Mandriva Linux Security Advisory 2014-006 - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. The updated packages have been patched to correct this issue.
196f9ac5a1fe1e8ef8635691a7cee4edMandriva Linux Security Advisory 2014-005 - The TLS driver in ejabberd before 2.1.12 supports weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. The updated packages have been upgraded to the 2.1.13 version which is not vulnerable to this issue.
614e9f62186f7195af7cf5edb2830ab7Joomla Sexy Polling extension version 1.0.8 suffers from a remote SQL injection vulnerability.
4901f6bf1b42a6f9d147cd5193b426f6Ubuntu Security Notice 2083-1 - It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. It was discovered that Graphviz incorrectly handled memory in the chkNum function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. Various other issues were also addressed.
07da04fcbf5fb749f835315a30f1f5deMandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.
36ee9c14e0e6826f2f6d357a431cb2a9Mandriva Linux Security Advisory 2014-003 - Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor before 2.14 might allow remote attackers to execute arbitrary shell commands via $() shell metacharacters, which are processed by bash. The updated packages have been patched to correct this issue.
c2e75a67f0485cae7aa0159ebec26d01Mandriva Linux Security Advisory 2014-002 - The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.4-P2 version which is unaffected by this issue.
d654a11c62b993ed685e9fcfc78dee54Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
b1ec7b19dea8385954515ef1d63576d8cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
18efa3d3bfc1e1dbc2c266d9de34c983SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
69599e796973e7c9a55f16b83b9626e7Red Hat Security Advisory 2014-0030-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
2c0324e85b3a774b98a1cacf8a5c5dd5FreeBSD Security Advisory - Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service.
b370f9795ad4a3cfcbc030be34cd42f8Ajenti version 1.2.13 suffers from a persistent cross site scripting vulnerability.
a56777008d66c21bde88ed991396d712Drupal Anonymous Posting third party module version 7.x suffers from a cross site scripting vulnerability.
cf871a1b4ca6eb3b15327f2019eeec1bDrupal core versions 6.x and 7.x suffer from impersonation, access bypass, and security hardening vulnerabilities.
03a3de5308fdaffa7f351ff78bd4bda2DomPHP versions 0.83 and below suffer from a remote SQL injection vulnerability.
8df95832bf0c638d9bb82bbff1c230bdA local stored cross site scripting vulnerability affects Y! Toolbar for FireFox on MAC version 3.1.0.20130813024103 and Windows version 2.5.9.2013418100420.
0862e2aa10ac29fb2e0985cfec8b463eThe JavaScriptUtils.javaScriptEscape() method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in a cross site scripting vulnerability. Spring MVC versions 3.0.0 through 3.2.1 are affected.
7f8e24b87327b778c2e67cacf4da863f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed