Debian Linux Security Advisory 2747-1 - Two vulnerabilities were discovered in Cacti, a web interface for graphing of monitoring systems.
5cff70381259ac904ac31e8d328da100be3280ec8d318231c9f20a320d7da4adVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a memory corruption error in the IE broker process when copying certain data, which could be exploited by remote attackers to bypass IE Protected Mode sandbox and execute arbitrary code with Medium integrity permissions.
3d6e15caa33453b5524370e307651de35239a58b0caa6422c0ed2d1d0c5641f4VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the MSHTML "SlayoutRun::GetCharacters()" function when replacing a text adjacent to an element, which could be exploited by remote attackers to compromise a vulnerable system.
683c33dd6eb12cee75b2e4d6ed700f0698a0917bade475617e2d9fec55f60a67VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a design error in the "ntdll.LdrHotPatchRoutine" function which can be abused to load an arbitrary library e.g. from a remote network share, leading to arbitrary code execution and ASLR bypass.
80c160d6c598062067a6a89779a585babc9a0065f719657a207d41d32477c58aGentoo Linux Security Advisory 201308-5 - The references section of the original advisory contained wrong CVE references.
ebd71cf22019908747f1ea5cdd3a86acfb248e6a38bfa41979b555e7a1acbe4cSlackware Security Advisory - New php packages are available for Slackware 14.0, and -current to fix a security issue.
ecb1893087d0d66f7dad6cf8deaa65276787950af36d4ce86965243130244165Slackware Security Advisory - New gnutls packages are available for Slackware 14.0, and -current to fix a security issue.
d8b63bcd49f44bb59448c810296db5ea1c1da32b571e78c2773ee2634be2daf9Mandriva Linux Security Advisory 2013-223 - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present. A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
fe608e9d309776c3c74a970f61a6a3304dc0d8dc4cc95d54316d0c533e08f277VMware Security Advisory 2013-0011 - VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.
0789baa7bebd1d751cfec338c14d6c275606f4495052e7dfa5e95751824ad5e3Gentoo Linux Security Advisory 201308-6-2 - The references section of the original advisory contained wrong CVE references.
f55dddfb5e32f8447e8f4c85d600ec6b3af91b45f0d4851a964df1ee21ef722bRed Hat Security Advisory 2013-1185-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss Fuse 6.0.0 patch 2 is an update to Red Hat JBoss Fuse 6.0.0 and includes bug fixes.
0939186bded3bc21379c4815dec6ff27fa7ec3cd68880f3f51e0f782423a24acCyberArk Vault versions prior to 7.20.37 suffer from multiple user enumeration vulnerabilities.
2c9165f3e7ef400778699bc7ee1575c639a581bd0fa9c04fa40e4fac52460c6cDebian Linux Security Advisory 2746-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting.
066d7c113b0c85a7655f00b154282b537f716ce919215cbc842ab76b2915d745Gentoo Linux Security Advisory 201308-6 - Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 5.1.70 are affected.
a5ac28b86f0822c45d84e94416073eff2e1458438f359271b10e054b23cae04eDebian Linux Security Advisory 2745-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
3eec460e99a9f554b7bc89f94799ac98b40ec17e5325c416c1ece8a5c548e48fGentoo Linux Security Advisory 201308-5 - Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.10.1 are affected.
afc074569b171377b721881b1008798f9d7adea3d3545cc57e14f5899a9a8a18Red Hat Security Advisory 2013-1182-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with a bogus Distinguished Name. A remote, unauthenticated attacker could use this flaw to cause the 389 Directory Server to crash. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically.
ad79a80c525e40f5a8b8e35492bf65f8f8480d0c5b00f47e089143dfe954475dCore Security Technologies Advisory - EPS Viewer is prone to a security vulnerability when processing EPS files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing EPS Viewer users to open a specially crafted EPS file (client-side vulnerability).
1e976c709e9923b7de99cb14fb2f670c20a612913a3af82da2b7ddc3bc925d6aDrupal Node View Permissions third party module version 7.x suffers from an access bypass vulnerability.
7ca5999ea6318f70dcc57e0ccabbb7102184fb0146a57fbc7a302308d2e184f0Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an invalid SDP is sent in a SIP request that defines media descriptions before connection information. The handling code incorrectly attempts to reference the socket address information even though that information has not yet been set.
b1ea1870b8ffa92fa2b9399875bedbe661440f8f5a1a71aa38f9d130235ae5aeCore Security Technologies Advisory - Aloaha PDF Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Aloaha users to open a specially crafted PDF file.
21cd4dd29b0d5d565a77dc20c6f24d3e2536eafdb028b9c755120d0d051d37ddHP Security Bulletin HPSBHF02888 3 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 3 of this advisory.
8239e84bfea2e012f2e9ee091ba0f400119fe80706c62cfd2e732a4608f577aeDrupal Flag third party module version 7.x suffers from a cross site scripting vulnerability.
f1f231f32167e84be3f73dd02169b893610f503b40cd32c0074fdabdc225ed9cCisco Security Advisory - A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is configured as a RADIUS server. The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server. There are no workarounds for this vulnerability. Cisco has released free software updates that address this vulnerability.
24f4eb4918b68ce6f025d4f11b936967593ada6bace57a42d482fdba12d618c3Asterisk Project Security Advisory - A remotely exploitable crash vulnerability exists in the SIP channel driver if an ACK with SDP is received after the channel has been terminated. The handling code incorrectly assumes that the channel will always be present.
7b5b33cd2756da3ffe8c64031b7e60cd9b0cbd4644f5ab8e89498500f2a141bc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed