WordPress Duplicator plugin version 0.4.4 suffers from a cross site scripting vulnerability.
c11bcdd0311e215255171e238d9b2a4a5c5cbb4a495aa33f118f1d414bc6792bWindu CMS version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.
983c1316e05ee3e68fccee8c5baa23d337d5c12ebe07bd048da47708da19351aAutoCAD DWG-AC1021 suffers from an arbitrary pointer dereference vulnerability that can be exploited to compromise a system.
219a7db1a561eff423e65169d002771554f84e51f9e61f3996c00b73c866de51Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.
0adde045bd99e01ceb9cddd85290c183f51ea250b87fc07a959a2b1d427e791dDrupal Scald versions 6.x and 7.x suffer from a cross site scripting vulnerability.
31efa592720a283b50038fb9abf65bab1ccd1c7bab69eb9033f029d565ae589eMagnolia CMS versions 5.0.1, 5.0, 4.5.9, 4.5.8, and 4.5.7 suffer from a cross site scripting vulnerability.
e1a57d6ef2d1f9af10faf583024ebba7968cc1b930a63061237944f7b16d7b8cThis is a whitepaper discussing arbitrary java code execution leveraging the Java Debugging Wire Protocol (JDWP).
0adc9316e503d0fe3daa7da5e64d578c4f345eb5aeee58462a82afd7494b1a6dJuniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.
29ccd87908529598304cd583f8ee5922f7df5671abd5b2cd835597f7343deffdBasic Forum from JM LLC suffers from cross site scripting, cross site request forgery, and remote SQL injection vulnerabilities.
a1be6c25b484217301eba90ff838bc9a1af185b0119f02b1e6cacaea8446c25ciPic Sharp version 1.2.1 Wifi for iOS suffers from a local script insertion issue.
a5433fa7faac6fc77af274a37017e674b24332ffbee28a83a05ba18a5f260d4cEasy Blog from JM LLC suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
92e6510e14c604e95a17cc5ed18c985111677ae10b2de17eea7ab41b69bcd495FileChucker version 4.56t-e07 suffers from an arbitrary file upload vulnerability.
f85ccf5bba6e094130c5c3c7cfc595eb7fdac76706f72e68601c8fb4212bc86dWhatsApp fails to secure communications when spawning functionality for Google Wallet and Paypal. Versions 2.9.6447 through 2.10.751 are affected.
260e26aeec72763f25b273ccb4f424dd4aeffd1b74f89099d65012fdf72375d4Cyberoam is warning the general public that Orbit Downloader is causing massive SYN flooding.
90e5f178d86720bbe16c5ed5b968847e9f32057836a9e8e77e7dd1b41134ee7dvBulletin version 4.0.x appears to suffer from a remote SQL injection vulnerability in the administrative functionality.
0a0648a15e33987faeadd862bc64fb7b7f3b30b7a5ca898b18da61ee8e8ce0d2Mandriva Linux Security Advisory 2013-197 - MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. The updated packages have been upgraded to the 5.1.70 version which is not vulnerable to these issues.
229df34dd4237d981a5e24fcb11c9a090cdde5addd7ca7da33dcb3e9b36947e2Red Hat Security Advisory 2013-1103-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Red Hat OpenStack makes use of Puppet, which is written in Ruby. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct a man-in-the-middle attack against the Puppet master and its clients. Note that to exploit this issue, an attacker would need to get a carefully-crafted certificate signed by an authority that the Puppet master and clients trust.
3af6f62904e5e2f9c0544724370c57e046a437d3917b85caaca4e7f10e3a6731Ubuntu Security Notice 1908-1 - A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
c6e86f1288af7e22a761f9d766592dbed8c45c4f2f70fe5359000d1b2b6fc3f9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed