Asterisk Project Security Advisory - External control protocols, such as the Asterisk Manager Interface, often have the ability to get and set channel variables; this allows the execution of dial-plan functions. Dial-plan functions within Asterisk are incredibly powerful, which is wonderful for building applications using Asterisk. But during the read or write execution, certain dial-plan functions do much more. For example, reading the SHELL() function can execute arbitrary commands on the system Asterisk is running on. Writing to the FILE() function can change any file that Asterisk has write access to. When these functions are executed from an external protocol, that execution could result in a privilege escalation.
d023c90a325ba8f94bb3cf31d665ef950f78277c35b78413f1a2879e54fbf60bAsterisk Project Security Advisory - A 16 bit SMS message that contains an odd message length value will cause the message decoding loop to run forever. The message buffer is not on the stack but will be overflowed resulting in corrupted memory and an immediate crash.
23fd2d5df026467da642f085725b6e9512c5c434b3c52f73e2cef1b5fa54e190HP Security Bulletin HPSBHF02953 - A potential security vulnerability has been identified with HP B-series SAN Network Advisor. The vulnerability could be exploited remotely resulting in code execution. Revision 1 of this advisory.
d98c113be04f6d6cead04a1a93db8863e99c46ce1bdea5e9a31118276c9b44a8Ubuntu Security Notice 2056-1 - It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, applications could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.
53ee3dc1a87894466c917b6268a94748f60a6d85146f0816de76d57f02d46ca6Red Hat Security Advisory 2013-1844-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The Apache Solr component is an open-source search server based on the Lucene Java search library. It was found that the SolrResourceLoader class in Apache Solr allowed loading of resources via absolute paths, or relative paths which were not sanitized for directory traversal. Some Solr components expose REST interfaces which load resources via SolrResourceLoader, using paths identified by REST parameters. A remote attacker could use this flaw to load arbitrary local files on the server via SolrResourceLoader, potentially resulting in information disclosure or remote code execution.
97a4ce4a342b2a707aeeecd5d5d4cd364e8fd2ec4a26deb46de5b61d4acca76eRed Hat Security Advisory 2013-1842-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is exhausted. Node.js is included in Red Hat Software Collections 1.0 as a Technology Preview.
6cc658b52fc2d5fd70d630a89cba0152aa0d9dba36215c7daf88a66a5521cfcdRed Hat Security Advisory 2013-1843-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Middleware components that have been tested and certified together to provide an integrated experience. Multiple cross-site scripting flaws were found in the GateIn Portal component. If a remote attacker could trick a user, who was logged into the GateIn Portal interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's GateIn Portal session.
737ee86e47a3cb80cd24c313d93cd1b772ec24fd4b9be17b01e01de00421eecfGentoo Linux Security Advisory 201312-13 - Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.10.3 are affected.
71b1f9f5d4f6e6e9271d1457f98338b2c485f01913352a2c72c41314e44b9227Gentoo Linux Security Advisory 201312-12 - Multiple vulnerabilities have been discovered in MIT Kerberos 5, allowing execution of arbitrary code or Denial of Service. Versions less than 1.11.4 are affected.
2889e0196fe0b9aaeb676d58c3158d721d6a9e4252a764b323f60b1d630fde77Debian Linux Security Advisory 2819-1 - Security support for Iceape, the Debian-branded version of the Seamonkey suite needed to be stopped before the end of the regular security maintenance life cycle.
4b7d7dc99d4bc335366c88ba49b5913681d7712bc3a5ed6733eb7cbe41477c33Debian Linux Security Advisory 2818-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.5.33, which includes additional changes, such as performance improvements, bug fixes, new features, and possibly incompatible changes. Please see the MySQL 5.5 Release Notes for further details.
a32ccfc50d3db892c186c24c3c194dc467f7b0aaee069c43eb68192ec6c04900Red Hat Security Advisory 2013-1841-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect.
c76e897d9f2a81cec855edb8f61e2351ed973a88ef968d67b716ebfdb37cf426Red Hat Security Advisory 2013-1840-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect.
95d8a3b6db2ae0f619812a98c0870e19128c44ca16cdcb4246f0ace0d7251338Gentoo Linux Security Advisory 201312-11 - A buffer overflow vulnerability in Win32 Codecs can potentially allow for user-assisted arbitrary code execution. Versions less than or equal to 20071007-r4 are affected.
39d68b1d52bbae02397cedbe33f971f088260eb69863e2f325351c8e2d1a4351The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker.
153a21db188fa2a24c0e2bc997de7e6f46e6109c48d3473227fe9a4f115a73aeLiveZilla version 5.1.2.0 suffers from a PHP object injection vulnerability.
3f15a1250351c7a5d359998644a5f3c1a7bf6c9c943d46a59d5534ec98612cf7LiveZilla version 5.1.2.0 suffers from multiple cross site scripting vulnerabilities.
2cf18894a3875b9c1aadaad35adb2250a1d6a3890f83fb1d3bcd6561d6c76c5cSafari for Windows version 5.1.7 (discontinued) suffers from a remote code execution vulnerability.
85a2c8e2389b7e4cc56a6a54c016026ddfd5801abebe338bba22052217f2fe3aHP Security Bulletin HPSBGN02952 - A potential security vulnerability has been identified with HP Application Lifecycle Manager (ALM) running JBoss application server. This vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.
b30f271b757401886554de4dfbd2e10bc1f7d66f3e0a19a69b7169dc91228181HP Security Bulletin HPSBGN02951 - Potential security vulnerabilities have been identified with HP Operations Orchestration. The vulnerabilities could be exploited to allow cross-site scripting (XSS) and cross-site request forgery (CSRF). Revision 1 of this advisory.
c269b1d60b3e90c5acb18d71d9329cd95b5832a4b458d1d64dba90e4d65129fdGentoo Linux Security Advisory 201312-10 - A buffer overflow in libsmi might allow a context-dependent attacker to execute arbitrary code. Versions less than 0.4.8-r1 are affected.
6aa435a29cce58ebaef5ee97b49c52c0045e0a66e59825d2106d819f7b61b00cGentoo Linux Security Advisory 201312-9 - Multiple vulnerabilities have been found in cabextract, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.3 are affected.
8cdb78dc586c4b23f55ef5470d748fdd81b5e9636acdcbc0d181c4649c5021adDebian Linux Security Advisory 2817-1 - Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code.
f3c71858a5f19feeca680c031798b02da6f0c617f5783c05975cb2a9f23b7313The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the API_KEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table.
d611161b7de257aeced569b86efb86407334ac528739835cfa78af454f079352HP Security Bulletin HPSBMU02874 3 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter for Windows, Linux, HP-UX, Solaris and AIX. The Java Runtime Environment (JRE) has been updated to correct these issues. Revision 3 of this advisory.
4c70eda32ba12099ad62298acd9d2be2d0eb44814e5ae0c535f3d1fb3f8c8e9c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed