Drupal Comment Moderation third party module version 6.x suffers from a cross site request forgery vulnerability.
40d56ed7ea8f4a6948da8a283a611eb6Drupal Amadou third party theme version 6.x suffers from a cross site scripting vulnerability.
1bdcad999e5c211784a48b9d6895e9c9FreeBSD Security Advisory - There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.
e4d4e2b2811a3cf4254d7ba2637b5c40Ganesha Digital Library version 4.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
c2045f4a38e1f4e2ee6c062ea6595d1cWireless Manager Sony VAIO version 4.0.0.0 suffers from multiple buffer overflow vulnerabilities.
b730119a05ce6bec3a773c4db2c5b46fIbaguenet suffers from a remote SQL injection vulnerability.
79007404345326b2662c99d67f76e300NewsAdd versions 1.0 and below suffer from multiple remote SQL injection vulnerabilities.
9fb245df67e3d6b2acc07ec4f988f442WHMCS version5 suffers from cross site request forgery, HTTP parameter pollution, and cross site scripting vulnerabilities.
2872ea8a1a3ad234439140a1fa613b38Mapserver for Windows versions 3.0.4 and below down to 2.0 suffer from a remote code execution vulnerability.
e1a754afe3446ca1d2988baec2447e8bRed Hat Security Advisory 2012-0702-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
dd5623568386d8cf314e3a9d3116df67Mandriva Linux Security Advisory 2012-085 - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. The updated packages have been patched to correct this issue.
98864e82504c2072e99d71a60a50b166Ubuntu Security Notice 1455-1 - A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
d6fc1f7b6a189673c09cdefd2b89e5feSecunia Security Advisory - A vulnerability with an unknown impact has been reported in Restlet Framework.
52f5c538a398f7098ea8f417dba29cc3Secunia Security Advisory - Horde have acknowledged multiple vulnerabilities in Horde Groupware, which can be exploited by malicious people to conduct cross-site scripting attacks.
d02a63c50a9fb3a3a1e3666b96ba404bSecunia Security Advisory - Horde have acknowledged multiple vulnerabilities in Horde Groupware Webmail Edition, which can be exploited by malicious people to conduct cross-site scripting attacks.
1939ce7ab65f8d74a6783fd2f0e012d1Secunia Security Advisory - Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).
8614d7464f022d3fe8be0d333191b0c1Secunia Security Advisory - SUSE has issued an update for mailman. This fixes a security issue, which can be exploited by malicious, local users to disclose certain sensitive information.
32dc3b024cecf6b20354de647e026c2eSecunia Security Advisory - SUSE has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
9840c416e4d24d63e936f76652c48e79Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
b54c29f0f283f482fac820f524e7c939Secunia Security Advisory - Some vulnerabilities have been reported in the ALO EasyMail Newsletter plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
977f758d62abe66c1b175dd66dc9f2feSecunia Security Advisory - Some security issues and a vulnerability have been reported in AutoFORM PDM Archive, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site request forgery attacks.
bb0998c6b790acf63747695606765a6dSecunia Security Advisory - Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.
8f0f504853f466dca6ff67ce7bfdfdc6Secunia Security Advisory - A vulnerability has been reported in the BrowserID module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.
3d0cad85e134135b61345f70f36e44ebSecunia Security Advisory - IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
29f822f571229e114ea9572e1553e835Asterisk Project Security Advisory - A Null-pointer dereference has been identified in the SCCP (Skinny) channel driver of Asterisk. When an SCCP client closes its connection to the server, a pointer in a structure is set to Null. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. A remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server in certain call states (e.g. "Off hook") to crash the server. Successful exploitation of this vulnerability would result in termination of the server, causing denial of service to legitimate users.
e5bbb9c38534065f766274d2c055497d
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed