The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.
be240e5ce556625bff02587580565e9c43078802e56197d7552916b159aefcf1360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
ac701465b6fa8598954fa500e80b3ccb80cc7b3e0e82498b2ced43232dbd181cGnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the current stable release.
48594fadba33d450f796ec69526cf2bce6ff9bc3dc90fbd7bf38dc3601f57c3fGnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.
885ccb46e52f5a9f5aed3edf8aae4d67aa85e41b72471bed93e84fe3f7df3e5eSlackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
ca2549f2bbe98b0173e2b937737135325fb0aeca5d53b29dd51a9d864253fcebSlackware Security Advisory - New libsndfile packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.
0613e48ef93ff91504e6909feac66241db72fe0400b308a7af0b739b8d6809e4Debian Linux Security Advisory 3472-1 - Two vulnerabilities were discovered in wordpress, a web blogging tool.
735a5efc1730a43120e8b0b354ddf62a5478ce6c3ed1b1aba1601f8a38eb239cDebian Linux Security Advisory 3470-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
13f129df6383f3c46d755e426dc4ae221be8c7448d252cdc038c735cd688e0d9Debian Linux Security Advisory 3469-1 - Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.
35b8aff41d4919be9547d1b6b6631c663af8239b7b71be86a2f71df756b394b7Debian Linux Security Advisory 3471-1 - Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.
80c7a325e49ca44e15219690a760bf76916fa3b4cb01804b582a056e1da875a6Red Hat Security Advisory 2016-0158-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
8785aaea93957c855bd285cbb5b9cb863f26d8ff930862ccc1352087cee3863bRed Hat Security Advisory 2016-0157-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
56c91a3a6648c4021e991cc011f29688c55abd9b1c1986d8a0c83e17a73512bbRed Hat Security Advisory 2016-0152-01 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. This issue was discovered by Mateusz Guzik of Red Hat.
98d3176e2d8e624d50a07e1c09e1baa283d0a70fa28499d268e22b3db17f2384Red Hat Security Advisory 2016-0156-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
40a11f4aa85590c545878df345375ecdf746a8e6855b016abcca6949675763f3Red Hat Security Advisory 2016-0155-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.
c4c77a91f4fb35f1fccc1e4150b734bdae36528b92035f7aa5000556d02202feUbuntu Security Notice 2892-1 - It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. It was discovered that nginx incorrectly handled CNAME response processing when the resolver is enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
d6dd860ad160022d340ae51100f95d1bbfc7eb1318e96733778075f22b98232bUbuntu Security Notice 2880-2 - USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. Various other issues were also addressed.
cb3999810b3a4d20a01233e46db43a709e067915cacd6ffbc773f23726fd94fbThis bulletin summary lists two bulletins that have undergone a major revision increment for February, 2016.
f0398d1e29c210cd39d6145aa012cb6ff99ecb22bd86ac25de88844a51248890Joomla Scatalog component version 2.0 suffers from a remote SQL injection vulnerability.
e23f218f7f496427967d183e85fc76a119196f510506eaf9061356a2fea2fb87Joomla Subcategory component version 1.2.15 suffers from a remote SQL injection vulnerability.
91bc38cb7df6244765f7342e7fe215c0842dc53f25d2289949732cd5598a9871ManageEngine Network Configuration Management build version 11000 suffers from a privilege escalation vulnerability.
b1e8ea1844311d691d035609460b77754f923da68c3f14f66c5c9e53051686e2This bulletin summary lists nine released Microsoft security bulletins for February, 2016.
78c1fd6c4440f65de2ddee1d6d98d1eed931edaf38c2456a04c523579cc39fdeOS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond.
84ce6959cd03e4fc99b8bddfeb6aeb14ae2f9faa1682d524c3ff80126ea1fdfe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed