Ubuntu Security Notice 2030-1 - Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04.
88d0a7e54ad7c4580130985a1ea62ac214b9e93f97f5151289a1646fd2f8e8ebTomatoCart version 1.1.8.2 suffers from local file inclusion and directory traversal vulnerabilities.
80edf86022b40bc33df2e29333ac72332b23148388612cd80bcc1bac5cb7b036This whitepaper goes into detail and multiple different ways you can using blacklisting with mod_rewrite.
445a092f63671e00d8cffe2e287b941a30901deeac5d0dc5b36b340fe8ad032aDebian Linux Security Advisory 2798-1 - Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain.
9363b2d66b1be8b2c64a2ee99bfb751ea42ee87086b3cd18e8fcae0ba052400fWordPress Tweet Blender plugin version 4.0.1 suffers from a cross site scripting vulnerability.
7dd056ebf7a017614701914e9d8cdf3368acf8be185e3d65dc66b408e337e672PHP-Nuke version 8.2.4 suffers from cross site scripting and local file inclusion vulnerabilities.
e6a6feff30584aa0b101a715aac4a57ef1a047c221e5c1801ebe24b0f614d01eFacebook suffers from yet another open redirection vulnerability. This time the issue is in campaign/landing.php.
fa83309f306ce394994a46fa30357ecafc806aa8106411b43263e5362d25cd29DeepOfix versions 3.3 and below suffer from an SMTP server authentication bypass vulnerability due to an LDAP issue. Exploit included.
24bd2a61ed26e639e6b823b3e2f7cc39031c2662744ed2bbda21195c3924d603DesktopCentral versions prior to 80293 suffer from a remote shell upload vulnerability.
4aad22e43397ec7360050815be62145be5467cc3cc7f5dc670993b7a63712604Kaseya version 6.3 suffers from a remote shell upload vulnerability.
20dc6ed57c27f12c771790a0beb065620e6be1b55b63ed26a4bc41e7bec9b483Red Hat Security Advisory 2013-1526-01 - Nagios is a program that can monitor hosts and services on your network. It can send email or page alerts when problems arise and when problems are resolved. Multiple insecure temporary file creation flaws were found in Nagios. A local attacker could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack. These issues were discovered by Grant Murphy of the Red Hat Product Security Team.
26ed51d06c4f102c04988c4bda77685e8771e157d676f92bd65c4733b3fcd5f6Red Hat Security Advisory 2013-1525-01 - The openstack-glance packages provide a service that acts as a registry for virtual machine images. A flaw was found in the Glance download_image policy enforcement for cached system images. When an image was previously cached by an authorized download, any authenticated user able to determine the image by its UUID could download that image, bypassing the download_image policy. Only setups making use of the download_image policy were affected.
e0eb3f673d25b971dfa5e7bcb73d6d651ce3b1ffe95cdbb2b5cf1de8b7715300Red Hat Security Advisory 2013-1524-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that tokens issued to a tenant were not invalidated when that tenant was disabled in Keystone. This could allow users assigned to a disabled tenant to retain access to resources they should no longer be able to access. These updated packages have been upgraded to upstream version 2013.1.4, which provides a number of bug fixes over the previous version.
b24f71928e7f9e525e30eb87c9d89f612ec145a89de4dc93edae2fdb4ed1e42bThe bt8xx video driver in the Linux kernel suffers from an integer overflow that can trigger a kernel panic. Kernel versions 2.6.18 and below are affected.
5e999ef89be83bedfff1b0aeeec2f2106773a720437d97c4c3579bce3dba124eMorxCrack is a cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords.
3469672d2407862ceff8521d2671628ae33a178e865f4763afa9a0696e861072Optomise System Ltd suffers from cross site scripting and information disclosure vulnerabilities.
c1f0ce5a3fe26ddb99b0616d5d61b0460e2f1e5b210f0a665619a91d61d91148
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed