Multiple stored cross site scripting and cross site request forgery vulnerabilities exist when parsing user input to several POST parameters in Stark CRM version 1.0. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user's browser session.
8c7cb8470dd05d45f08a3c8bf719e35d3641de67c99f53df0cf0f5d685cf33c5AdRotate version 3.9.4 suffers from a remote SQL injection vulnerability.
e266028eac942f15f6d5c12f24958ce411494ef2b61a024a7a8ebda861c5fcd0The HITB crew is calling on the community of hackers, makers, builders, and breakers to send them their 30 minute talk abstracts for consideration to be included in the 3-day single-track agenda. Taking place at De Beurs van Berlage on the 28th, 29th and 30th of May, this single track, like the Haxpo itself, is completely free to attend.
5a94102535da35547f397090f1530a04aa901fc426aee761e1b4a5b78ed40e53Barracuda Networks Web Firewall X300 suffers from multiple script insertion vulnerabilities.
36ae852bde5cb477c4ae3614c988ae04b0ae0022389592cbd8ba055f726c683fEgroupware versions 1.8.005 and below suffer from a PHP object insertion vulnerability that can allow for arbitrary file deletion and possibly code execution.
6acf0c7bb78bf16c4e7a80bf94295df8ed76adf8b9f716ddf1396c8f075f25e8Verbose logging in Lotus Sametime version 8.5.1 logs a user password simply base64 encoded.
83a7b3d0184d9980f17866ccfef1a87269f5a9bffc36ad1349b83d3f04116a88Dassault Systemes Catia V5-6R2013 "CATV5_Backbone_Bus" stack buffer overflow exploit.
b9c312295d8a073944dc628dace9c57b37d1c0999e861122190110bb6b4e4bd6VideoCharge Studio version 2.12.3.685 GetHttpResponse() man in the in middle remote code execution exploit.
228da2a55f85e238a38f51f0a1e8c982a474297369a89295f5a2d46727406ec5Slackware Security Advisory - New kernel packages are available for Slackware 14.1 (64-bit) to fix a security issue.
cc78a9497557a0501a4443b959c390cd7c60c4c627e19be5e2974d83af41c6bdGentoo Linux Security Advisory 201402-18 - GNU Midnight Commander does not properly sanitize environment variables, possibly resulting in execution of arbitrary code or Denial of Service. Versions less than 4.8.7 are affected.
ceed69737e7c9a4f5f9ef054f685065c8dab8dcda182eaaf2a1e9c196f8826f2Debian Linux Security Advisory 2865-1 - Various vulnerabilities were discovered in PostgreSQL.
1e90886f93fefed24a7953c71f5b376443d1842c66045e0c90af12c5d5c348beRed Hat Security Advisory 2014-0195-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. This Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.
ad17b99c336d1d0ac63117515d8fb941efea61e47e0482fa54c72c275372cd9eDebian Linux Security Advisory 2864-1 - Various vulnerabilities were discovered in PostgreSQL.
1867d5a2cd522f7cbb2c54a13eda5771d56c14a038dde227b4ba0af113cc2e61Mandriva Linux Security Advisory 2014-045 - A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter. The updated packages have been patched to correct this issue.
a65c1beb056ccb0d18e8a96e55d09be2aa60f9240441e3ae174e13ed63df08d3Slackware Security Advisory - New mariadb and mysql packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
b83dbc636a812dc56e004c015b772296ed0b6e308651fe000eca32edf038ccee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed