Red Hat Security Advisory 2013-0681-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .
7b43a70c7839a4fa3bf669603796b5a5Red Hat Security Advisory 2013-0680-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .
9b3c2fb661bb1776118660042d968403Red Hat Security Advisory 2013-0679-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .
9a9a826531da2632572935744018905aThe LinkedIn Investors site suffered from multiple cross site scripting vulnerabilities.
2df6aed972da31dba4e0e7f13b2a1018LinkedIn suffers from a cross site request forgery vulnerability in the "Add Connections" invitation functionality.
3598a14ed8bd8fecb48cb125a5aca283Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1635,CVE-2013-1643.
92be7eacf6b0d634b25370cc20f27110LiquidXML Studio 2012 active-x insecure method executable file creation exploit.
8481a1111059e71512f4a866d43e0218LiquidXML Studio 2010 active-x insecure method executable file creation exploit.
de59a2c491a2cad4f76688d832403f75Mitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.
e7ca83c4de0fa9f98a40525df59be727Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
5c21fa0d7106dd3bbca6011fd7c620a2WordPress Mathjax Latex version 1.1 suffers from a cross site request forgery vulnerability.
1089176abd2757275e7d829d029c6d96Ubuntu Security Notice 1779-1 - It was discovered that GNOME Online Accounts did not properly check SSL certificates when configuring online accounts. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise credentials and confidential information.
3140e21c384544cf04d997c814c9b5e7Ubuntu Security Notice 1732-3 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
0a738fb3465025960b4bc6a4d88bdffdWordPress Banners Lite third party plugin versions 1.40, 1.31, and 1.29 suffer from a cross site scripting vulnerability.
823f2f1406c18376306d50e898ea6969360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
2c6bd14d0393d0d20fe8a7bb1236fad6Rosewill RSVA11001 Hi3515 suffers from a remote command execution vulnerability due to feeding unsanitized user-supplied data to ntpdate.
a5509c4ddc8fac7e83b395d8b62f851cThis Metasploit module allows remote command execution on the PHP IRC bot Ra1NX by using the public call feature in private message to covertly bypass the authentication system.
4e926047266653b04e377ab7fa565454Sites design by Innovate Web Ideas suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
f13d4930fb4af71fafe4daa9fe7cdff0IconCool MP3 WAV Converter version 300 build 120518 suffers from a stack buffer overflow vulnerability.
22a2b7e8265fb425b3be24387b529c21WordPress Finalist third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9e214966bd3d1b932873d7bc6b9b52dcWordPress Level Four Storefront third party plugin version 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
54d9e690332a6e6c57abbccafbe40330Sites designed by Plan B suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
f69cfd46586aa7fbad828ab1ade8c1ad
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed