Mandriva Linux Security Advisory 2013-231 - Multiple vulnerabilities has been discovered and corrected in openswan. The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the in many distributions and the upstream version, this tool has been disabled. The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted R_U_THERE_ACK Dead Peer Detection IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. Various other issues have also been addressed.
fb07f53fcbc6401898ba4775ff34c35ba6bd0724b1aaf7b8955e48769191fdc6Drupal jQuery Countdown third party module version 7.x suffers from a cross site scripting vulnerability.
2fc35ba2fb64959e39a544747940cccc810ca974f71b0115a443e20607b8c0d8Drupal Click2Sell Suite third party module version 6.x suffers from cross site request forgery and cross site scripting vulnerabilities.
f9128e2fc0e3873d8139356c71a6efa885b9f893852d0ba5c2deec75ec4391adWikkaWiki version 1.3.4 suffers from a cross site scripting vulnerability.
50a6264f9e82181f520977a4087cbbcda7d57a7f7edc82ecae17437d9e5bd3bcKwok Information Server versions 2.7.3 and 2.8.4 suffer from a remote blind SQL injection vulnerability.
df6cca0b9519acea28ac99e53fdf6de71e7490667f545e1ed50bc0a20372003cDrupal MediaFront versions 6.x and 7.x suffer from a cross site scripting vulnerability.
716da3a7cbe4af2f6d3e5adb8918f9e32d24859f3f7432b315869489d409c083D-Link DSL-2740B ADSL routers suffer from a cross site request forgery vulnerability.
fe2e9431049b9e6dd5b4acacc9d198f7e0af727e257da7fe42e487892de29a16Ruby Programming Language version 1.7 for iOS suffers from an unauthenticated file upload vulnerability.
49117ffa584a6641af0f6e0eb35c19881e9012e3d2ba442f1e392d3e04e9e543Vestel TV suffers from a denial of service vulnerability.
ae35749d51f89e40567c1912556107f28523d54ef5071ea3ac61b5ef68542716Ofilter Player version 1.2.0.1 SEH based buffer overflow exploit.
065674883829ffa506db5184e414b21c45b8ef30ef86f9e87e8212600f06f337Berndes Multimedia iCMS suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
78fa3512dc7a04e99bc4bc3f44b854083212008a8f8eb037c7e97fe946de7325Perl Programming Language version 1.6 for iOS suffers from an unauthenticated file upload vulnerability.
82f45a8cec71c681994d1f7677a3045e65b9ca71c95f7319e7b7dee148d692d5Personal Address Book version 2.0 for iOS suffers from an unauthenticated file upload vulnerability.
e7ac6dc4b5192b7ef32a6958064230df219e8fc4a639833ea2487803787e34b6Sites powered by Cinfores suffer from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
dc4b51f71e196d3472c6919cff102e29b4eb01658e8791c06d0fd240a47417dcSites powered by Ceder suffer from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
06b511a60c3a7012b99daab58bc1d44b215dd6a7dc0994bb8e341050d36c0759
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed