WordPress Tune Library plugin version 1.5.4 suffers from a remote SQL injection vulnerability.
d25cdd6226389ffcb33fb957a685eee5MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
b2e840e6b71b2b915d427f87c9b46b04SevenIT SevDesk version 3.10 suffers from multiple cross site scripting vulnerabilities.
7f59c85536b9bfc6f4584f749cd99232Wifi Drive Pro version 1.2 suffers from a local file inclusion vulnerability.
0b2518ac590abd7ab48e49223fd9b24fLinkus Photo Manager Pro version 4.4.0 suffers from a local file inclusion vulnerability.
da88c62ffe80494cbd18fc24d054ca82Mobile Drive HD version 1.8 suffers from a local file inclusion vulnerability.
6ac5702a06a05e4e3effc1ddeccdbaceLinkus Photo Manager Pro version 4.4.0 suffers from a code execution vulnerability.
6df1a7330083b6465cbff6905ce9769bPayPal suffered from a cross site scripting vulnerability in the merchant directory functionality.
f1ab0371d9f5163b898afcf8044ebe70Ebay Policy CMS and API suffered from a cross site scripting vulnerability.
cc2ee3504e45fc06b8af933b140280ffEbay Magento CMS and API suffered from a cross site scripting vulnerability.
3e7c44abf47c5b92a8ed7cc0d9fc1f7dEbay Xcom Item Preview functionality suffered from a cross site scripting vulnerability.
b92b97ca37abaf1fa0099b689557f458GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.
5452a3f1b2d82caabaf2a75df9e270b5WordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.
a3ca19bfeb8216dbb6bbe695834f4ee9Proof of concept exploit for OpenBSD versions 5.6 and below that causes a kernel panic in sys/uvm/uvm_map.c.
53f6c88db8a8f280bb35ab1ebc15dea3WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.
b5464890e8416ab1e0869a03d85dbc46Red Hat Security Advisory 2015-0863-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.
098773f452a18507c58bae21cb8e7442Red Hat Security Advisory 2015-0862-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager.
327006a88bb278150745e533eb0881edRed Hat Security Advisory 2015-0860-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5 year life cycle of Production Support for version 4 will end on June 19, 2015. On June 20, 2015, Red Hat Enterprise Linux OpenStack Platform version 4 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. They encourage customers to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform version 5 or 6.
3850aee59b273cbeb344704f1f89f3f5Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.
cb34cce50ff282a4708151c4579de7c9HP Security Bulletin HPSBGN03305 1 - A potential security vulnerability has been identified with HP Business Service Management (BSM), SiteScope, Business Service Management (BSM) Integration Adaptor, Operations Manager for Windows, Unix and Linux, Reporter, Operation Agent Virtual Appliance, Performance Manager, Virtualization Performance Viewer, Operations Agent, BSM Connector and Service Health Reporter running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
0e04663f259e805ea42e676c0364f8f4Ubuntu Security Notice 2573-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.
8fe9bb26b3f7e673ed5310f4494263bcUbuntu Security Notice 2575-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
891bb712e6319697db0e6de0098a041aUbuntu Security Notice 2574-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.
919f3ead14375cf74895fe4e55c28381ProFTPd version 1.3.5 remote command execution exploit.
4d65c3a1b31af7ba028e1f7c0ad3baf6WordPress NEX-Forms plugin version 3.0 remote SQL injection exploit.
5347cbce32457ac598271ddb58cb21b5
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed