Drupal Flippy third party module version 7.x suffers from an access bypass vulnerability.
e05dde6d1cfcc650059a70b7a0b17651578f9d0adca3f0f4a74d219ca763d248Ubuntu Security Notice 1920-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
2f91134a1a557092454434ee596a252d809898b18b8b16a6e4b0407d4f00c5a1Red Hat Security Advisory 2013-1121-01 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file, but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.
017a385dceb214bf5d315228e72812b052260e68a9038125edf5e5e4839ab846Mandriva Linux Security Advisory 2013-203 - Multiple vulnerabilities have been discovered and corrected in phpmyadmin. Inclusive are cross site scripting, path disclosure, and SQL injection issues.
8090445e4dda8633ddc5b78c9804c5857de7dd5a3cadd344ba35eb672777f0e7Red Hat Security Advisory 2013-1120-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A flaw was found in the way HAProxy handled requests when the proxy's configuration had certain rules that use the hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy instances that use the affected configuration.
4eae575883953a022087359e906d02ff61ef76473125a82a2fa161858a5d8cafRed Hat Security Advisory 2013-1119-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes.
1409ac162d0007714edfad28e3045f8a6eda6423768a7478dc7f991b1d164304Mandriva Linux Security Advisory 2013-204 - An updated wireshark package fixes multiple security vulnerabilities. The Bluetooth SDP dissector could go into a large loop. The DIS dissector could go into a large loop. The DVB-CI dissector could crash. The GSM RR dissector could go into a large loop. The GSM A Common dissector could crash. The Netmon file parser could crash. The ASN.1 PER dissector could crash.
00eced9593c58aac3a60ba3a90afa47d35b711a71715de5b97f4efbb02c501ccRed Hat Security Advisory 2013-1115-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.
2c4c9735dccdd293d6c3761af0e515e2e9e678a170f95e35d0d880ad6d09c2c9Red Hat Security Advisory 2013-1116-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that Red Hat Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes.
448d2016b9f11404ae10246e1b670274cd1e5b82f293d08a61c049b9a5f1eb30Red Hat Security Advisory 2013-1114-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon will be restarted automatically.
2004136b8895379be9ea87bd35769ff77ec069f6404a3d36a2ee61892442afc1HP Security Bulletin HPSBGN02904 - Potential security vulnerabilities have been identified with HP SiteScope running SOAP. The vulnerabilities could be remotely exploited to allow execution of code. Revision 1 of this advisory.
2478f00abd186500bf4ec557873ea4be1a0c4be699444916f74a1abfffb67c68Ubuntu Security Notice 1914-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
e281f113bfff532e219e71a683648538274d40404aebc19c9c92c26f5c2b8fadUbuntu Security Notice 1912-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.
7626eebe096c4f4e95a3b1cb1ff7acbc486115e31cb055a4cfc1d77520c9a968Ubuntu Security Notice 1913-1 - Jonathan Salwan discovered an information leak in the Linux kernel's cdrom driver. A local user can exploit this leak to obtain sensitive information from kernel memory if the CD-ROM drive is malfunctioning. A flaw was discovered in the Linux kernel when an IPv6 socket is used to connect to an IPv4 destination. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). An information leak was discovered in the IPSec key_socket implementation in the Linux kernel. An local user could exploit this flaw to examine potentially sensitive information in kernel memory. Various other issues were also addressed.
c3d61e0fb4aa4f5494b3cdd1af09f21f215af1156fd6bf715ccecb2845b2618aUbuntu Security Notice 1918-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
c8f97df912321da182b75fcb3b114c33f25a5d98651841d3a4806a995ce33e6fUbuntu Security Notice 1917-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
44a241709486ac437e3d20c72250783b23943ac290361dfb2bdb8db6bb085b3eUbuntu Security Notice 1919-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
0533e65e4aac2acad7800b9fde2a21a7f12007d4006f2fa9c6894c704e67ef93Ubuntu Security Notice 1915-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
4317fc6f210922b96aa5e09e8a48270f0ed5ca1f6c7e34a57b8415cda61d298aUbuntu Security Notice 1916-1 - Kees Cook discovered a format string vulnerability in the Broadcom B43 wireless driver for the Linux kernel. A local user could exploit this flaw to gain administrative privileges.
3ea1105eb40750e46ee7ad60c72217780c0ef311892fe7159278370fb2345251Debian Linux Security Advisory 2731-1 - Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.
f0a1666c4812d4dc7cb9b02be9a71e7f903c37c2ee68d1a36864059533ee2595Ubuntu Security Notice 1911-1 - It was discovered that Little CMS did not properly verify certain memory allocations. If a user or automated system using Little CMS were tricked into opening a specially crafted file, an attacker could cause Little CMS to crash.
c54d93e57fe6f1c6159d8072be1042ae818e7c132c0787c9995ef18ce37ff500A vulnerability exists in EMC NetWorker that could allow exposure of certain sensitive configuration information under specific circumstances. Versions affected include EMC NetWorker 8.0.0.x, 8.0.1.x, and 7.6.x.x.
9dec0bf3a8508498074bb32c9d7dcad0227b5a46110ee20ca656d7dbb5260323FreeBSD Security Advisory - The kernel incorrectly uses client supplied credentials instead of the one configured in exports(5) when filling out the anonymous credential for a NFS export, when -network or -host restrictions are used at the same time. The remote client may supply privileged credentials (e.g. the root user) when accessing a file under the NFS share, which will bypass the normal access checks.
d672bbe3c1c06396c194b1f5062f4d67d79b24f02a60b7a89344ec0f57fe8219FreeBSD Security Advisory - Due to a software defect a specially crafted query which includes malformed rdata, could cause named(8) to crash with an assertion failure and rejecting the malformed query. This issue affects both recursive and authoritative-only nameservers.
f1c6bd390fafc6b86654d596d7ddcfa62102f4a0aa7b681a7a87ed56ead922b7Debian Linux Security Advisory 2730-1 - Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system.
a9eb5a7847a3399ecba5950187fddf262cc33613e718ae36cd8548159d9c4643
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed