LuxCal version 3.2.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities.
cb1d2b3682114f3b26171869233c5bde5b3187d3b611ab0235bc2c24bb7a38abClipSharePro version 4.1 suffers from a local file inclusion vulnerability.
4bda46b32b5ee2408e5d9ae4e5b7a0735b8b72bd399ea7ec9bb984b111ae1d62QNX versions 6.4.x and 6.5.x suffer from a ppoectl vulnerability that allows for disclosure of /etc/shadow.
5c0faf1a0a91819585324e6293f765978634beef1af118930f364899b2d8cd3fQNX version 6.5.0 local root exploit that leverages a buffer overflow in /usr/photon/bin/phfont.
19e870dc4af45f9142802364260c85a97bb855c6dd8f4c546f6dc5f966feffd3QNX version 6.5.0 x86 io-graphics local root exploit that leverages a buffer overflow vulnerability.
599feb2a83e57f9097abc6a63e81c1d71632e87f4c7b3b69c52d7312d2d62af9QNX versions 6.4.x and 6.5.x ifwatchd local root exploit.
e5b7e006717ecc66aed13554af23e9c9683aad8e73b91602735a97db51e3be49QNX version 6.x Photon functionality allows for an arbitrary file overwrite with root level privileges allowing for denial of service and privilege escalation for a local user.
2428c5f0b3b62dae9b037b581daba0764dd42b93c2e8ded7b7b27d6dddee2045Gentoo Linux Security Advisory 201403-2 - A Vulnerability in LibYAML could result in execution of arbitrary code. Versions less than 0.1.5 are affected.
5af7769072fb1c2fa085a3d704f5c9bcba6a0eb4453a6e683f06f898d0cf182bMandriva Linux Security Advisory 2014-050 - Multiple vulnerabilities was found and corrected in Wireshark. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
5d0325ffd6a325a71f963bfca7e8750d853c633e4a8175d97cbcd93aea5b0d21Red Hat Security Advisory 2014-0266-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an arbitrary command with the target user's privileges. Note: This issue does not affect the default configuration of the sudo package as shipped with Red Hat Enterprise Linux 5.
f10125d63e7953977de9d21c114beec69b7bd3670a5733b33b5fd25f0ee33485Debian Linux Security Advisory 2871-1 - Multiple vulnerabilities were discovered in Wireshark.
5dca6b9a21f684c0874c46a33c8b8aea70765f5a1925276ec74a7727127cb78fDebian Linux Security Advisory 2872-1 - Florian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation.
3770672a72490b90d1d2d45d4d967b5f28593c522423e64579e22e602bf4d379Mandriva Linux Security Advisory 2014-049 - The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls http://svn.example.com command. This advisory provides the latest version of subversion which is not vulnerable to this issue.
6dc36b60facb0c513dec64a3947fa32a7e8f3f108314026f3f279dac8b4fef82Mandriva Linux Security Advisory 2014-048 - It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.
3ce0f32f5ce56849a4c33a25e7f469b1c11cf2283019c23c3438a49e62da8402Debian Linux Security Advisory 2870-1 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
5ae52e3c2de0b635a84fa42b1da961627ebdf663a5be16346661ae855100bd05Ubuntu Security Notice 2142-1 - Florian Weimer discovered that UDisks incorrectly handled certain long path names. A local attacker could use this issue to cause udisks to create certain directory structures, possibly leading to privilege escalation.
390e66bcde86a577bb810b745a889165575865a06ecd9f960604c396242acf44QNX version 6.x suffers from an enumeration vulnerability using the setuid /usr/photon/bin/phfont binary.
6d8c2b3e86406470b2ec78792cebe88b0350304f76f4474ded0115d2baf4ab28QNX version 6.x suffers from a file enumeration vulnerability that leverages the setuid /usr/photon/bin/phgrafx binary.
f9892def99ee2cd533b3bb50760be4d343f5ec3f2e072b5939393723e93753b2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed