Chamilo LMS versions 1.9.10 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
230e777d25a2151f00153422fa704dbe817526a68723d31dcf7694a7df533d68It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.
b874a1afbc5b38698999dfd742cae4cdd0e36be6fccb7cf1fd8d2189a3baeebcThis is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160eWebsense Content Gateway error messages are vulnerable to cross site scripting.
58f600eaed898f1ca351c4b8d1cbec131fbfe943f225520c81a41f29a0067a03This Metasploit module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file.
c09c7bc2af2fa4964302e3a4f6d647d52b5f54144194e7dc8ab94d56a1e95f73TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.
850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5Websense Reporting suffers from multiple cross site scripting vulnerabilities.
19b2dc3d78140a923b9085dab9d45e139e61f79e70bb9f569bc419899ca2710bCore Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.
71db9f10f9b435818bd0d386e8d452b7c9164712db61efab96b1aeb19649e8bcWebsense Explorer's report scheduler suffers from a cross site scripting vulnerability.
437a9f75eca191601c80ffa7f7c81146dc40026d999f157af7aa5fa4635d9461It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.
f3ceee1d1b8d8314759c25514da344340d509358c90fe5b334a3fee4673a6305It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.
ec6c438270cff0bddf53b78da134f39a1f995ed0021b3fa3dc986797bb9d28eaWebsense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.
bea41cc67f2ff2025f34ba87479f5525c6c77dbe1476e500ef73fac0a668a4a3A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like cross site scripting, to perform a remote unauthenticated attacks to compromise the appliance.
46837dcf6a5d28dc59eaab3be3f8b5c988bf22906dd8c40892e389c43e23257bUsers of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.
cb8568eb68202e34f2c399915ab08eac2ec81901bfe2ce84f46fd344875d3129Users of Websense Data Security that are reviewing DLP incidents can be attacked via cross site scripting. This issue can be exploited using a specially crafted email, or by sending a specially crafted HTTP request through the Websense proxy. The attacker-supplied code can perform a wide variety of attacks, such as stealing session tokens, login credentials, performing arbitrary actions as victims, or logging victims' keystrokes.
b9766eb5d33d72228778743de93441e682ea519fe27c250aec98a6ce1f397474Joomla ECommerce-WD plugin version 1.2.5 suffers from multiple remote SQL injection vulnerabilities.
cc4be435a403cd80f5b4f40120c961b2dbee70db21b36e683a07c11ebdb15757Apple Security Advisory 2015-03-17-1 - Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4 are now available and address multiple WebKit vulnerabilities.
fa7648ffb65340c5724013e78935eb5aca5810d15c8c68c6acaff6d1311a1297Findsploit is a simple bash script to quickly and easily search both local and online exploit databases.
7c57fd01df278f1dd04c48e0c1d30069a39d08148c83b12388d162b35688cd5fRed Hat Security Advisory 2015-0698-01 - Red Hat Enterprise Virtualization Manager provides access to virtual machines using SPICE. These SPICE client packages provide the SPICE client and usbclerk service for both Windows 32-bit operating systems and Windows 64-bit operating systems. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
68a43a747ec94c539289d4690fe6d0f323e73e13ebc4e27e63b022686014f904Red Hat Security Advisory 2015-0696-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
8aad9aa06e8c0583d9c577fe84ecb24280a7c96637da84542f66b7720c6336bfGentoo Linux Security Advisory 201503-10 - Multiple vulnerabilities have been found in Python, the worst of which could lead to arbitrary code execution. Versions less than 3.3.5-r1 are affected.
a9f61c24dc4fd90eec4a4d961874d8c10caaa2a0e38947b49c08bc7818eb3b95Debian Linux Security Advisory 3196-1 - Hanno Boeck discovered that file's ELF parser is susceptible to denial of service.
c9c913f21e5b828502dfa6cd0f892724c147655579e341b09af2c0e77c6fdf1fRed Hat Security Advisory 2015-0700-01 - The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option.
bbf93d3ad2423c641ff52feaf0acea28238c5242e79a963abc3c9b57d08540edRed Hat Security Advisory 2015-0699-01 - PostgreSQL is an advanced object-relational database management system. An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL.
610e1da80d02082e0b99d62885ec0fbd37a3cbda2b17ae3d6a254b281b4bec43Ubuntu Security Notice 2536-1 - Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
fd7e0af1e4d2c41698918683416f3032ef7b2e82e83ac617340a7c68d27299b7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed