EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.
c7eff923a0c604ac98bf2cc310e95742
Under its default configuration, Cassandra binds an unauthenticated JMX/RMI interface to all network interfaces. As RMI is an API for the transport and remote execution of serialized Java, anyone with access to this interface can execute arbitrary code as the running user. Versions 1.2.0 to 1.2.19, 2.0.0 to 2.0.13, and 2.1.0 to 2.1.3 are affected.
2b1811df2d4703382612cf4886161127
WordPress VideoWhisper Video Presentation plugin version 3.31.17 suffers from a remote shell upload vulnerability.
628bf17ebc73fc80efe19139ac8210c5
WordPress VideoWhisper Video Conference Integration plugin version 4.91.8 suffers from a remote shell upload vulnerability.
bcce7d49139682920a0dc5da50fba625
Ubuntu Security Notice 2555-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
e428fe287b99f96560cbd339eb766675
Ubuntu Security Notice 2554-1 - Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Various other issues were also addressed.
076618d0af514422a50aeaf16bd6d41e
Red Hat Security Advisory 2015-0766-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox.
d853b3d757bc45775927f3404decbe1b
Red Hat Security Advisory 2015-0768-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 5.9 was retired on March 31, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.9 EUS after March 31, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 5.9 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
48c9cf8e748c6f4538e01e6af400b68a
Red Hat Security Advisory 2015-0767-01 - The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read.
164db12aba7116e662aaa7d4c6609c5c
Red Hat Security Advisory 2015-0771-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird.
20abe1b631c68e00199f00b9c6ee3ab1
Red Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.
646ee5a7987f6753fcf916a00ee9a84c
Ubuntu Security Notice 2550-1 - Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. Various other issues were also addressed.
addd56853ab86e778c41e9c63ab5868f
WordPress Revolution Slider suffers from an arbitrary file upload vulnerability.
7c4aed1bf01b6c9e8d48d6de3a0de163
Joomla Simple Photo Gallery component version 1 suffers from a remote shell upload vulnerability.
796cb813195ec5ef42607b5d1dde3f02
WordPress DesignFolio+ theme suffers from an arbitrary file upload vulnerability.
3cd452bc5dbbbcdbc9d0741bcf3c1dcb
This archive contains 224 exploits that were added to Packet Storm in March, 2015.
4e7b9eb1c34e67825729e2b496930a00
Ericsson Drutt MSDP (Instance Monitor) versions 4, 5, and 6 suffer from directory traversal and arbitrary file access vulnerabilities.
893f70c4c2e5b070735a35469f13f1f6
Ericsson Drutt MSDP (Report Viewer) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.
d8228ca7b6089452eae8db0427916e1f
Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from a cross site scripting vulnerability.
5f1bbbfeefb52a0a0e2c55ae86512034
Ericsson Drutt MSDP (3PI Manager) versions 4, 5, and 6 suffer from an open redirection vulnerability.
9bf069188b13154ac0c8614e03fd93e1
Red Hat Security Advisory 2015-0765-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems-such as multiple databases, XML files, and even Hadoop systems-appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
576c75050e7726247568a441b57dc040
Ubuntu Security Notice 2553-1 - William Robinet discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Paris Zoumpouloglou discovered that LibTIFF incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could crash the application, leading to a denial of service. Various other issues were also addressed.
f3d58af233fa2f9aae8db85519f911a2
Debian Linux Security Advisory 3210-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service.
231bb3afdc0076b537d1c6f313314688
Mandriva Linux Security Advisory 2015-186 - libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally, the phpseclib package has been upgraded to the 0.3.10 version.
eda07576e05ed2510e8cae582581c2fc
Java.com suffered from multiple cross site scripting vulnerabilities.
cea43e2cc4a3c92544a49dc5a3141695