G Data TotalProtection 2014 version 24.0.2.1 suffers from an arbitrary code execution vulnerability.
d13c4d1c5599bcffe508e75fe31ffdd878a567e0ff4fc55a9e3ea8326e575583FreeBSD Security Advisory - The file(1) utility attempts to classify file system objects based on filesystem, magic number and language tests. The libmagic(3) library provides most of the functionality of file(1) and may be used by other applications. A specifically crafted Composite Document File (CDF) file can trigger an out-of-bounds read or an invalid pointer dereference. A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. A malicious input file could trigger infinite recursion in libmagic(3). A specifically crafted Portable Executable (PE) can trigger out-of-bounds read.
55cc6eeed758a444fa53fb8b127508d97e88a58406f30d111d81e9ff1df57c77FreeBSD Security Advisory - A NULL pointer dereference in the initialization code of the HZ module and an out of bounds array access in the initialization code of the VIQR module make iconv_open(3) calls involving HZ or VIQR result in an application crash.
9bfeb0e4817eb394eec76aa8f4fc00b3d2ab4fd8db2a80a5508e38d04a7226b7RedTeam Pentesting discovered a cross site scripting vulnerability in Endeca Latitude version 2.2.2. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users.
0117a3582adcb45df2d59f7d5cf251f3aba0c99f2fe951f5b651db6fdbed6f34RedTeam Pentesting discovered a cross site request forgery vulnerability in Endeca Latitude version 2.2.2. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely.
99a9fe37102713781cb33e19705a416f50053d6d7e9f3c43db8e55b55166f87dStoresprite version 7 suffers from a cross site scripting vulnerability.
c6b72d41875e95a461df516082b4ea96529aa02422c666dd78d99280ba2170faThe Call For Papers for the 12th annual HITB security conference in Malaysia has been announced. It will take place October 13th through the 16th, 2014, in Kuala Lumpur.
f880e433338a2ac6c5081215135585e93b155e9fd11f46f8336ff48a40285095Gentoo Linux Security Advisory 201406-23 - A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition. Versions less than 2.6-r9 are affected.
57dc3e1a285c8fe8b6958526718ba1dc4e63fc27f271542dcf6e8b4fc210723fGentoo Linux Security Advisory 201406-24 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.66 are affected.
03fe3ef285b1b5d1ff8c208a973714bdf9c38116c4b573b22286d305c570965bUbuntu Security Notice 2256-1 - John Dickinson discovered that Swift did not properly quote the WWW-Authenticate header value. If a user were tricked into navigating to a malicious Swift URL, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
852027970b4a45e5e99ddbaa1d4e1623c2a36639b5516a4ace71e95384748ddfUbuntu Security Notice 2255-1 - Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in OpenStack Neutron did not properly perform input validation when creating security group rules when specifying --remote-ip-prefix. A remote authenticated attacker could exploit this to prevent application of additional rules. Various other issues were also addressed.
5f775a27ed4d74086084452e073f1d3f9e6287cb5e6b3c509943cf3d9cd94a8aVMware Security Advisory 2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library.
8cd3d3b5cff06fae69c9f9a484862c9a8161dfc6048ace9c43f4bda1f4c76169HP Security Bulletin HPSBMU03053 - A potential security vulnerability has been identified with HP Software Database and Middleware Automation (DMA). This vulnerability could be exploited remotely to allow unauthorized access or disclosure of information. Revision 1 of this advisory.
1810640be47e84480c50a8e56837d65eeec140c4910ff22cb30526ada4f2e835HP Security Bulletin HPSBMU03051 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.
385e5e6edf1d7ef7bbc8050d651def4d345aba8a057fa2b355d6c87431ead849Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
f86aa120b172105145f5b723718fabcd5166d7c4730b1069b104b7db69051aecSlackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
0e4965f7bb1d28a71301f19ccc59d0c8f659d4e086810b386a4b957fbf02238aSlackware Security Advisory - New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
d70acb59aa9d946ca7c03d3620dce7e120988cb13525d55d53947f4e44f6d58bSlackware Security Advisory - New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.
ffb2861293b91d3d41cb82b9fe3c9b272d7b73cfccae1f44e79448b86ce98a55Gentoo Linux Security Advisory 201406-22 - Multiple vulnerabilities have been found in Network Audio System, the worst of which allows remote attackers to execute arbitrary code. Versions less than 1.9.4 are affected.
8e8c98241fe321935320292f6bb27e27dfb069ad254ce093c7b8f131c4fa6a23Ubuntu Security Notice 2254-2 - USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185 further restricted the permissions on the PHP FastCGI Process Manager (FPM) UNIX socket. This update grants socket access to the www-data user and group so installations and documentation relying on the previous socket permissions will continue to function. Christian Hoffmann discovered that the PHP FastCGI Process Manager (FPM) set incorrect permissions on the UNIX socket. A local attacker could use this issue to possibly elevate their privileges. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. Francisco Alonso discovered that the PHP Fileinfo component incorrectly handled certain CDF documents. A remote attacker could use this issue to cause PHP to hang or crash, resulting in a denial of service. Stefan Esser discovered that PHP incorrectly handled DNS TXT records. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
ede7bd37ec15cedb840fd3409d5f9ccc217ba19f7004f1e7a557e85fe7a11fdbDebian Linux Security Advisory 2967-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury reported that GnuPG, the GNU Privacy Guard, did not properly parse certain garbled compressed data packets. A remote attacker could use this flaw to mount a denial of service against GnuPG by triggering an infinite loop.
ac40a5ca8c3f76072a4be56a4377566a9c18d6ef3028f59e42d536c5c72182d1Red Hat Security Advisory 2014-0790-01 - Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made.
0e13ed0ca0865bb4148cdab7442ec2e3cbc2d65acb04cd37108d09f3f118e88cRed Hat Security Advisory 2014-0789-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.
df6960d3491b83351ea2981cdccc88228741b708fd75b9ad397502a3952d4d4eRed Hat Security Advisory 2014-0788-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.
57c0800b7f3ba48e76c145bcd7098f16e17916222f694350196c4fe97a356438Red Hat Security Advisory 2014-0792-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.
d264fc26b9e87effa16c94b201823aee95d04b749b963f509a2b404fdd55bd4a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed