Mandriva Linux Security Advisory 2013-147 - Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof is equal to 8. In the archive_write_zip_data() function in libarchive/ archive_write_set_format_zip.c, the s parameter is of type size_t and is cast to a 64 bit signed integer. If s is larger than MAX_INT, it will not be set to zip->remaining_data_bytes even though it is larger than zip->remaining_data_bytes, which leads to a buffer overflow when calling deflate(). This can lead to a segfault in an application that uses libarchive to create ZIP archives. The updated packages have been patched to correct this issue.
5bb6edb00d4a3a97d18eff54273e8d8f6e8a9f9af0bf690de5590fd4a7f7e83bUbuntu Security Notice 1805-1 - Mathias Krause discovered an information leak in the Linux kernel's getsockname implementation for Logical Link Layer (llc) sockets. A local user could exploit this flaw to examine some of the kernel's stack memory. Mathias Krause discovered information leaks in the Linux kernel's Bluetooth Logical Link Control and Adaptation Protocol (L2CAP) implementation. A local user could exploit these flaws to examine some of the kernel's stack memory. Various other issues were also addressed.
f8ed7e9055b2ef3f668acf428f2af9356368d82637507c163b57ec94d86ab878Mandriva Linux Security Advisory 2013-145 - Multiple security issues were identified and fixed in OpenJDK Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code.Note: The fix for changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Various other issues have been addressed.
f5a337abcb62a9be911da906dbbb2c5adabc27e9e1f740efcb9580a4464d520dVUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an object confusion error when processing malformed Real Time Messaging Protocol (RTMP) data received during the initial phase of communication with a server, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page. Adobe Flash Player versions prior to 11.7.700.169 are affected.
a61b22a16c3befda80224c940393c4411503ad1032eee6935dce23f0995ad911MinaliC Webserver version 2.0.0 buffer overflow exploit that binds a shell to port 4444. Works on Windows Server 2003 SP3 only.
0f734001f936a5b891c34b75bd2c451e9c1b32b8939d772c3c1bc8137fb7edafMandriva Linux Security Advisory 2013-146 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack. The updated packages have been upgraded to the 1.3.2 version which is not affected by these issues.
6a800acd6316f93d877e8a880e22d06e913d32abbff3cf0de8bb088e7caf5a4cWireless Decoder is an application that demonstrates how to recover wireless passwords on Vista/Win7/Win8. Comes with source and the binary.
a576e6dee330f135380b131a11fde69fe94d2a950eddf754394ea6db2a5eb6f6Tienda Online CMS suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.
93c112b74801b7c8122b5ecd4a34425111ec9659a7a46158160325e36fe93bcdFoxit Reader versions 5.4.3.x through 5.4.5.0124 suffer from a PDF XREF parsing denial of service vulnerability.
19bacc90bb3d86146efc71f544560d5d5e3e59ead41717335c428f05caf1d821KIK Messenger stores its password in cleartext in a plist file.
0579b4c687a6995f97f2d6c82bbc27bbe71cdfdc50cd2900d2923969eb5e3642Crafty Syntax Live Help versions 2.x and 3.x suffer from path disclosure and remote file inclusion vulnerabilities.
9b378157ba94b5a10193ab6a2ec5d79ce9881775be424528a0b05b1ceec52d09TP-LINK TL-WR741N / TL-WR741ND suffers from multiple remote denial of service device freezing conditions.
632658f3b24d25123b080a924d247c4f29a9d2dbca90b5a0d69e54046c595d73nginx version 0.6.x suffers from an arbitrary code execution vulnerability due to a nullbyte injection issue.
80b271bc4dd413adecf25945a99a831e3725d128f9974c5542da05bc9ff3daf3This Metasploit module allows execution of operating system commands through the SAP ConfigServlet without any authentication.
bd22164e93c481f2adee97758ca447db0d47658f7a4544609432a32799d8b8d3Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.
7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caadUbuntu Security Notice 1804-1 - Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. It was discovered that IcedTea-Web did not properly verify JAR files and was susceptible to the GIFAR attack. If a user were tricked into opening a malicious website, a remote attacker could potentially exploit this to execute code under certain circumstances. Various other issues were also addressed.
94c8dfb69cab90f5b36b1712850ba1638f4dec59b36eedbe93064a48b933ad10Red Hat Security Advisory 2013-0758-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
d2698820e52d08b651a6e30af5fc62e23be5567381406f5cc97b4365e26f9490Red Hat Security Advisory 2013-0757-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
47290146682a8b45735896f0b78050379327bfe0efde7613362febef95f674bcDebian Linux Security Advisory 2662-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
c154b1d7b7e208460374fd11a98c3333c72d0fcea6d6be680aefae238a806dfd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed