Debian Linux Security Advisory 2880-1 - Multiple security issues were discovered in Python.
7fcd2b54485f6aa2f92a611bd4c1d7d2Mandriva Linux Security Advisory 2014-063 - A vulnerability in x2goserver before 4.0.0.2 in the setgid wrapper x2gosqlitewrapper.c, which does not hardcode an internal path to x2gosqlitewrapper.pl, allowing a remote attacker to change that path. A remote attacker may be able to execute arbitrary code with the privileges of the user running the server process. A vulnerability in x2goserver before 4.0.0.8 in x2gocleansessions has also been fixed.
d04dee72afa08bea4df3cf20c85fbe16Mandriva Linux Security Advisory 2014-064 - A flaw was found in the way udisks and udisks2 handled long path names. A malicious, local user could use this flaw to create a specially-crafted directory structure that could lead to arbitrary code execution with the privileges of the udisks daemon.
74bceb17a64d31206247df6b5ee1e391Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
167cace9ae510696dea0951b9e786d73Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
3d3ac8baa585a0f0ce8010b167522e4eRed Hat Security Advisory 2014-0306-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting attack on an application that uses data submitted by a user as parameters to the affected helpers. A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected.
2165282286e43fb494ca0b87573ab2edRed Hat Security Advisory 2014-0304-01 - Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the user running mutt. All mutt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of mutt must be restarted for this update to take effect.
c940e434dc1975843d8d0ab2026b31daRed Hat Security Advisory 2014-0305-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.
12dc7ea867e1c2cff6d59aad29d1e59fUbuntu Security Notice 2149-1 - It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files.
77ff71c50c94d46fa0f639420183c268Ubuntu Security Notice 2148-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
7725fb3628c1de3fdd03a2e2ad0c0261Ubuntu Security Notice 2149-2 - USN-2149-1 fixed a vulnerability in librsvg. This update provides a compatibility fix for GTK+ to work with the librsvg security update. It was discovered that librsvg would load XML external entities by default. If a user were tricked into viewing a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files. Various other issues were also addressed.
88eb78ddf549096e0a21c9f7dabb2584Quantum DXi V1000 versions 2.2.1 and below come with a static private ssh key for the root account that allows you to ssh in as root to any appliance. They also have a static password set for the root user.
99c963602d5b101ce619d77f1fe99256Square version 0.3.1 suffers from a cross site scripting vulnerability.
054428bb67e09696858e737f14c44b7dHP-UX rlpdaemon privilege escalation local exploit that appends junk, including localhost +, to .rhosts.
93036929ad62ab0d2cafff2a2ede78fbosCmax version 2.5.x suffers from a cross site request forgery vulnerability.
22651303a3be15c4e1ba1d9b198b5eb3Loadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.
37f891804293f83d99541b90c8134d6d
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed