Red Hat Security Advisory 2015-1510-01 - Clutter is a library for creating fast, visually rich, graphical user interfaces. Clutter is used for rendering the GNOME desktop environment. A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock. All clutter users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using clutter must be restarted for the update to take effect.
050bb143bd5ebf35de0eb647bca94245ab7398ef9d5e39a5df3bb9cb634f9a0fUbuntu Security Notice 2686-1 - It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.
3c6254fd60e8dfa90b9d54b8281fd49cf2896d7495e64eaffb88a8ceccf7aed2Foxit Reader versions 7.0.8 through 7.1.5 suffer from a PNG conversion parsing tEXt chunk arbitrary code execution vulnerability.
9da8a1034afb8dd1ecf6f36562d0356f8048cf0ebf078c27562a216194531c8eHawkeye-G version 3.0.1.4912 suffers from cross site scripting and information leakage vulnerabilities.
dedfab25cf599a5d471846668f02839f82db68639796aad291a1a95774f4e305Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.
1780346582854c7fdc89148449d9eeb1ad330538db092f6b047b6f4ff3c1e490This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.
0be0198fd35b0f082fb3872672e7f1dbe40db0a2ae2abc971e5936c264d03b3bRed Hat Security Advisory 2015-1508-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
00824dcce64f6db1345af18546421048f71ab7526a400efd8f3eb27dfb3700dfRed Hat Security Advisory 2015-1507-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.
ddef7cd95b5ec264096b359446cefb22c25ef8d746777a0c5f1cc22a1c3f642fDebian Linux Security Advisory 3318-1 - Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.
83ddc7aa74dbc651b8f2b3677ef0e97369412cc6d8bc40e4acca028111d494cfDebian Linux Security Advisory 3317-1 - Several vulnerabilities have been discovered in LXC, the Linux Containers userspace tools.
0c757887b859f350dc7059ceb18c56f376fff07f6d2055c9c9184bfdc54423ecDebian Linux Security Advisory 3316-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure, denial of service or insecure cryptography.
77f6084f42e84ac99b7ceff809ccb976e89d5a9bf14710928cf2e5b55b224527Red Hat Security Advisory 2015-1499-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 44.0.2403.89, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
0b2bd46b245d90c8db3e033a85a7c5353db15fc1209d1b13c6e35cb3d470205fSeditio CMS version 1.7.1 suffers from an open redirect vulnerability.
2ff996b84f5e2517c42761313b4f6b91deae750fa6ae089104e6d04642bfc884PHP File Manager suffers from cross site request forgery, cross site scripting, backdoor, file check, remote shell upload, and various other vulnerabilities.
fdce4b71d80c857ab7c7314a383b0e1455af501dd6b040a30a6b5b7e8582ae3bXenForo versions 1.4.9 and below suffer from a cross site scripting vulnerability.
5d38872663e90c1322bb0e4199d9762f1f981af682bd046d78e6ef57fd238678Python code that provides a reverse TCP shell.
1fcc71b39d612ebdffeef62541bdc403a023c65238677035f5058a17e34b39cd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed