MyBB version 1.6.10 suffers from an arbitrary site redirection vulnerability.
ac319ac2761fd810ff270e3d6536bf0e39351b6818fcc0992609e4633316b9e5MAC Changer is a GNU/Linux utility for viewing/manipulating the MAC addresses of network interfaces. It can set specific, random, vendor-based (with a 6600+ vendor list), and device-type-based MACs.
31534f138f1d21fa247be74ba6bef3fbfa47bbcd5033e99bd10c432fe58e51f7Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
12176f94719144d12932a13b96c31d03cb3253843bf044aac7cb6cdd6fff50ccAtlassian JIRA suffers from a reflective cross site scripting issue due to a failure to properly sanitize user-supplied input to the 'name' GET parameter in the 'deleteuserconfirm.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Versions 6.0.2 and 6.0.3 are affected.
ab3cb5e6a9aa9ab21e1203de1595664804cc4c0b93ca4062353260a40b6d0a24Apache CloudStack suffers from a cross site scripting vulnerability. Versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2, and 4.1.0 are affected.
cede899e8d6411ed24f0609ba390790970bac3c8867fe2ee368805e332e88d9bAn arbitrary file upload vulnerability exists in the official Nmap Http-domino-enum-passwords NSE script.
3f3f0fed34e91a5d44d190bceb8508b03d02326855de030750d04807d7eb4044Core Security Technologies Advisory - Hikvision IP Cameras suffer from buffer overflow, authentication bypass, hard-coded credential, and privilege escalation vulnerabilities.
a4a4535ab067aafda1e020840c583034d91d05f5ea87d44f5643945fba43b443Atlassian Confluence versions 3.5.6 through 5.3 suffer from a cross site scripting vulnerability.
134e7eac520cc20aea86f2b420492abe84f6288beee1c6ba0561fd1835097ec4Microsoft Yammer Social Network suffered from a critical information disclosure vulnerability due to an insecure O-Auth 2 implementation.
ee17ca110cf9ff28ea039cf6aeaf554e36835d8cc584b07592f7aea1af5a528aMcAfee Superscan version 4.0 suffers from a cross site scripting vulnerability.
bd831b86fa9986e22ed6966c13d321dab445ccc1cb7456fece5b01c3b191f1b7The LibPKI Project is aimed to provide an easy-to-use PKI library for PKI-enabled application development. The library provides the developer with all the needed functionality to manage certificates, from generation to validation. It helps developers integrate X509 digital certificates into their applications, and implement complex cryptographic operations with a few simple function calls using a high-level cryptographic API. The library constitutes the core of other OpenCA Labs Projects like the PRQP Server, the OCSP Responder, and the OpenCA-NG PKI.
6a4d125664c593f647956a1f083e9ab1981ad1c4de30456bd1147ac51762901bThis python script allows execution of a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of executing only a single command without any parameter, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.
f3af687e6ae93d7108daba5565a341cceceb6c51dd70cc03120b8c1910bc8e5cThis Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory {install_path}/bin/. The main goal of the script is to bypass the limitation of execute only a single command without parameters, as provided by already existing exploits. It is possible to exploit the security issue in order to run any command inside the target system.
5f0f9f62015fe421d3fb88ace93c276d32b36986aa82809a47927f87e8803536Mandriva Linux Security Advisory 2013-209 - The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service via a certain MOVE request against a revision root. This advisory provides the latest version of subversion which is not vulnerable to this issue.
48e908e5d6e879f8685025136974907f6e608316de4840a22d5d7adb36ddf92bMandriva Linux Security Advisory 2013-208 - A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. A stack-based buffer overflow was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash.
447932103e3d2b4135501f9e4d13f9622d71d76bfd8c995a757d16a355d9d1abMandriva Linux Security Advisory 2013-207 - Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service via a malformed packet. The updated packages for Enterprise Server 5.2 has been patched to correct this issue. The updated packages for Business Server 1 has been upgraded to the 3.6.17 version which resolves many upstream bugs and is not vulnerable to this issue. Additionally the libtevent packages are being provided which is a requirement since samba 3.6.16.
dfd7340822a40086019cf3ecd9e0e9b67dccce6e2b4941cbdeaedded779c5002Slackware Security Advisory - New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1896,CVE-2013-2249.
904e94b9f1535379b3379c68263113ed857048be3d847e496283546b5a717292Ubuntu Security Notice 1924-1 - Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
2f541122cf4292e498f025c0357ccebe409fbe0e6d41fb8080dadc4db0a84b7bUbuntu Security Notice 1924-2 - USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. Various other issues were also addressed.
d5607d8e20cc440391ba757e7d3496cd61fbee9d67917085c9b5c5ebf59e0da4Slackware Security Advisory - New samba packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4124.
cb6d7598ef0a905393d72be99fd794c7acd18caf7ff84cd293b3f21e5305d5e2SocialEngine version 4.5 suffers from a remote shell upload vulnerability.
67317f4cfcb1678cd318bb5c6c5d7b2d74b7020c8a8a285dd1f9b21910ab4007
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed