HP Security Bulletin HPSBMU02931 6 - Potential security vulnerabilities have been identified with HP Service Manager and ServiceCenter. The vulnerabilities could be exploited to allow injection of arbitrary code, remote disclosure of privileged Information , improper privilege management and cross site scripting (XSS). Revision 6 of this advisory.
1bc8245520cecce97f77f16812169c8bSkybox versions 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 suffer from an authentication bypass that allows for information disclosure.
442d0b8bb441f889ae1532b08a5ac0faGentoo Linux Security Advisory 201405-6 - Multiple vulnerabilities have been found in OpenSSH, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 6.6_p1-r1 are affected.
867f6beb5f3c209a3b73933db4c67529Red Hat Security Advisory 2014-0469-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. A flaw was found in the way Ruby on Rails' actionpack rubygem performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.
cdc4d0cfe60c1de3ac3fa143db9a99e5Debian Linux Security Advisory 2926-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation.
836873067313a312340f5083aaf5efb0Mandriva Linux Security Advisory 2014-086 - It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors.
663979e3bf3ce30b53f4e89b5d55ee62Mandriva Linux Security Advisory 2014-085 - ldns-keygen creates a private key with the default permissions according to the users umask, which in most cases will cause the private key to be world-readable.
73aa0a8e4906bd2002ade20a87461dfaMandriva Linux Security Advisory 2014-084 - An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. An attacker could create a specially-crafted image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application.
df2135e23d5f5c2f218569a6467313ecSlackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
b11a2deb392896d7109fa983a9ac2076Netgrafio is a tool aimed at visualizing network data. It provides tool and libraries to visual datasets to more easily represent the information.
a23e307197d4750908703b5e47540d00Skybox versions 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 suffer from multiple denial of service vulnerabilities.
41322d1b38fe21473e143d14961a042fAlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.
d1735e5cf20476892a9a1079fd25c89bEasy Chat Server version 3.1 suffers from a stack buffer overflow vulnerability.
b1530c2998054d47b6eee7b97dcf4963metafang2 interfaces with a Metasploit RPC instance to generate .NET executables that run x86/x64 shell code in a platform-agnostic way. One binary to rule them all. Also provides an encryption mechanism that will bruteforce the payload's key at run time.
65d67173eb317f99aeeba8e76a73a601Xshop suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
a683853b50db1eaa710d2cb27c27a1a9WordPress Bonuspressx plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
9ba020031590a6f1f9ead5c1975cc334
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed