D-Link DIR-100 routers suffer from multiple authentication, credential management, cross site request forgery, cross site scripting, and information disclosure vulnerabilities.
5fa80f1f29dd7ee9b093fe114dbad9791bd517a36b281032cef564fcfaa79130Gentoo Linux Security Advisory 201402-2 - A NVIDIA drivers bug allows unprivileged user-mode software to access the GPU inappropriately, allowing for privilege escalation. Versions less than 331.20 are affected.
1e3c861a499a68f06d0140261c9e32db0712c3b211350a7d0382be20fab714e0Gentoo Linux Security Advisory 201402-3 - An integer underflow vulnerability in Pixman may allow a context-dependent attacker to cause Denial of Service. Versions less than 0.32.4 are affected.
f461bacbca80208cfbe40a0793c77b58cae5262018231b8831473e40ed9403a4Gentoo Linux Security Advisory 201402-1 - Multiple vulnerabilities have been found in GNU libmicrohttpd, the worst of which may allow execution of arbitrary code. Versions less than 0.9.32 are affected.
2dad2ec6046b88c2b3cb81b2f25d75ce3bcd4d5a233d9fe1dfc6e6a6929fa6d7Ubuntu Security Notice 2097-1 - Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.
f11c67854a3104decb402ccf2a1ed533affcd9a766f64d10fe1bad7a0ee4f464Red Hat Security Advisory 2014-0127-01 - The librsvg2 packages provide an SVG library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. All librsvg2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect.
fcbc112c2011bbfaa630a03173d317b36980caa81e028f8712270b3e2516fabeRed Hat Security Advisory 2014-0126-01 - OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon performed reference counting when using the rwm overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request.
4c6c34a110e573e8c64ef30e2391a60e3e7c5c71a67b50e86f57e1694004e57aDebian Linux Security Advisory 2851-1 - Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts.
7ff5149651769ab685a8d22ecf1f421379747a2cb78fb7db2b2e6b44399f57ffMediaWiki versions 1.22.1 and below PdfHandler remote code execution exploit.
b8f79be011bdbd02e08ab7955ce6c1818acfb3f8c4507dda03c263a152a80c2fThe WordPress Stop User Enumeration plugin version 1.2.4 can be bypassed by using POST requests instead of GET requests.
2dd78ee648a3793edd606581b3bffa990f070dbc5f3063fd92e079140ca7f33aLinux 3.4+ local root exploit that spawns a root shell leveraging CONFIG_X86_X32=y.
ede5fc0e0b7e794118d72948df2017010eaec9fd53af8390f4d8bde0ec184fa6MyBB version 1.6.12 POST cross site scripting proof of concept code.
22ac595f753a3b43615359eea5fb2740c2bd4df7d83df7fcc165ba5b4fd2435dLedgerSMB versions prior to 1.3.36 suffer from an improper logout vulnerability that can allow for replay attacks.
aebd76ca1473ca0c35d7b7dbc17da3b164760cd470cacb9812093262becbfd72Jetro Cockpit Secure Browsing suffers from a remote code execution vulnerability that affects all workstations using the product.
02e7719dff1c189b4c1a63c2ece790d338fceba4614d30c5eb9f1cc4f0b02e7cLinux 3.4+ arbitrary write exploit for CONFIG_X86_X32 that spawns a root shell.
4fc904f1502158ecb8a6b7cfef323a01f7b9fb01f6ee00d06660c72f407ddd61Shadowbox media view suffers from a local file inclusion vulnerability. Note that this finding houses site-specific data.
b24bcffde0a5b44fc97c46924c491ae72262254441bb6c729b932f7182fd24e9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed