WebsiteBaker versions 2.8.3 and below suffers from cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities.
0cae3fc143f1ea4bc4cdbc271fd1cb2f741730c5ed5f4ff66df29a15595cdc39XOOPS versions 2.5.6 and below suffer from a remote blind SQL injection vulnerability.
7e8d6fb35bb4550056d89687e3d949395cac3d5592aa50668bdc98d676e39a06NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability.
88c0a4583e04c435d39606aa8b68e2713c069f07aff5847cbfc33de6c91cf1f9Red Hat Security Advisory 2014-1865-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
dc24ad5b598ec2ab364a632b1e81425f128f04fa339b86e44a45a2050537ac81Red Hat Security Advisory 2014-1863-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat Subscription Asset Manager is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
688dccb48f0fad7f4ed5bb8b5c284c3cde47754bf1f5692e7d244e4fdf120639ZTE ZXHN H108L fails to verify user authentication when editing the CWMP configuration.
379d78f15981bfbdc0fafa805b79d0c2c4b158bec84b91a792f40504653be079Maarch LetterBox version 2.8 suffers from an authentication bypass vulnerability via SQL injection via a modified cookie.
9cb54a17880cdfbcb236fb141ed71a002e6b870a480db141b5ff99b099a0ed8fOpenkm Document Management System versions 6.4.17 and below suffer from a cross site scripting vulnerability.
cf3126ca181a528f834899715bc856482de93856e932177bf8c9ae23ac38eb34Videos Tube version 2.0 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
022d204ee27c8050738ee7d9a9d5d427c9fe2dac73f6d6df2913a10958c816baJoomla HD FLV version 2.1.0.1 suffers from an arbitrary file download vulnerability.
1f5d7b6e8ab1c5f896baacf5de0ee26586da67dbb2afa7fa04a53506d348e45aSlackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1 to fix security issues.
c8e06f6798f2065c6aee09594d879f82c98290804b12aaf7347dedd5eb16a147Red Hat Security Advisory 2014-1862-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
b95e5e6a4f9a8475b248f2a7c0b6fa60562e8dd85976d14b0cef78343a4ebce4Red Hat Security Advisory 2014-1860-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.
bb10b1eb6943f09018c3fc37c03be99affd56406e1151176cc1ce773d8d263baRed Hat Security Advisory 2014-1861-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server.
1e5c0ea467f5d2b3871a9653f790953cb8f000031d5ca707d2e3f7cc368b6d96Red Hat Security Advisory 2014-1859-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server.
9a43ad27f0874894eb259031ca37c0b3ad9742957d3297f792b7785948cf6369Debian Linux Security Advisory 3073-1 - Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal encryption subkeys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side-channel attack.
8fffc402af38bdb41e678130858ef5a67a02942cf952d7c89fbe50b5cae2713cHP Security Bulletin HPSBGN03192 1 - A potential security vulnerability has been identified with HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the current HP iCAS client software. Revision 1 of this advisory.
3b22f5fc8d2a225d20468f2e0c34749da225bf5130569567f712ac91c0c6e28fGentoo Linux Security Advisory 201411-5 - An absolute path traversal vulnerability could lead to arbitrary code execution. Versions less than 1.16 are affected.
39901c03eab865732404934e3b213c41e488f4c3eeb744fcb7b80f48c2e1f681FlatNuke versions 3.1.x and below suffer from a cross site scripting vulnerability.
5a24e71816224fb41d555208fcaab69216971ec2ba44033ca2958711ffde12caSafari version 8.0 on OS X 10.10 crash proof of concept exploit.
437eafb52bef71c294744b306d459d357ec21d1f6d232fc3c079998fd5a24784
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed