PHP File Manager suffers from cross site request forgery, cross site scripting, backdoor, file check, remote shell upload, and various other vulnerabilities.
fdce4b71d80c857ab7c7314a383b0e1455af501dd6b040a30a6b5b7e8582ae3bAn integer overflow exists in the System.DirectoryServices.Protocols.Utility class of the .NET Framework. Triggering this issue results in an overflown integer that is used to allocate a buffer on the heap that is too small, resulting in memory corruption. Exploiting this issues appears to be difficult. Consequently, Microsoft has decided to not release a security bulletin.
1afa865b50719d016f840d929f46021c297eaaf847046ef8e5bb08fa3a10902dUbuntu Security Notice 2685-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
ff91b08028ce0d9cbb795da024396ec409ee5bce6874e42ac288d5806e460cc5Debian Linux Security Advisory 3315-1 - Several vulnerabilities were discovered in the chromium web browser.
cb3dc0da6f78a83ee1bcb3ccd48f19bc839d73342fdcf21a35855718da9468f6Gentoo Linux Security Advisory 201507-22 - A heap-based buffer overflow in e2fsprogs could result in execution of arbitrary code. Versions less than 1.42.13 are affected.
ddc8103bc71b08b45094bb3fe6afa051609d7d51323034812601d3b47eae2d13Debian Linux Security Advisory 3313-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial of service.
2e58c4b602469b6006a0a897b4f48fb0ecef8c77468fcfdd3958ced23f009b86Red Hat Security Advisory 2015-1488-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
8f436bf84679e66da54f12816d6bf2a4d760e738018e00154e0c1955a13a4f73Red Hat Security Advisory 2015-1483-01 - The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
806b8529b5f262df0eb3996cae8fc333c0297362a681fc94c95f49756eee762eRed Hat Security Advisory 2015-1482-01 - The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root.
62f04998ed0f8898f85e4682c6bbdbf75ff623230c1af30c88f3efa928cb67a6Ubuntu Security Notice 2684-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
c2a387be4e13bc76e8d691c26a62d180fdafc4908f03c7bf1cdfa528bcb41df7Ubuntu Security Notice 2683-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
3af9e86c7769bcaffec157bf917b3e0a30ab6bc938c69d9a3b2611e3ee7a8ec6Debian Linux Security Advisory 3314-1 - Upstream security support for Typo3 4.5.x ended three months ago and the same now applies to the Debian packages as well.
d0d927348eba1d9e8a819d62607d411c04de826b19e1b9ba39e909a4b79c72daUbuntu Security Notice 2682-1 - A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). A flaw was discovered in how the Linux kernel handles invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums. Various other issues were also addressed.
a6a98fab9d0381b3994020610c156d8f63399b7e9c2518b29e9dac5d0ac7b685Ubuntu Security Notice 2681-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
ff3d9b87245aa7a7be470860e38a4c3db83869527facf2395999f9c0ee992785Ubuntu Security Notice 2680-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. A flaw was discovered in the kvm (kernel virtual machine) subsystem's kvm_apic_has_events function. A unprivileged local user could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
9f8c52cb857d1bf6c9403fdeb6ee3ffa2190d244d316b7b2e938a8957adf6f3bUbuntu Security Notice 2679-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
093b6ea5cf583f5e4862e592941aee13388244e99f55e960dbec4cdfdfad8107Ubuntu Security Notice 2678-1 - A flaw was discovered in the user space memory copying for the pipe iovecs in the Linux kernel. An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Daniel Borkmann reported a kernel crash in the Linux kernel's BPF filter JIT optimization. A local attacker could exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.
e9ec333052661bb9d7f920a92684486047046d470cf844ef04a87798d1297704EMC Avamar includes a directory traversal vulnerability that could potentially be exploited by malicious users to access the data on the Avamar Server. Affected products include EMC Avamar Server all versions from 7.0 to 7.1.1-145 (inclusive) and EMC Avamar Virtual Addition (AVE) all versions from 7.0 to 7.1.1-145 (inclusive).
c6bcceab48f34aae26e4a2a6e821e935301ecdd0843777f09bd60177c5a04537This bulletin summary lists one bulletin that has undergone a major revision increment for July, 2015.
dfbfa2a50e30d66f21c2c9f3183eaa18f1021dc2ce7c5214d084192eabc508e9cisco-sa-2015722-tftp.txt - A vulnerability in the TFTP server feature of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The TFTP server feature is not enabled by default. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
658481621117b1e5ad4720664e9f121c4ec0623b5bc76430db620a3e6fc56afcRed Hat Security Advisory 2015-1485-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
794c652bb7d208e3f4dd4c9b8fac7a97aaa4c11f4e0da035ca9234948959b6e5Red Hat Security Advisory 2015-1486-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
1a69476a2a502577fbfdefd6cda2711b581bb8fc6bba18e7c2c0acd53f683d9fFreeBSD Security Advisory - TCP connections transitioning to the LAST_ACK state can become permanently stuck due to mishandling of protocol state in certain situations, which in turn can lead to accumulated consumption and eventual exhaustion of system resources, such as mbufs and sockets.
ca370532c669a959a43a27961c0f51adab4f5da48a536d4759a39ad719cbe9a9Red Hat Security Advisory 2015-1344-01 - The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. Note: This issue has been fixed by adding the "AUTOFS_" prefix to the affected environment variables so that they are not used to subvert the system. A configuration option to override this prefix and to use the environment variables without the prefix has been added. In addition, warnings have been added to the manual page and to the installed configuration file. Now, by default the standard variables of the program map are provided only with the prefix added to its name.
14f6a08aaec36181c76a2200b5055fb5bc3d2ce81fa1e01f5ce899a036fca960Red Hat Security Advisory 2015-1385-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash.
e856697fa0fbaf74af1b4b3706a28577bc53843c99783d86587297c7214ca752
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed