EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.
5c724dc11b55e6135597280fe27cc4c8461fd6d24bff85235297e73f979e85f7Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user. Versions 1.2.0 to 1.2.19, 2.0.0 to 2.0.13, and 2.1.0 to 2.1.3 are affected.
d79a592a24e0f1d275de2bef522ee3e10d9c60eb83bb3d79b0647c9167894d02WordPress VideoWhisper Video Presentation plugin version 3.31.17 suffers from a remote shell upload vulnerability.
0cdf8fc7a9feac538d33e69e93b9182196c71f2c1f39612f108f6f9080c9a631WordPress VideoWhisper Video Conference Integration plugin version 4.91.8 suffers from a remote shell upload vulnerability.
e278241b1e17374bd7cd8ca7f287302c9cf41039908640797121a0fcd68e6669Ubuntu Security Notice 2555-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
792642a0875ba38ffc370521446151efc3f78fb089ed47720138b797c6d3ce23Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
acd1c36d18e0b5be95a85b1785f915c0f1383d9bbab5c56b752b2a664eb94d1fRed Hat Security Advisory 2015-0766-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox.
f5a17a96e41d985f75d84a54fae9943e91331791c98f7bb1aa35dbda72003f2cRed Hat Security Advisory 2015-0768-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 was retired on March 31, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
648825d8dc73c56e29a90b36d4f1d1953511dfc6988e0af5f1758d63f50007deRed Hat Security Advisory 2015-0767-01 - The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read.
2f7e195b6925583791596a7cda6298ad5a59aee71434723dad31751db6670d60Red Hat Security Advisory 2015-0771-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird.
e3b030f24b184337237186d9ff8dfcababe9115af76fa2f8eafacd5b5c61dddbRed Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.
7d553cdde3aceb92018ddd32ec0b04e6ea93bb9c088302da1d9beeb4a352330cUbuntu Security Notice 2550-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. Various other issues were also addressed.
7a4778580cea3216629da61c7d110c82995a0a2ca6fbe876e5ada7c5c46b1841WordPress Revolution Slider suffers from an arbitrary file upload vulnerability.
e6c7e3bc6c252d322d8087bddd624d4a930d413f4c71837c4cbae469de19d55fJoomla Simple Photo Gallery component version 1 suffers from a remote shell upload vulnerability.
471485860c354827e6f307364df426dfbf967d23cb77e28a8e4d4842c366166bWordPress DesignFolio+ theme suffers from an arbitrary file upload vulnerability.
3156a36497d0f89281ca8225242aef3c4d8fc0c7745cd563f57c0c9350fab3b6This archive contains 224 exploits that were added to Packet Storm in March, 2015.
ff2d4f6a5e0d36e7a400694be6896782332b861bb542ff96067e295fc65f2246Ericsson Drutt MSDP (Instance Monitor) versions 4, 5, and 6 suffer from directory traversal and arbitrary file access vulnerabilities.
3ec5e7a19dfceaf768e251ecd59f9b06525b94e6e5eccd3b5be1827420e0eddfEricsson Drutt MSDP (Report Viewer) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.
31a4fbe0a1790e6d28216e8f94c7d86df336cb8dbee11a1a3d92ccaf7c4d4b73Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.
b05a379a1807b632293eac0635614e6ba5b5255b1873a01e50d276e44403ffeaEricsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from an open redirection vulnerability.
5b999daeb1e47c076dbbe2187b47b03c9bcc12a23b726838e165175a8b0e7669Red Hat Security Advisory 2015-0765-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
812ceadc9b7405e1b74c028dd9bff48d69f0ce6f109bef7f38161627f77360fbUbuntu Security Notice 2553-1 - William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. Various other issues were also addressed.
02484c8fab51c184eb9e062e9c7ebe77fa923942a687e9282cf73f482e900084Debian Linux Security Advisory 3210-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.
5a63ffb777ca827abef85c19da85b24d437657643fd675276c9250772710f24dMandriva Linux Security Advisory 2015-186 - libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally, the phpseclib package has been upgraded to the 0.3.10 version.
cb476e4dc5b3151a3746cb21a1fb8feb234d1026555f5fc162763d2baa1a81e9Java.com suffered from multiple cross site scripting vulnerabilities.
f43f2c501c3edc319bb1b75fa7176fd0ea09edceb2d1d23e7062ae9c772ff818
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed