DataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php.
f9fca371c6cc4a2c4cbce0576e95fe335c2ff36d4ec6b96f3b9230f8bf8b8d3aPFsense UTM Platform version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
45926ded3475024d0aef4360545bac2b39e3270b21031d2fb34960a446010ee1Apple QuickTime Player Windows version 7.7.3 suffers from an out of bounds read vulnerability.
3d60aec0fbab876dd922d47e86103c69e20f4e9c1f873e349d83a0f172ffc979This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE-2013-0156. This Metasploit module has been tested successfully on RoR 3.0.9, 3.0.19, and 2.3.15. The technique used by this module requires the target to be running a fairly recent version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated.
769b2cec718b2f5c0376d0da94e63d98f26719caaa5c210d5a2be3bf33552211Adobe Reader XI versions 11.x suffers from a heap overflow vulnerability.
e93727de120b805345d02968f070046cb2ce10e3faee74ce008a6633a0fdb4d2Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to compromise a vulnerable system.
f8f2fda08519a9751c5bdec67f2f996af84c0564cbc21d2d177e11974a90327fSecunia Security Advisory - Ubuntu has issued an update for libav. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise an application using the library.
bf31505f8243f243eee6339db3047943e840bf3ecaa78659562ff9632e30bcb3Secunia Security Advisory - Apple has acknowledged a vulnerability in Apple TV, which can be exploited by malicious people to compromise a user's device.
9840930a77fca2f4cd3842453968b09047974315d55c6d17541a095360789604Secunia Security Advisory - Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.
31ff497d4f3b7b0479c3de4b8ce864679f6211c4c83c81478d03d0e11e141736Secunia Security Advisory - Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to compromise an application using the library.
076b706834305678cddbf7a406c81d6a5f943cea3b01ae77f6b08edc8aea4bf3Secunia Security Advisory - A vulnerability has been reported in libvirt, which can be exploited by malicious people to potentially compromise a vulnerable system.
745124e07efbc9a073c26da55cce47a655a01e2796a59fd93f0aff3a72d75efeSecunia Security Advisory - Red Hat has issued an update for rubygem-activesupport. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
f3d7078d3cf0a20d985472f1fdc53b66b74c96051b8b4671339dc41102a89af6Secunia Security Advisory - Ubuntu has issued an update for ffmpeg. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
e1ff122a88c54155c71a58d78833994b525b8e9f56ef9073292bc707c3b359b7Secunia Security Advisory - Two vulnerabilities have been reported in Symfony, which can be exploited by malicious people to compromise a vulnerable system.
38c9e43a5b9f8023220849289de8c8ef89f56af8e1a55a0e5694c9dcbfc7d8cbSecunia Security Advisory - A vulnerability has been reported in Cisco IOS XR, which can be exploited by malicious people to cause a DoS (Denial of Service).
2d0aa8eff7c68934048cdf9b9b664df016672f45e7126aead14b00c428e92ee8Secunia Security Advisory - Junaid Hussain has discovered a vulnerability in the SolveMedia plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
f1a22067428b97770336fc3844a27c0134696405a3eb8250b6a3346d3f8bcfc7Secunia Security Advisory - Ubuntu has issued an update for libssh. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
7270662bfd73dc1abd94d5b8a3a40bc34dd88b721f38401e99d507209844dec5Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM WebSphere Message Broker, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
7588dd596008f36665dd121fe499bc546228d65b930f3ad91025e6e6e237a0caSecunia Security Advisory - Red Hat has issued an update for libvirt. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
de476f7d369b16edb237506430b1a189fa7102ba1f02365997d72587783506c3Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM Tivoli Directory Integrator, which can be exploited by malicious people to cause a DoS (Denial of Service).
564fe0fa8884922975dfcacb1158acc7d99addeef19447001188ea5a76b276b6Secunia Security Advisory - Rapid7 has reported two vulnerabilities in Portable UPnP SDK, which can be exploited by malicious people to compromise an application using the library.
60b12f77e6a02e68eac2bc58f4a3d6ae3a3fcb9079974300c0a08fbf73f18d13Red Hat Security Advisory 2013-0202-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Support provides support and utility classes used by the Ruby on Rails framework. A flaw was found in the way Active Support performed the parsing of JSON requests by translating them to YAML. A remote attacker could use this flaw to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created JSON request.
677405cc6f27592547c54fbd53303da5f833360860544cfa0aad5d9de7076d40Red Hat Security Advisory 2013-0201-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Support provides support and utility classes used by the Ruby on Rails framework. A flaw was found in the way Active Support performed the parsing of JSON requests by translating them to YAML. A remote attacker could use this flaw to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created JSON request.
7085d262054b23233cc05f55745aba2be87d32348b742f0737def218a860a95fRed Hat Security Advisory 2013-0199-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user.
9b0926897ef2c7c11cb24ab1e055d63e9d0b4aadfbd76cf8b9d00499296212ffUbuntu Security Notice 1707-1 - Yong Chuan Koh discovered that libssh incorrectly handled certain negotiation requests. A remote attacker could use this to cause libssh to crash, resulting in a denial of service.
2a67a8edbc2942f40a6dcc4eeb9ad04e3853fe87333ab4951b991ce2693bdb61
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed