SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a remote SQL injection vulnerability.
db00019357db1804ffea0c5ca76cb4f4042f6423e57de6a275761be682393508SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerability.
ff32f8dfc483575f12d9638b631629d9ab8b592d1ff7efb0bb98169a0fa75462TYPO3 versions 6.2.19 and below and 7.6.4 and below suffer from a cross site scripting filter bypass vulnerability.
074a8b7081e6012807149a3a08eae83a45695bd2a613d575b6326428f2509193LG NAS N1A1 version 10119 suffers from insecure direct object reference, SQL injection, directory traversal, arbitrary file upload/download, and sensitive information disclosure vulnerabilities. Full proof of concept exploit included.
139d5541d3893fafb2b210fa4aee32b765e26956f437ba541403c289104e42e5Debian Linux Security Advisory 3583-1 - It was discovered that the swift3 (S3 compatibility) middleware plugin for Swift performed insufficient validation of date headers which might result in replay attacks.
e28aff3110b2c38704534c1440743aeac993856c6febd613f40c6dc72fd2c94aUbuntu Security Notice 2960-1 - An out of bounds write was discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. It was discovered that Blink assumes that a frame which passes same-origin checks is local in some cases. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code. Various other issues were also addressed.
8927d0b54e916b7294291432f529410e17c0583a0211c9e14a3cf41075200b01Ubuntu Security Notice 2936-3 - USN-2936-1 fixed vulnerabilities in Firefox. The update caused an issue where a device update POST request was sent every time about:preferences#sync was shown. This update fixes the problem. Christian Holler, Tyson Smith, Phil Ringalda, Gary Kwong, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, Randell Jesup, Andrew McCreight, and Steve Fink discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. An invalid write was discovered when using the JavaScript .watch() method in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
6c4c922dce9d928039cf20682443926b93b23e9cde2cda2a6dd06d853ba4ac09Ubuntu Security Notice 2973-1 - Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Hanno Boeck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. Various other issues were also addressed.
d29c52273e7734f2eb886a43b5407681e67a0595f44c88105e13d3a3a39ba876Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.
73cd912b4a74cd25d0860b10e7ac731500637a4876559d8d12e806dc2d99b644
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed