Jamroom version 5.0.2 suffers from a cross site scripting vulnerability.
63e18a95e0d1d35fd6ce7e97992f77b0Enorth Webpublisher CMS suffers from a remote SQL injection vulnerability.
5e7f20f95b9966bc014ead1d37072618Wireless Transfer App version 3.7 suffers from a command injection vulnerability.
a58ea521e9316ea3efd156865e7d20dfDell Sonicwall GMS version 7.x suffers from filter bypass and persistent cross site scripting vulnerabilities.
8ba2df40fe112f10113ccc857bbc0279NagiosQL version 3.2.0 Service Pack 2 suffers from a cross site scripting vulnerability.
5b23da926d82fe9a9aac2416562deab9RedAxScript version 1.1 suffers from multiple remote blind SQL injection vulnerabilities.
aaae0b9a6888f430683b128cf50bbb25NeoBill version 0.9-alpha eCommerce suffers from local file inclusion, remote command execution, and remote SQL injection vulnerabilities.
389b11a49715db0734ad51ef74d26b8bRed Hat Security Advisory 2013-1790-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An information leak flaw was found in the way the Xen hypervisor handled error conditions when reading guest memory during certain guest-originated operations, such as port or memory mapped I/O writes. A privileged user in a fully-virtualized guest could use this flaw to leak hypervisor stack memory to a guest.
b40ed0715433bff515dd7b63840541aaRed Hat Security Advisory 2013-1794-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.
64416d97c3bb0323fdf7b8979b7e68c1Ubuntu Security Notice 2048-1 - Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
c5eaa49af71322b8e2fb0a62bff4d62aRed Hat Security Advisory 2013-1793-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5 and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
4e16466b04511b6e2f6ea808448fcbb9Red Hat Security Advisory 2013-1791-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
028a41e99a7b6679ef72e47f223ac5aeRed Hat Security Advisory 2013-1792-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired as of January 7, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 7, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.
ff633d819b042ee8c1d222fd8b03b0bcRed Hat Security Advisory 2013-1783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
b77c4c8ac04f0da3c37f0cdf435ac04aWordPress Easy Career Openings plugin suffers from a remote SQL injection vulnerability.
f36cf89cbb17035d125da48836842dc2
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed