ntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic.
416f680eca8af567594e8b6d180dbb890b3878af0da9c1fadbc83a8c0321e8d1Dragonfly gem version 1.0.5 that is used for image processing suffers from a code execution vulnerability.
73d1691babfa29eb6acc63825a9b9c11c898fc71bcf13f71d6edd27512467136VTLS-Virtua versions under 2014.X and all of 2013.2.X suffer from a remote SQL injection vulnerability.
0ed68a92acb71c2b4782d8ca3eae4b92903781f036fd18f10eded456952c6dfbBarracuda Networks Web Security Flex Appliance application version 4.x suffers from multiple persistent cross site scripting vulnerabilities.
f9fbb5dd5944a82fd180aaec52a36c4c69a4e909cf944956e674721c4399c8b0Debian Linux Security Advisory 3011-1 - It was discovered that MediaWiki, a website engine for collaborative work, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and clickjacking between OutputPage and ParserOutput (CVE-2014-5243). The vulnerabilities are addressed by upgrading MediaWiki to the new upstream version 1.19.18, which includes additional changes.
c093fa7246682f73827de1c6b9f5ff7e4aee631748170883f9576b67e222827dDebian Linux Security Advisory 3010-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.
a870a2e3f43337f13da823b837e2b2a580c7b425c4bcfb883aa8dcf8c3bf1b98Red Hat Security Advisory 2014-1091-01 - The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.
bfba8c9afe97c836d18408e65e0458e1d5ab5d3cbd7bdfc6b98648846082f02aUbuntu Security Notice 2139-2 - USN-2319-1 fixed vulnerabilities in OpenJDK 7. Due to an upstream regression, verifying of the init method call would fail when it was done from inside a branch when stack frames are activated. This update fixes the problem. Various other issues were also addressed.
41cf4ca7d03378db0d0120613ed712544cf621b6acd20be946b090c7634922e0Barracuda Networks Web Security Flex version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
ece2c59c8d74f20072a1679a21750291f342d6dd646304a909824b4550e4fc97In this paper the author describes AV methods and focuses on how to fool antivirus emulation systems. They set themselves a challenge to find half a dozen ways to bypass AV dynamic analysis by using a fully undetectable decryption stub.
ac72453c0063b45b72cc8060aab4c417bf781a5eebbe61cae50fb5c93dc9c3c7SSDP amplification scanner written in Python. Makes use of Scapy.
faa957efd4fa5aa13163e90e0aad0e3bc11900ced7ecb7b093daae7820f92053Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.
b8c61362492344b22533cf0c29ae89e1126382231a1db7c063c8dfffc085a1daMEHR Automation System suffers from an arbitrary file download vulnerability.
43237482bf048fe3e4d3a8426312aff9c448c4522aee0f9855cc51af36bee3d7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed