WordPress Ajax Store Locator versions 1.2 and below suffer from a remote SQL injection vulnerability.
fd61a90ff71456bbb57803a78ab4b9979a249f8fe9d9954c7d0fb7e5c79ff6deThis Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04b04, D-Link DIR-636L (Rev A) v1.04, D-Link DIR-808L (Rev A) v1.03b05, D-Link DIR-810L (Rev A) v1.01b04, D-Link DIR-810L (Rev B) v2.02b01, D-Link DIR-820L (Rev A) v1.02B10, D-Link DIR-820L (Rev A) v1.05B03, D-Link DIR-820L (Rev B) v2.01b02, D-Link DIR-826L (Rev A) v1.00b23, D-Link DIR-830L (Rev A) v1.00b07, D-Link DIR-836L (Rev A) v1.01b03, and TRENDnet TEW-731BR (Rev 2) v2.01b01
35d9cdabfd053fc6c2ff7f2de254f832a73dc49048156c4f453d8ba4b3f21bc9EMC NetWorker contains a buffer overflow vulnerability that may potentially be exploited by attackers to launch arbitrary programs on the affected system. Versions prior to 8.0.4.3, 8.1.2.6, and 8.2.1.2 are affected.
9b29ea39871e0f387e2e9f76a70a44485eba4d5e2af867e099217ee1c22726a4Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from multiple cross site scripting vulnerabilities.
23d7a6ced961a189c2a32abecdb8ca98c500a122e3542a1ccc4efa230928e57eHuawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from an XML external entity injection vulnerability.
c7c2407779c7f1a975e407883855dddb3f3c26e41f43b310f77c4493aaafe71bSecunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "MRSETDIBITSTODEVICE::bPlay()" function (GDI32.dll) and can be exploited to cause a memory corruption via an EMF file with a specially crafted EMR_SETDIBITSTODEVICE record. Successful exploitation allows execution of arbitrary code.
ed3d517ee666d030f5df6830cf8981005659fc92cb0c554af44305ac144591c1Comsenz SupeSite CMS version 7.0 suffers from a cross site scripting vulnerability.
691f7c89b1caa0472c8a9be37459934f77fb1772af283aa43f8a6085dcae26c0Opoint Media Intelligence suffers from an open redirect vulnerability.
97726adab38a15cdc9d6396ef6393518664b286821d2b8b6a2235a7c8ff95f2cWebs ID suffers from a cross site scripting vulnerability.
aaef7499cb1976d0bbee37571ec5fba3821d04da8aff958ec521f45274f8f211NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from an html injection vulnerability.
431273588a8007d8827bc1ced3c02b81d49af8135143df355265d68abb2c4abfNetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, and 3.12 suffer from a directory traversal vulnerability.
e33e315fb4f1085ac945c6ef7b991ad9217af60eb79756cf09747d1d6ddd857cRed Hat Security Advisory 2015-0813-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-06 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
95ef1d09fff932e5503e61d52f340ec04358a2809cf0d826824d84ae441f3b0cDebian Linux Security Advisory 3227-1 - John Lightsey discovered a format string injection vulnerability in the localization of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user.
59a9b12ffa6df63a5fa049823d455c93824eaada64684d8d3ba770278ff254f6Red Hat Security Advisory 2015-0808-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.
3a0ef66142ddc689cba44201a56eaa2c9e8347b91997bee60a9a71c63fa527f3Red Hat Security Advisory 2015-0809-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.
4b311f2046eff7dae79683115dba1e897b0cf1cbe235a54fdd949b6b19abbb0fRed Hat Security Advisory 2015-0807-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.
039106c41849667381adfd1c4098bfaa8e16795be6379a83d48bb1db44757ff1Red Hat Security Advisory 2015-0806-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions.
0b4f8377127fadf61fa672c3d60031b3007cd49e491ac2c847d9a8eef1d58624Cisco Security Advisory - A vulnerability in a Cisco-signed Java Archive (JAR) executable Cache Cleaner component of Cisco Secure Desktop could allow an unauthenticated, remote attacker to execute arbitrary commands on the client host where the affected .jar file is executed. Command execution would occur with the privileges of the user. The Cache Cleaner feature has been deprecated since November 2012. There is no fixed software for this vulnerability. Cisco Secure Desktop packages that includes the affected .jar files have been removed and are not anymore available for download. Because Cisco does not control all existing Cisco Secure Desktop packages customers are advised to ensure to ensure that their Java blacklists controls have been updated to avoid potential exploitation. Refer to the "Workarounds" section of this advisory for additional information on how to mitigate this vulnerability. Customers using Cisco Secure Desktop should migrate to Cisco Host Scan standalone package.
8428e5e7a588c0c0b16739510e6bafd25dbac9beca940e4731343b4b44cf7f15Cisco Security Advisory - A vulnerability in the packet-processing code of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers (ASR) could allow an unauthenticated, remote attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic. Only Typhoon-based line cards on Cisco ASR 9000 Series Aggregation Services Routers are affected by this vulnerability. The vulnerability is due to improper processing of packets that are routed via the bridge-group virtual interface (BVI) when any of the following features are configured: Unicast Reverse Path Forwarding (uRPF), policy-based routing (PBR), quality of service (QoS), or access control lists (ACLs). An attacker could exploit this vulnerability by sending IPv4 packets through an affected device that is configured to route them via the BVI interface. A successful exploit could allow the attacker to cause a lockup and eventual reload of a network processor chip and the line card that is processing traffic, leading to a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds to address this vulnerability.
410793f468915a72f1daf1e5dc382917bf041ac8801144663e6dce5cc384f294Debian Linux Security Advisory 3226-1 - adam@anope.org discovered several problems in inspircd, an IRC daemon.
0fb369c4d51c1b4aadbe940f16de4aa1a1b9830b126ce3a0ad63d3215d7dac17Debian Linux Security Advisory 3225-1 - Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4 playback, which could lead in the execution of arbitrary code.
778d55fd27bc3cb118fb4bc6d961491b737acd09627e83c6790ae97b677852d6WordPress WP Statistics plugin version 9.1.2 suffers from stored cross site scripting vulnerabilities.
7417199952c4f4c2dfe0f63ea7723e48742cb4ca58d9e91e2dd4096de4abde78Apache Spark Cluster version 1.3.x suffers from a code execution vulnerability.
fa52b7d291365e260eefbd50b902865d8d250fb29a92eebfc41a473b27334295Microsoft Windows HTTP.sys proof of concept exploit for MS15-034.
b962eb94796643c1f7df4412502d1acc226c3e768498d683a56c3660db367cc2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed