After 12 years, the full disclosure mailing list has suspended service indefinitely. This is the final message from Full Disclosure noting the closure.
33d082638b3db7b562a76817d600a262b7fc4a760bdd03c9509dbdb5c378cb00Red Hat Security Advisory 2014-0316-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Several information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash.
99f2e830a0ca86b1ef8e7e99ebe9ab5a9e0c7677928998254e8f18529e4d035cDebian Linux Security Advisory 2881-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure, denial of service.
2af27afd313c8f96d46798f7a9e1133896ee197d30cd669d6f67ec0e83790bc4Red Hat Security Advisory 2014-0310-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash.
38c9a08689793ed4fe17d61018e3aa8c675fa8d5b8dc57eae2c8e68f9abd7d0dRed Hat Security Advisory 2014-0312-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. All php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
ed152ea19937dfd772c59ba8bdad4a73bae67c13b28bf59e21e0dec3e764f158Red Hat Security Advisory 2014-0311-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.
2a64c8f53e6dc048bca206f2a449803fc371f77164f14a295802d4991566105cUbuntu Security Notice 2150-1 - Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob Fletcher and Makoto Kato discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out-of-bounds read during WAV file decoding. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
9fd46be9a10b917dc455961f9ebfaefd537de7a30d8809e8ea6f33183e56470cOpen-Xchange AppSuite versions 7.4.1 and 7.4.2 suffer from a cross site scripting vulnerability.
fa92825ba91c0472654c533544c6b2eb942b65f4321430779dddde151bb3a5a1ExSoul Browser version 3.2.2 suffers from a remote code execution vulnerability.
fdf3bd0df3ea66b9e281fffe25c9e152f5c20c599e6d56fc5a375d9e32c8a578XTRA Browser suffers from a remote code execution vulnerability stemming from insecure use of the addJavascriptInterface functionality. The vulnerability allows attackers to execute code through targeted browsing attacks to pages hosting malicious JavaScript or by loading up a malicious file into the affected application from the local storage.
2a98b20d83883200c6dd809b0710b1bd174a2d328fd9b4671132306164912b5dDebian Linux Security Advisory 2880-1 - Multiple security issues were discovered in Python.
4bbbad989a87630a2521f420870888b954d2c25ff56fe58c1ddac728c24ed5cbMandriva Linux Security Advisory 2014-063 - A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process. A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has also been fixed.
5e7a46c3da2b89998b40b69635b72cb3f81e590d995520288c1ab909242725efMandriva Linux Security Advisory 2014-064 - A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon.
b0b7c0634a5a2ff783abfae0a2fb6403ec56da0680c7b51ed9eb341cd8a07205Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
27b82adda7cb7ed9776d3685dcfbfc3fe196fe892f153a6b846e4276aa1cd841Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
0bb971d1fe276939429c0efeedf4fb567d9869a86ce545903ed51c3087b43ab6Red Hat Security Advisory 2014-0306-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting attack on an application that uses data submitted by a user as parameters to the affected helpers. A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected.
02f09d4cf6f96ffbeda49c48f45c7f2280fc213cb2f9bb62c8f9cae21fd9ca14Red Hat Security Advisory 2014-0304-01 - Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the user running mutt. All mutt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of mutt must be restarted for this update to take effect.
cc3421fd2cf47179a0597aaf0f0d1a110c24a7d362cd7cf0307edae0ddedff12Red Hat Security Advisory 2014-0305-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.
3ec3fc0d3b8fde3a488a8ba2717d80277dafe4a59569f5ce49711decbbb9a754Ubuntu Security Notice 2149-1 - It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files.
543f622bfe3bb7fe528fc224f4699359de9f4893eb9828f3de40efa064f6ece8Ubuntu Security Notice 2148-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
ce272d6112e6a6e0074772ccf2c88f12920d5bc54c5834c8e94218806a3ddccfUbuntu Security Notice 2149-2 - USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files. Various other issues were also addressed.
8cde872057a3b59093e5f6af791629f3c92de754c70fd76ca0e552652468a8e0AutoCAD 2013 and earlier versions contained untrusted search path vulnerabilities. When AutoCAD loads FAS or DLL files, it searches for these files in the current working directory.
370fcd4452f170d721b958a426306897b3c3eb0fbce3f549013d448d9c1ebe59HP Security Bulletin HPSBMU02975 - A potential security vulnerability has been identified in HP Smart Update Manager for Linux version 5.3.5. The vulnerability could be exploited to allow an elevation of privileges on the target system. Revision 1 of this advisory.
80b9684119823368861ac1a55ecf2583944cd93bec40ace432f5fbd7eac8f41dHP Security Bulletin HPSBMU02967 - A potential security vulnerability has been identified with HP Unified Functional Testing Running on Windows. This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
cf2d725ac72d50909e306f487cc4ca1305478a75311883f1955aef3d6587f353Red Hat Security Advisory 2014-0294-01 - XStream is a simple library to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application. The main distribution of Red Hat JBoss Data Virtualization 6.0.0 does not contain the vulnerable XStream library and is not vulnerable to CVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 who installed an optional S-RAMP distribution as provided from the Red Hat Customer Portal are advised to apply this update.
e94f90ed91b9b18863d01d1278cf19bff6faceda04aad0f5805835514be9048b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed