WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability.
f5ed38919ebf60c33cdf7aced877de1dWindu CMS version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.
319d10014a209c8e62f3a8b2d72e2a14AutoCAD DWG-AC1021 suffers from an arbitrary pointer dereference vulnerability that can be exploited to compromise a system.
2a13729243557456ed22e71e7aa751f3Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.
25beea34e921a3859fbf38b5e844e2a8Drupal Scald versions 6.x and 7.x suffer from a cross site scripting vulnerability.
1ff12cd1aca1579ef087f7e90cc65336Magnolia CMS versions 5.0.1, 5.0, 4.5.9, 4.5.8, and 4.5.7 suffer from a cross site scripting vulnerability.
0a455352ea15e7e429543669786b1f7bThis is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).
d2393fd5c46ac860e38c29fc4e30d965Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.
09aec546e2e8fb3a83f2428948e03269Basic Forum from JM LLC suffers from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
c02990ec441e59e507897fed52722db2iPic Sharp version 1.2.1 Wifi for iOS suffers from a local script insertion issue.
98afefe7d6bbe8cd52212973bf7722d3Easy Blog from JM LLC suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
589e28cb13972bb2f6f3b49b77b0c419FileChucker version 4.56t-e07 suffers from an arbitrary file upload vulnerability.
8bb5d6c43efff7d4f470fd1a33ed95e7WhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.
5bdfe282c884d3b9fe15ef1e9dd0a09dCyberoam is warning the general public that Orbit Downloader is causing massive SYN flooding.
ebfc3dc4518a3de3814b626d1128381dvBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality.
2b64e85f5ca1b2250207d8ee15c00910Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.
629543ce28ec3bf0b57331577b982009Red Hat Security Advisory 2013-1103-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust.
5e928029aabf36840608ca8a207f9a9aUbuntu Security Notice 1908-1 - A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
1414986458488de8c4c736aee36c3594
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed