Oracle Portal Demo Organization Chart suffers from multiple remote PL/SQL injection vulnerabilities.
9cb3fdaacb46479a4b50a20bb9819648de8a75d662cac0949a85147a7341ca3eMicroweber version 0.8 suffers from an arbitrary, unauthenticated file deletion vulnerability.
00e97b9578c6ea4b1d5201d508e35d8194cb39385bfa4167d6c6fece74f8402bApple Security Advisory 2013-10-15-1 - Multiple vulnerabilities existed in Java 1.6.0_51, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_65.
258593b02027118f668547ad3b7fefdda202ca3848b701fb395e649322e6a9c8Red Hat Security Advisory 2013-1442-01 - The Apache Commons FileUpload component can be used to add a file upload capability to your applications. A flaw was found in the way the DiskFileItem class handled NULL characters in file names. A remote attacker able to supply a serialized instance of the DiskFileItem class, which will be deserialized on a server, could use this flaw to write arbitrary content to any location on the server that is accessible to the user running the application server process. All users of the affected products as provided from the Red Hat Customer Portal are advised to apply this update.
09a83cfadcd0718be4cf3282cc62e3a06504e0e11a5570e51089886170ee834fRed Hat Security Advisory 2013-1440-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
6928df60e04e73a408e7c5c8adee0041b01ea7e08ae1f60cbebafeaea9835d87Red Hat Security Advisory 2013-1441-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP.
4811c2f7acdc88278b99eb1119ea9720d67c46f47d011629c428a0165fbb30cbUbuntu Security Notice 1990-1 - Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. Various other issues were also addressed.
20ef9ae65651b3045515f2137dfaa94de9ff70a34ee665c2b80c0fb149236b52Mandriva Linux Security Advisory 2013-250 - Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of but as of 20120816, Oracle has not commented on this possibility. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. The updated packages have been upgraded to the 5.1.72 version which is not vulnerable to these issues.
c864968f108811c88cbf8bf6028a5edaa0d41e1d45fc7d00a66784be1d337ca6Gentoo Linux Security Advisory 201310-11 - An insecure temporary file usage has been reported in the Perl Parallel-ForkManager module, possibly allowing symlink attacks. Versions less than 1.20.0 are affected.
55ba6a531a616f0a3152dc079409941b84363ffbd17b75937fab39b1ccd25d83Gentoo Linux Security Advisory 201310-10 - Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition. Versions less than 1.3.0 are affected.
88a709ef0a86449fa6810d209ac375d4139594cffce4b83ab633a751865add55The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.
8836a50caf231af0bc2808d25511d8afa12be6798b069187840e5e846e7cbf09PayPal suffered from a mail encoding flaw that allowed for script insertion.
b603bb923ee6756c0cf3b284eec6b7ad0910def98cf35aaa7a93f3ec633f161dWordPress wp-image-resizer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
f3cd5381c497d0ff9a43ff787405d39f9cede357c30e3dde558ede2858e1aae0Level1 EAP Devices offer a function do download the device config file. This download mechanism is not properly protected such that an attacker can download the config file without authentication. Passwords can be retrieved at this point.
feb798abe8963cbdf88203291b080caa2b0b13a15a35c236457fb84cc061ff8dRed Hat Security Advisory 2013-1437-01 - This Red Hat JBoss Portal 6.1.0 release serves as a replacement for 6.0.0.
c561772e782ab85b102432049507a7b5cc958b68879cf92daa7410179afdf208Red Hat Security Advisory 2013-1436-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
303872e8ff5bca61e067a12a40cd346fa1185e503c1cbaaf1dfc656936a4a6a4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed