Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.
8998433b0bea32dde00acd6d3311c61443b062424f5faeac20c6cdfee2adbe3bA simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.
c8ef16e32d79b56646936f40819360d5231808c030efb457b8afed16f3c94923The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.
eaeed66e6e35211d5de8494085612d6cabc696df21d84244931e4cb825cb4492DaloRadius suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
dac44b7efab3b59bb2bece48236156df6cdf384dff8f1629a610c458be0fe847The EverFocus EPARA264-16X1 DVR allows unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80. Firmware version 1.0.2 is affected.
9498ec7c2d7d5276591c2ebc8509ab56201a5acf174aead7063bf8fe2488c95cThe default installation of Skype is vulnerable to a local privilege escalation attack that allows an unprivileged attacker to execute arbitrary code with NT AUTHORITY/SYSTEM privileges. Versions 6.2.0.106 and below are affected.
d220809c5a2ec3bca6b7d83539650b12420bc8778406212fc05cd585e28a6a0fThe Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.
162aad6a25e60bab68f51ec49f90cbda2650407c9f0ac15d752cc71dba4606beDebian Linux Security Advisory 2648-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager.
3fc375a47b826db087cce2564e87b9c320aab1c05447a531e7f739a3bf803897Debian Linux Security Advisory 2647-1 - A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.
d47fae449bdaf311c4618b1ae36fe78802d600ce4163213705762394cfc40e0fDumpzilla extracts all forensically interesting information from Firefox, Iceweasel and Seamonkey browsers. Written in Python.
65a9d9d995e274d497b0bd3c11c2720735a0a5e970ce551bfa3eff7cec43ee9cApple Security Advisory 2013-03-14-2 - Safari 6.0.3 is now available and addresses multiple security issues. These fixes address memory corruption issues and cross site scripting.
e8fb3bcee240bccc74fd00148304720bad83d31d8a9f970f1f2b7ebd82d86810Apple Security Advisory 2013-03-14-1 - OS X Mountain Lion version 10.8.3 and Security Update 2013-001 addresses multiple vulnerabilities. These updates address a canonicalization issue with HFS and Apache, a buffer overflow in libtiff, an authentication bypass, and more.
1e8f51ffad32ee5ec0c6272e89d6a3912ef63b3f493ec6bce9c955e8f09dc3f6Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
8527754e7eb235317e37a50706d94d3fc9d880fd0bf6f3cb83757d64a720e9ffSome Dream Boxes with OpenPLI version 3 beta images are vulnerable to OS command injection in the Webif 6.0.4 web interface. This is a blind injection, which means that you will not see any output of your command. A ping command can be used for testing the vulnerability. This Metasploit module has been tested in a box with the next features: Linux Kernel version 2.6.9 (build@plibouwserver) (gcc version 3.4.4) #1 Wed Aug 17 23:54:07 CEST 2011, Firmware release 1.1.0 (27.01.2013), FP Firmware 1.06 and Web Interface 6.0.4-Expert (PLi edition).
08146370ff7e87193e0ac650501ba578d139728fdb5da79083867c3d68983b6cWordPress LeagueManager plugin version 3.8 suffers from a remote SQL injection vulnerability. Both an exploit along with patching recommendations are provided.
a3e13cf6b95a3336ab25ac8195f16b3844e2f53413a7db2fbea7d99a9a980665Petite Annonce version 1 suffers from a cross site scripting vulnerability in moteur-prix.php.
4d7c27491eec42b373a976e3e8c93b8036534ebe80480c62b3a9c04bc029abf3Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix a security issue.
80bbc6d84cb40341c297e1e014e7810347e1070ca8f87dcb025b3c74358b6a88Slackware Security Advisory - New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-1667.
61afc6e373cc8a2593e5f9cf519ab0b62c9ed5882774a848c94de205325acb57Ubuntu Security Notice 1763-2 - USN-1763-1 fixed a vulnerability in NSS. This update provides the NSPR needed to use the new NSS. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data. Various other issues were also addressed.
14c2109289cf639924ee155649aaf99f56995b1e908629a630645e7226d2101bUbuntu Security Notice 1763-1 - Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in NSS was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
0169b782ecce9f3cb1ee538627164630ed963e7b52a23bd3d0008dc583acfa40Red Hat Security Advisory 2013-0649-01 - Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration platform. This release of Fuse ESB Enterprise 7.1.0 Patch 3 is an update to Fuse ESB Enterprise 7.1.0 and includes bug fixes.
25b335c51975b777b1647472a9f39f2461c65c9b63d4d975008ba45dbcefdb56Red Hat Security Advisory 2013-0647-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.
cae7f2723e72a831376fbdd1d9a7180b3d68ef9063766a4141634d2342c6f76aRed Hat Security Advisory 2013-0648-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.
622d29c2160f22699e5b7c9c65fa1deed1df2ed503b5aef7ffd26ac8ce417669Red Hat Security Advisory 2013-0646-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username.
b3c19a4366ad523734159f85e06904742d756e830065660510bfdc31ede59ef8Ubuntu Security Notice 1764-1 - Stuart McLaren discovered an issue with Glance v1 API requests. An authenticated attacker could exploit this to expose the Glance operator's Swift and/or S3 credentials via the response headers when requesting a cached image.
5f7ca5e0136683964cdafe38aa284436d2548ccb00bf399c52adc234b66f7bd6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed