Symphony version 2.3.1 suffers from a remote SQL injection vulnerability.
7e746f6f0becdb1c3bf1082b0fc80a06a0763df2b35b291a8f3a205d747948aeFreeBSD Security Advisory - A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack.
b53bfd66b506dafcb90c6c9516eb9205fffab27069d0f3a35836d94fab93d2feFreeBSD Security Advisory - A flaw in a library used by BIND allows an attacker to deliberately cause excessive memory consumption by the named(8) process. This affects both recursive and authoritative servers.
1dd487d7a38a6be933444db11b02dd1e2e265a2e5fb5dd7875698187215034f8Google Active Directory Sync (GADS) Tool versions 3.1.3 and below suffer from a local information disclosure vulnerability.
5af6fac3359b45806a514cce9e316949ac1c763760a0a252335bc60361e5db98e107 CMS version 1.0.2 suffers from a reflective cross site scripting vulnerability.
b0a7d7d19b1bf2785fccdbdb0f2175d28946b402c3fbfdcc3590de48c18ffc57Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
3b58e8bd3a82e8c37c44eb2f52ee1833913d60800103e936466bbd2328c0a6dcSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
e4cabaa55b9baede126441bc2d835d83d47424d8b948c120e1c5c9b9c8012a2bSophos Web Protection Appliance version 3.7.8.1 suffers from OS command injection, cross site scripting, and file disclosure vulnerabilities.
e23113a1748c2be870f5cf2ef66700daa14d3f01fcf098583228dcf13f1434eeNovell GroupWise version 12.0.0.8586 suffers form an untrusted pointer dereference vulnerability.
47e0f623fea3a5ed097e984178caf98801bcbed84209598283926cafe7ba2d6eFUDforum version 3.0.4 suffers from an arbitrary code execution vulnerability.
36279cc79b9bb26cd0dfb7956cb4f1df702478b62a9a137f7cb48f7ac0e3c190iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
5eb19e8d6cf7acaf5393a22e953b5672f0def1483e43ed8b95e6693b98ba0995Red Hat Security Advisory 2013-0700-01 - Jenkins is a continuous integration server. It was found that all SSL certificate checking was disabled by default in the Apache Maven Wagon plug-in of Jenkins. This would make it easy for an attacker to perform man-in-the-middle attacks. Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to this updated package, which corrects this issue.
2e1474d74bdc6d15346e98b54cdf58c4ef035856653a88200746b02f047d94dbRed Hat Security Advisory 2013-0701-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by creating different types of malicious objects. For example, it could initiate a denial of service attack through resource consumption by using a JSON document to create arbitrary Ruby symbols, which were never garbage collected. It could also be exploited to create internal objects which could allow a SQL injection attack. It was found that documentation created by rubygem-rdoc and ruby193-rubygem-rdoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.
21efbd85baf775bf343fbbe58aead019bee9fbcbd96c4e3f3a252fe9940c4e97Ubuntu Security Notice 1787-1 - Emese Revfy discovered that in the Linux kernel signal handlers could leak address information across an exec, making it possible to bypass ASLR (Address Space Layout Randomization). A local user could use this flaw to by pass ASLR to reliably deliver an exploit payload that would otherwise be stopped (by ASLR). A memory use after free error was discover in the Linux kernel's tmpfs filesystem. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). Various other issues were also addressed.
e7193629413cdad2b463bf06a7df8e90528471a345357eea7d9c6807f31923faThis is a whitepaper that discusses using Compute Unified Device Architecture (CUDA) GPU cracking to crack passwords.
73c83fc3029646d3e3bb2f6758ef93e292ef63789d5c4c52472d85962bf1620eSmallFTPd version 1.0.3 denial of service exploit that is written in AutoIT.
490e57206bbfaabcb311fd30eaeb013e30240b0f0f106cd454c6062b57aa06e9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed