Ubuntu Security Notice 2401-1 - Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service.
415a376ad65148e85810d24f42aaefd9bc889ce070aa07c87b73504b2172a186Red Hat Security Advisory 2014-1836-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
8d9a8727833060342b3f8edd5ac10693285691bfa1a25dffd384ca4ec9ca055eRed Hat Security Advisory 2014-1835-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
34ebf02b86bcfadf0dda911f6cfe8461ad07a2197b7f98e263769eeda7c4badfRed Hat Security Advisory 2014-1834-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
9a709e37af3cd03c5bec21c6eb01972b58c86cf4e2eba3b2061cc23171fb3001Red Hat Security Advisory 2014-1833-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat Product Security.
c8e06ab40cb432221b15620ffd9997b1b168d8488e421d284b4d65d3f0834c47PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
a34e45efe221ca9a4a7f0ed2582bf42715795a93ca4ff9bdfb31ac1e494bff5aMonstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.
333a7cbaeed3cb481b4ccd4a7866dfecf3b66efe774dfea04879157048aaa69eAnchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.
d1627d2ea7402acbd8c551b616bb1440bb991963b32d178d425ebbb7de626061ZXDSL 831CII suffers from a cross site request forgery vulnerability.
843e8f18a1aecb19a3193b0c21a2f4b43254e1c19a3543a86ca96e33f9b2994aIP.Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
1029fca8f5a270ef99408d415c08dcdd94232176b52896c8e45f98f4907417f9Ubuntu Security Notice 2400-1 - It was discovered that LibreOffice incorrectly handled OLE preview generation. If a user were tricked into opening a crafted document, an attacker could possibly exploit this to embed arbitrary data into documents.
6c4919230f6fe12246afa2c2e7e22f959cc3020a7b3c1ecca6650a558e522110Ubuntu Security Notice 2399-1 - Symeon Paraschoudis discovered that curl incorrectly handled memory when being used with CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle(). This may result in sensitive data being incorrectly sent to the remote server.
1a2034fba6c877540576f0bf59130ff57460fde869849e6027a5d3701378b157Debian Linux Security Advisory 3070-1 - Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure.
35934d202298475350a39abfefbd1bbc283d954535307ddb4cbccb516374b025Debian Linux Security Advisory 3069-1 - Symeon Paraschoudis discovered that the curl_easy_duphandle() function in cURL, an URL transfer library, has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation.
c03b6bf995b681849b2ff96dffa2fda79c2d1a2cc8504f28055c343634166b7eGentoo Linux Security Advisory 201411-4 - Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Versions less than 5.5.18 are affected.
69241b95bfe0e52a9fd325dac3627d4dcdfe17f01058fb0a4fc522e165b0d45f87 bytes small position independent and alphanumeric 64-bit execve("/bin/sh\0",NULL,NULL); shellcode.
e1d1bfc09c2a1228a04d049674175d98a8bf646ec605a86ae7016e728e8e2c16X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.
c0f412e75d49e1016a81bfc9b778be1b4b23e45e968f63e05b4d8159c3fdf6cc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed