IRIS Citations management tool suffers from a remote command execution vulnerability.
e789e15c69c2329a965883f322fff813ff1f36966e788f2e72e60793bc951b08Linksys E1500 and E2500 suffer from cross site request forgery, cross site scripting, remote command injection, and directory traversal vulnerabilities.
8f4ca31ed3ff1f131edf930a3e632c1433e475e164124e9a7516f54e7b1af180Debian Linux Security Advisory 2612-2 - This update to the previous ircd-ratbox DSA only raises the version number to ensure that a higher version is used than a previously binNMU on some architectures.
086c3dbfbfe0be3afee646392c6d920ce885a0414245df8fc4392eb6f6b75b3aRed Hat Security Advisory 2013-0250-01 - ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue.
0c1ca928ab4078246f51993091cfb756bb07c01c97598bcc98f62b3721f74e77Red Hat Security Advisory 2013-0248-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
0cd84070a95714e2f26d8a323922ceaf81407a25678b121fd827d82772d04c3fRed Hat Security Advisory 2013-0249-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. When using LDAP authentication with the provided LDAP login modules, empty passwords were allowed by default. An attacker could use this flaw to bypass intended authentication by providing an empty password for a valid username, as the LDAP server may recognize this as an 'unauthenticated authentication'. This update sets the allowEmptyPasswords option for the LDAP login modules to false if the option is not already configured.
6761f84bc127bf9f98c90f2feeea537625896bc2eae21667feec92b4f2469766Linksys WRT160N suffers from cross site scripting, cross site request forgery, and remote command injection vulnerabilities.
39b1aacd1083769cd903e8b6c46c0bcef01ce5e97ca668800168ca3378fa2176D-Link DIR-615 rev H suffers from cross site request forgery, information disclosure, and remote command injection vulnerabilities.
41b970b21adea1850727bf853c7a64b9e73638cbc268a00e301d4a225d17b956Linksys WAG200G suffers from cross site scripting and remote command injection vulnerabilities.
2b6dddc567f756cb697c510a2e5bf2220a9fb207d776b1a3492dc2707810ea56This Metasploit module will create a boot persistent reverse Meterpreter session by installing on the target host the payload as a script that will be executed at user logon or system startup depending on privilege and selected startup method.
a70c92598f1b41407de595305edcc17da7cf3dfe1de0793892f2d4271ae6f663Schneider Electric Accutech Manager heap overflow proof of concept exploit.
49fa635763252eb16e9ccbb0e26e8f22a39b5d34dff91c81384d96f3f04280caIP.Gallery versions 4.2.x and 5.0.x suffer from a persistent cross site scripting vulnerability.
c1c33fdbb109d30530246b10c9d229244553f37d4e55e76bc2bd112b10ca38d8FreeFloat FTP version 1.0 raw command buffer overflow exploit.
4f7362ee6be1e79970cb01ac60656901c0993df1ed4c92ead3f4b9a9440a878bSecunia Security Advisory - Multiple vulnerabilities have been reported in Nuance PDF Reader, which can be exploited by malicious people to compromise a user's system.
f20533e6cc6f530f0dccdc9458d6f5a7276a7f016cfc4b7dc1f2c459d5ae7b98Secunia Security Advisory - Debian has issued an update for xen-qemu-dm-4.0. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
913ceb736b524d0e3605f9f055cc0d603440a946080eef1b763327d313453688Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in IBM Tivoli Application Dependency Discovery Manager, which can be exploited by malicious people to conduct spoofing, session fixation, cross-site scripting, and request forgery attacks.
a434a823d41673474fca6d73cf56ee4c14c21ca6ee751929d02ce6f40f9d59d8Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
c6062bce11eca8cf4876bf7ec83c64139632379192b744e7c7ffaad14e2e2addSecunia Security Advisory - Multiple vulnerabilities have been reported in Ganglia, which can be exploited by malicious people to conduct cross-site scripting attacks.
76ed587c5237d7d19b03c045879958efdacfe499f88134e05ea0e0e7bfa95318Secunia Security Advisory - Some weaknesses and a vulnerability have been reported in InfoSphere Master Data Management Collaboration Server, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
bf55cb2c861faf5bb75ba59384cbaaae5698b04be19b7a814336cc5bfee64700Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
ab1b253ef2fed31bfd104dc7e2952eb4c3ff0b18834b4d1f02c780c82dc271a4Secunia Security Advisory - A vulnerability has been reported in Cisco Unified MeetingPlace, which can be exploited by malicious people to conduct cross-site scripting attacks.
e47e00fd090dff876cbf478239835bc7588872ea9e838b15f096cb0fc032c8f0Secunia Security Advisory - SUSE has issued an update for MySQL. This fixes multiple vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct brute force attacks.
e08a115dd55ab8f1ba2ca44b08217ce6eebddf2055336d3f2b977c1bcabca785Secunia Security Advisory - SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
09aa77d4f84b0661fa4c1f1e876eac05266fa0264e39d722d4c4b233a42280d7Secunia Security Advisory - Two security issues have been reported in Apache CXF, which can be exploited by malicious people to bypass certain security restrictions.
bd77bc9acc24dad6de39f143b8655c5c95cbd5282497e1a19d1cf355f2311571Secunia Security Advisory - Henrique Montenegro has discovered a vulnerability in the Pinboard theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
cfaf465e72924cd779d5f32b49c4f11716d5b33214a36845ff22e2cb7fb416de
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed