Apache Shindig PHP version 2.5.0 suffers from an XXE injection vulnerability.
779177ad830a97195b2451720ea3c03e6dc8551bf514a289092bcaf78efa0131Red Hat Security Advisory 2013-1452-01 - Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted for this update to take effect.
8918c51a4d5096f3603f0ccb0d01438f72d90b8af5cba89f0c34d75790db9bfbRed Hat Security Advisory 2013-1451-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine.
2830afe752112f60de3a3605472783ff304efaec102c0abddb10db6ca1586335Red Hat Security Advisory 2013-1449-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled, an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
aace845a09644be52cb6b598679ab31730442e1c2bb5e7f17b6cee8c6a7a54acRed Hat Security Advisory 2013-1450-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
bec42a1124d17a24babb445c0086c515568c978ad5ba4a0a9bda8deab480db7fDebian Linux Security Advisory 2784-1 - Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation.
82535cd588a62e5fc585f940c3816c00eb6aca566b9ff38c936e61a5a546ec92Ubuntu Security Notice 1996-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.
b0b5321c721ce6390aa2e111ac2673c1b2bf2223671959b7b7598ed25471d53fUbuntu Security Notice 1994-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.
4ece68db30f10fd1d7fda3af2dcb83064de8a1d751b5b15cb0acc4f7b104a5e9Ubuntu Security Notice 1993-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.
ddaff993b996ad7f4bb575a24a8c31c6ab3dd219c1b54202bfa65d8eecdb4cffUbuntu Security Notice 1995-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.
0e828e972162722656770066732a813580466305366a1309823de26dd0b6dd6dUbuntu Security Notice 1992-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory.
fee2014bd298fc59f037cb42a0648e8986000f07a2494dd7c010b2a81e15e98fUbuntu Security Notice 1999-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.
46dfbbb3131e008fbc18c11154dae6142610f2973f8a2894f93585d6defc7ba8Ubuntu Security Notice 1998-1 - An information leak was discovered in the Linux kernel when reading broadcast messages from the notify_policy interface of the IPSec key_socket. A local user could exploit this flaw to examine potentially sensitive information in kernel memory. Kees Cook discovered flaw in the Human Interface Device (HID) subsystem of the Linux kernel. A physically proximate attacker could exploit this flaw to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted device that provides an invalid Report ID. Various other issues were also addressed.
6fe1ea254476a5b155997999ca06779d4d5cc86acc30e3d6c9312115df1ff8e8Ubuntu Security Notice 1997-1 - Dan Carpenter discovered an information leak in the HP Smart Array and Compaq SMART2 disk-array driver in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel memory.
b4163dd4a3d390dd6e4e06d33615c68368b4f3bb18f9e7317255408e917671a0The Joomla Maian15 component suffers from a remote shell upload vulnerability.
3168f3488a6baf2ed1904d0050d120b760732da3113c601c9bb74e3fcfc7685bThis Metasploit module exploits an anonymous remote code execution on D-Link DIR-605L routers. The vulnerability exists while handling user supplied captcha information, and is due to the insecure usage of sprintf on the getAuthCode() function. This Metasploit module has been tested successfully on DLink DIR-605L Firmware 1.13 under a QEMU environment.
0a2625495d220d8e34aeaeab3b030e38d5c3d8c061e96a0d097c1527e36f1458This Metasploit module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands.
a7114479b9ce7f63393a233814fca94f23890b35fff1a4000dbd132da087dd09This Metasploit module exploits a directory traversal vulnerability on the version 5.2 of the BIMS component from the HP Intelligent Management Center. The vulnerability exists in the UploadServlet, allowing the user to download and upload arbitrary files. This Metasploit module has been tested successfully on HP Intelligent Management Center with BIMS 5.2 E0401 on Windows 2003 SP2.
259ed051cf78d79d3dc1060b81ae4b7df6b46139d8805a2a7c01408edc69946d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed