Red Hat Security Advisory 2015-0235-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BRMS 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
f64f2ca65fbace1e4788ea16f69ecf599345eb34f981247acfbecdcca41d5401Red Hat Security Advisory 2015-0234-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This roll up patch serves as a cumulative upgrade for Red Hat JBoss BPM Suite 6.0.3, and includes bug fixes and enhancements. It includes various bug fixes, which are listed in the README file included with the patch files.
89d8125129242bfb26c8918f339b601f902009b742ed74af25c35427a3a89137Gentoo Linux Security Advisory 201502-13 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or gain escalated privileges. Versions less than 40.0.2214.111 are affected.
b141f2ae3308d17a9226400eb6145c29f4202b6063a681a62050f283b886aff1Ubuntu Security Notice 2502-1 - William Robinet discovered that unzip incorrectly handled certain malformed zip archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code.
26a756ea3fbaeff19e1d0e0deb700676c0f98e2026f1ad3ff1168c507a5d3260Ubuntu Security Notice 2501-1 - Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2015-0231) Brian Carpenter discovered that the PHP CGI component incorrectly handled invalid files. A local attacker could use this issue to obtain sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Various other issues were also addressed.
87581be317b7551f9d11aa00fc90c8ccbf8b821794084bfafde6b9df107ac894This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.
4db85b31081245af192050fe8238d0162d228493f03b7b13875c3b7820cfcf47This Metasploit module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication disabled (com.sun.management.jmxremote.authenticate=false) should be vulnerable, while interfaces with authentication enabled will be vulnerable only if a weak configuration is deployed (allowing to use javax.management.loading.MLet, having a security manager allowing to load a ClassLoader MBean, etc.).
613d2a6ea0710e79632bd00382a3b337e054c8c877f492ee49389de90972e239Ubuntu Security Notice 2500-1 - Olivier Fourdan discovered that the X.Org X server incorrectly handled XkbSetGeometry requests resulting in an information leak. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. It was discovered that the X.Org X server incorrectly handled certain trapezoids. An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly crash the server. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
fe374163e95255581fae4cb946e899828286ba84ef6853a6cf93f337dfe7c699GuppY CMS versions 5.0.9 and 5.00.10 suffer from cross site request forgery and remote shell upload vulnerabilities.
9a3a91d62ffa8289884c5091a6ca64c976b4470ba86c18aec9bebc32fad89d18GuppY CMS versions 5.0.9 and 5.00.10 remote authentication bypass and change email exploit.
36e3e2286e3151843a486f4cd508000884e24b197a7a6d028b671071e13baa93WordPress Image Metadata Cruncher plugin suffers from cross site request forgery and stored cross site scripting vulnerabilities.
a71d4db68d33bab99d72ce08102acacd4dc6e74c00da2d2005ee5a51028d788fRemote exploit for changing DNS settings unauthenticated on the D-Link DSL-2640B.
16ab1d79cb7cf86f00b8d3d3e809b23c74f2de54632f5804f5f0d5dc9ed96331Ebay's Magento application suffers from a malicious script insertion vulnerability.
98046449149e9e2050e711f04559c114518ccffa68815ddf7538d67d5a826afcES File Explorer version 3.2.4.1 suffers from a path traversal vulnerability.
b664b0fa935a7e23700055f21d93485cc52bc04420786148ceb2c3350d171408Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
cb45c5189b47e0f9d97bd9f565d89125a13b55a0c8e3c774fdf71d8e9345599a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed