Verizon Fios Router version MI424WR-GEN3I suffers from a cross site request forgery vulnerability.
0e3be0fba9127a1712cac4a67d60193e76d579ee1b98d581303cf603e867e082VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the XUL "nsHTMLEditRules::nsHTMLEditRules()" function when processing certain objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.
f0d46293df9a00f2fa660f6e96989d985d27caaecef937c4a4865e96961181eeWordPress Count Per Day third party plugin version 3.2.5 suffers from a cross site scripting vulnerability due to trusting REFERER headers.
0064257fd5c4d757e56218fd6d6ad15c26c04eea4bedd1cd48f176df11011a09WordPress Occasions third party plugin version 1.0.4 suffers from a cross site request forgery vulnerability.
9065b612a6814f4c3c807c0afb6fbf138b3642c802701417b8dfe94ebb4827a1This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the Hashcat Project on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT on March 12, 2013.
34976fe412d86e813c374294d638b912a2a465950f6c8d1b2ec1e54dbfa7439fViewGit version 0.0.6 suffers from multiple persistent cross site scripting vulnerabilities.
20c97073d97750300a2356a5164432b210fc3c10d3b8e7ff551f05ed56a0236aMandriva Linux Security Advisory 2013-028 - Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long host_name variable svc_description variable. The updated packages have been patched to correct this issue.
92159bed908d90201ccd67aa806df2fd0aee85b7350ebb73a865dc48241f7458Mandriva Linux Security Advisory 2013-027 - ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for finding and reporting these issues.
0d239760215b2ceda2c75b8bd343251c0dc4edb27fb1124474c8e6ec2645bbbeMandriva Linux Security Advisory 2013-026 - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period. The updated packages have been patched to correct these issues.
f0f9ae055a87151f153c71a8cb17a6c21c9dc1ffce22d7b02cf7c92907860a99Ubuntu Security Notice 1767-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.
0af1b33f79ed871ef89c7d8fe33864480cd96aa475060b2761c30a4745e5fe02Red Hat Security Advisory 2013-0656-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an issuer and serial number, which of the KDC's possibly-many certificates the client has in its possession, as a hint to the KDC that it should use the corresponding key to sign its response. If that specification was malformed, the KDC could attempt to dereference a NULL pointer and crash.
ae64f0d8660d8e70b0f6e87ef8c95b8e6cb89169331fdb488630f43097332517Ubuntu Security Notice 1766-1 - Zbigniew Tenerowicz and Sebastian Krzyszkowiak discovered that pam-xdg-support incorrectly handled the PATH environment variable. A local attacker could use this issue in combination with sudo to possibly escalate privileges.
d8f008c000379aa9070ba6e75edcb0a1c9123812dfdae611b384d4e1fa1553baUbuntu Security Notice 1769-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.
a8ff2f766636f3eae7131ad2b4f9e1302223e8531b1447e2f89b734012c8df21Ubuntu Security Notice 1768-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.
626e202d3ef8389359ef83ff7507b3727d016e8c8f062bfef2217e074f52d804Ubuntu Security Notice 1765-1 - Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that the mod_proxy_ajp module incorrectly handled error states. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.10. Various other issues were also addressed.
9767c3ba93f72fe50577dcb192dc592f8756c27311ba9608eac93daa121f26e9An information disclosure vulnerability existed in the official Chinese PayPal web service.
0819e22b013abdf36efcc169f5458257ea767fb462ee471e8c7f3ff0ceb5cc22
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed