HP Security Bulletin HPSBGN02952 - A potential security vulnerability has been identified with HP Application Lifecycle Manager (ALM) running JBoss application server. This vulnerability could be exploited remotely to allow code execution. Revision 1 of this advisory.
b30f271b757401886554de4dfbd2e10bc1f7d66f3e0a19a69b7169dc91228181HP Security Bulletin HPSBGN02951 - Potential security vulnerabilities have been identified with HP Operations Orchestration. The vulnerabilities could be exploited to allow cross-site scripting (XSS) and cross-site request forgery (CSRF). Revision 1 of this advisory.
c269b1d60b3e90c5acb18d71d9329cd95b5832a4b458d1d64dba90e4d65129fdGentoo Linux Security Advisory 201312-10 - A buffer overflow in libsmi might allow a context-dependent attacker to execute arbitrary code. Versions less than 0.4.8-r1 are affected.
6aa435a29cce58ebaef5ee97b49c52c0045e0a66e59825d2106d819f7b61b00cGentoo Linux Security Advisory 201312-9 - Multiple vulnerabilities have been found in cabextract, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.3 are affected.
8cdb78dc586c4b23f55ef5470d748fdd81b5e9636acdcbc0d181c4649c5021adDebian Linux Security Advisory 2817-1 - Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code.
f3c71858a5f19feeca680c031798b02da6f0c617f5783c05975cb2a9f23b7313The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer. This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.
7406038cb1adf87acf1e03364bbd761251c6d8fc531065990b85c245ae25fbe4The Bio Basespace SDK 0.1.7 Ruby Gem API client code passes the API_KEY to a curl command. This exposes the api key to the shell and process table. Another user on the system could snag the api key by just monitoring the process table.
d611161b7de257aeced569b86efb86407334ac528739835cfa78af454f079352iScripts AutoHoster suffers from file disclosure, PHP code injection, file disclosure, and remote SQL injection vulnerabilities.
e688d35feae61acb5dcdfa1966f1c4b19724883860f61ef17d40a6500a340e63
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed