff2d4f6a5e0d36e7a400694be6896782332b861bb542ff96067e295fc65f2246
Ericsson Drutt MSDP (Instance Monitor) versions 4, 5, and 6 suffer from directory traversal and arbitrary file access vulnerabilities.
3ec5e7a19dfceaf768e251ecd59f9b06525b94e6e5eccd3b5be1827420e0eddf
Ericsson Drutt MSDP (Report Viewer) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.
31a4fbe0a1790e6d28216e8f94c7d86df336cb8dbee11a1a3d92ccaf7c4d4b73
Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.
b05a379a1807b632293eac0635614e6ba5b5255b1873a01e50d276e44403ffea
Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from an open redirection vulnerability.
5b999daeb1e47c076dbbe2187b47b03c9bcc12a23b726838e165175a8b0e7669
Red Hat Security Advisory 2015-0765-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
812ceadc9b7405e1b74c028dd9bff48d69f0ce6f109bef7f38161627f77360fb
Ubuntu Security Notice 2553-1 - William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. Various other issues were also addressed.
02484c8fab51c184eb9e062e9c7ebe77fa923942a687e9282cf73f482e900084
Debian Linux Security Advisory 3210-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.
5a63ffb777ca827abef85c19da85b24d437657643fd675276c9250772710f24d
Mandriva Linux Security Advisory 2015-186 - libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally, the phpseclib package has been upgraded to the 0.3.10 version.
cb476e4dc5b3151a3746cb21a1fb8feb234d1026555f5fc162763d2baa1a81e9
Java.com suffered from multiple cross site scripting vulnerabilities.
f43f2c501c3edc319bb1b75fa7176fd0ea09edceb2d1d23e7062ae9c772ff818