Red Hat Security Advisory 2013-0681-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .
32357ad3c21abbde9aeddcd05fca1be975960a8cba6312d5deb4800bbee711a2Red Hat Security Advisory 2013-0680-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .
2dd2db97370c098a4f39f5dc56456545d352223c7fde8c6bcf1f9878474aab13Red Hat Security Advisory 2013-0679-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .
9cd819992de5ae233e4a9109208d7923df8497bb312ffc625e5b504206be0ef7The LinkedIn Investors site suffered from multiple cross site scripting vulnerabilities.
20cf335eff36b02cd7cdf733bd516815daeadfdbe43552c66b7dc93b741b649aLinkedIn suffers from a cross site request forgery vulnerability in the "Add Connections" invitation functionality.
c5b139a72bbd7b02ada9279c197de33ad532f99e9aef4a08b3dc7dd686b75a16Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1635,CVE-2013-1643.
e481a7708968f1a52826eb94e8afaae71ad3b4113b2142ef2c738d536aedb1adLiquidXML Studio 2012 active-x insecure method executable file creation exploit.
6229e6a4ed53e4f7fa659d84fce3e63cba583a5308f9dd12b2ecceb5f4d277b4LiquidXML Studio 2010 active-x insecure method executable file creation exploit.
d7802fe8f8971ac958b1ceae16b3c8417f9ad33014ba900fd85193453802609eMitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.
f9719948c2c98d6b095ce092b25be702eceda9fb377c0bb7f0b7c81a29f57509Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
96572d815cb2a391c7c15a03fc0240366cd4997c4e93649fa5658abd9bbe344cWordPress Mathjax Latex version 1.1 suffers from a cross site request forgery vulnerability.
eef9fe57923060a3364f12106f5449c6b6f9790fc30d849f3f71887ff567f95aUbuntu Security Notice 1779-1 - It was discovered that GNOME Online Accounts did not properly check SSL certificates when configuring online accounts. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise credentials and confidential information.
adbacb28c661e86390c76fd91c4d6379200052be7d4fa1b8d22419c32c854f3fUbuntu Security Notice 1732-3 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.
714d0b8055324fad3bfe313fe9719e788dc74886687fb2bdee9de630373218b6WordPress Banners Lite third party plugin versions 1.40, 1.31, and 1.29 suffer from a cross site scripting vulnerability.
f84aab438dea368c84895e35221d0f2a92675a6dd8c837c8c8ab87b3b72b0d98360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
41bfa76a0f30836f748df3bae1e6d18768164aff324a3ee88f2b0fac668f3430Rosewill RSVA11001 Hi3515 suffers from a remote command execution vulnerability due to feeding unsanitized user-supplied data to ntpdate.
80805c21f51ff3a27c9541a62622f652aef81a570b3ef82ba5fd1f2de36392f3This Metasploit module allows remote command execution on the PHP IRC bot Ra1NX by using the public call feature in private message to covertly bypass the authentication system.
0ca2edc3146081af6b7cfa1d1b095743c8a69ad6f34856249388fa89e835a862Sites design by Innovate Web Ideas suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
bf6fc35b391a94b2b16e5590b8c4c0d5f07fb050c944de0910f7590851baf3eeIconCool MP3 WAV Converter version 300 build 120518 suffers from a stack buffer overflow vulnerability.
d3641b585f54cc9b0731daf5e96fa4214b50373efc2ae5123d82ea0503497eeeWordPress Finalist third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
de24cb85c27e3140bfb6cb282c818c326e61dc11a2adec14efb28b613e4b6d5aWordPress Level Four Storefront third party plugin version 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
2793e0426823c0d4d1943351bb6e17f5cc58a108b2a54e19c3b5dff67efbd20eSites designed by Plan B suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
74353edb6b9bfad8c79dd5fc97bd85115a127b7ec3a208e7ce1ed9b1bf98ca4a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed