FreeBSD Security Advisory - When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted. This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include an user-entered password.
14f68578cd5c9bc887fcbe719dc74c0eFreeBSD Security Advisory - An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive information or allow privilege escalation.
22c046761afc564563c218783799e9d9Debian Linux Security Advisory 2740-1 - Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework.
6c8351584b4cdf8fb45211c3e1774015Gentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.
b7bd9bc6b79ccc873e88b20f9c3dfd01Mandriva Linux Security Advisory 2013-219 - Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted TIFF or GIF file that, when processed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. Pedro Ribeiro discovered a use-after-free flaw in the t2p_readwrite_pdf_image\(\) function in tiff2pdf, a tool for converting a TIFF image to a PDF document. A remote attacker could provide a specially-crafted TIFF file that, when processed by tiff2pdf, would cause tiff2pdf to crash or, potentially, execute arbitrary code with the privileges of the user running tiff2pdf.
5a46aeb467c6d8cb4c1a09a27480ea13Samba malformed nttrans smb packet remote denial of service exploit. This is the second version of this exploit that adds an automated offset and second argument.
b79361919f1960c55e71a2fbbc77d6fbMandriva Linux Security Advisory 2013-218 - The python-django package addresses a security issue. The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript.
38edde2eb54f73c4a16243f11925b673Mandriva Linux Security Advisory 2013-217 - Updated spice packages address a vulnerability. A user able to initiate spice connection to the guest could use a flaw in server/red_channel.c to crash the guest.
39e7e0739cebabfb2132b95499ff7659Mandriva Linux Security Advisory 2013-216 - ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
c80d859fc2ba7de640b1f34ecaf0f212FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.
f6e914a9f3008e9a153eea26c6fd138fmooSocial version 1.3 suffers from cross site scripting and local file inclusion vulnerabilities.
0772162cda3ad873db8317f24ede9024Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability.
30e50f109347a2713fca06c1babd6db7Cloudflare suffers from a cross site scripting vulnerability.
21a3d66d6c5eecaf994d2b6fe76949e7Paypal suffers from an arbitrary account deletion vulnerability that leverages unvalidated email account additions.
ff6d030cf675b57bd78668a4abac4f67GDD FLVPlayer version 3.635 suffers from cross site scripting and content spoofing vulnerabilities.
d769bdcc11fca24f53935929d133a68cVMware Security Advisory 2013-0010 - VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.
d8abf50142599d6998f008ebf1b8cb47Gentoo Linux Security Advisory 201308-3 - Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation. Versions less than 9.5.5 are affected.
3cf9b11834e724263ad48bfffea1396eGentoo Linux Security Advisory 201308-2 - A vulnerability has been found in D-Bus which allows a local user to cause a Denial of Service. Versions less than 1.6.12 are affected.
2830c9c951c970c298b66e550af06ccfSlackware Security Advisory - New poppler packages are available for Slackware 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2012-2142.
e25b38ca937c2d2a7595c0d28b2d8113This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.
02aea1a11fbe505a39d5b5245b30b28dJoomla VirtueMart component versions 2.0.22a and below suffer from a remote SQL injection vulnerability.
318ae197f7af2f69c7e8bd28d8733f01PhpVibe version 3.1 suffers from a remote shell upload vulnerability.
e36648967d66246de7c907d2904841edHP Security Bulletin HPSBST02897 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Revision 1 of this advisory.
9a4d3cb7dd0c4dbe1dbe24dd29113c54Slackware Security Advisory - New xpdf packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2012-2142.
99a627998219d71ff36edaa6f8c9d89eMandriva Linux Security Advisory 2013-215 - SQL injection and shell escaping issues were discovered and fixed in cacti. The updated packages have been upgraded to the 0.8.8b version which is not vulnerable to these issues.
772063ce9729042f667ba72a10e15d72
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed