PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.
aafa69a15ff0e3770a96c5012d8cb850bdb3fda9ba48a991cb0678d1cb2b0ff6PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.
c6dd900ebf2986cd3b5ad60ba13c81ef576d594f7507b637176981a3472236faeBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.
08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3Pligg CMS version 2.0.2 suffers from multiple remote SQL injection vulnerabilities.
e653dc6b60d0a6774fd0c82028476bc1f4420abad29191536668539de8b9ec0bPligg CMS version 2.0.2 suffers from a directory traversal vulnerability.
6694394bbeb73a900ce2025bfc0707fad012282c2839712e6d1e324abee90990Pligg CMS version 2.0.2 suffers from code execution and cross site request forgery vulnerabilities.
478975660e6f6564e0125792eaca49d4f8fc7ddb63e0f2f82e756f316270b0ceSlackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
6f8f1ea7ca7722d48810e15411398875a23f2427d517d29aaf9be8d59d9f7ffbSlackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
9e1563e5450015846758e7398735030c758bd3179e6f25263eca88eb9ad6257bDebian Linux Security Advisory 3384-1 - Two vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.
2ba577efa7645c3fbb63c3ae8f39544eb64cf665f1a19b8df7a9e00878b1fe27Debian Linux Security Advisory 3383-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool.
5c112093bf6218a0c2e15cc40a7bd9714b502a4ca135cafa9a4c8cf9452b519ePython 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.
11ad4ff03a7d48ad669798a540d150f6b9a96705027ddfb79905aac9959c3fc9Debian Linux Security Advisory 3332-2 - The patch applied for CVE-2015-5622 in DSA-3332-1 contained a faulty hunk. This update corrects that problem.
7ed79434482d9a30adcebdf34b45d74b939f9e8bd496ef33161939bdc9c7bb03Slackware Security Advisory - New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
3c4a3a5cf1e480feed4b9092b1aa939f9e0eaf1cd0b6da12b95876f269e7e405The yaml_* parsing functions suffers from an exploitable double free caused by the error path for the php_var_unserialize() call on line 797 of pecl/file_formats/yaml.git/parse.c.
222691a6762e7a56ff629bdd866e2f3741c307b8856b25b0efcef4850bb9383fThe PHP unserialize() function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP classes and thus code execution via destructor.
25ba50f88dac6d73405bd6b613b421c3efdf062bb33df0303b3857f5a2f462f0Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.
de3c115352c90fa8f2310b17c7ea48cfcb49051855371160b2525f16b5d92a47Libstagefright integer overflow checks can be bypassed with extended chunk lengths.
15eceaf95482d14e738ec82c591c2ef6f10dc84faa2b08d52245a8476148b162This bulletin summary lists two bulletins that have undergone a major revision increment for October, 2015.
dfc6d50a5439219f0823d7272a2dbf8ec52bc5fafadfa2b49a9b018b28c91002Red Hat Security Advisory 2015-1955-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.5 will be retired as of November 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.5 EUS after November 30, 2015.
8c856795a9fce1c3f213548d0b1010a365f10422954849fe64eeb01346c587daRed Hat Security Advisory 2015-1956-01 - In accordance with the Red Hat Storage Support Life Cycle policy, the Red Hat Storage 2.1 offering will be retired as of October 31, 2015, and support will no longer be provided. Accordingly, Red Hat will not provide Critical impact security patches or urgent priority bug fixes, after this date.
5a3aea5683b1410bf7fb04eacf5b411ad506169e7c8712846e042615e9be734bUbuntu Security Notice 2788-1 - Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. Various other issues were also addressed.
de45b1383c5e5a7528aa33c19008c2e1509e1607e528e06b77d3ad12186a6ab1TAP is a remote penetration testing platform builder. For folks in the security industry, traveling often times becomes a burden and adds a ton of cost to the customer. TAP was designed to make the deployment of these boxes super simple and create a self-healing and stable platform to deploy remote penetration testing platforms. Essentially the concept is simple, you pre-configure a brand new box and run the TAP setup file. This will install a service on Linux that will be configured the way you want. What it will do is establish a reverse SSH tunnel back to a machine thats exposed on the Internet for you. From there you can access the box locally from the server it connects back to. TAP automatically detects when an SSH connection has gone stale and will automatically rebuild it for you.
a42c3f31a3a76e5688666de6f602e9c95f4c10fab29266ee874d7f2dae3b3851This article examines the security challenges facing us on modern off-the-shelf hardware, focusing on Intel x86-based notebooks. The question the author will try to answer is: can modern Intel x86-based platforms be used as trustworthy computing platforms? The paper looks at security problems arising from the x86's over-complex firmware design (BIOS, SMM, UEFI, etc.), discuss various Intel security technologies (such as VT-d, TXT, Boot Guard and others), consider how useful they might be in protecting against firmware-related security threats and other attacks, and finally move on to take a closer look at the Intel Management Engine (ME) infrastructure.
21aff52a293ba0e23ed85f93772ac4823589aaf5b93e76d95c0c62d46c9ba78dOxwall version 1.7.4 suffers from a cross site request forgery vulnerability.
88ada6ac426249e6a52b83bd212e37b27d3c0891970c6b58a7203e704fd03a16Privilege escalation can be achieved via a symlink attack on POSIX shared memory with insecure permission in AMD fglrx-driver version 14.4.2.
4e6dcfe5ce3f850f7a06aad8a578e3e8da7469c5142c18444505b01a35ff813c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed