WordPress Tune Library plugin version 1.5.4 suffers from a remote SQL injection vulnerability.
2931fb6c373d55fd921ef587bf5ef92aa275394f123b701795f90f8bc9d6476dMIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
d5f85301af3dffe3b4bd14bf60a3e2180bbd06498604df89c6458c561238d3feSevenIT SevDesk version 3.10 suffers from multiple cross site scripting vulnerabilities.
32901659aaff584a67884ca5d0a5cbdbd7d3030eac6aeec3e5f69e47058f4e08Wifi Drive Pro version 1.2 suffers from a local file inclusion vulnerability.
c5cf5d3f463bf90cc37405e42f2ed0f1feba8800be2c7df9bc9363ef6c8a6500Linkus Photo Manager Pro version 4.4.0 suffers from a local file inclusion vulnerability.
b614388f9b4c56cef7c47d2b254c9e8138617bec9ef83f17c6453718b3ce62abMobile Drive HD version 1.8 suffers from a local file inclusion vulnerability.
5666a93c4bdae7dc1cd57519a7bbf8bf25003b817d748de7aa3502b66c378287Linkus Photo Manager Pro version 4.4.0 suffers from a code execution vulnerability.
17f43a96d245003246de2b030644e3fb197c4bc15ff7079485eb6279503bef62PayPal suffered from a cross site scripting vulnerability in the merchant directory functionality.
cb16d835e91864e2fd12a56e0f8d4b54c672986a7f464fbd094742ce8da23445Ebay Policy CMS and API suffered from a cross site scripting vulnerability.
640f7802754c69626702ae63de020270df5f0b938065c4221335903f9286ca71Ebay Magento CMS and API suffered from a cross site scripting vulnerability.
79dddf1cb7c553ddf29b677cd9a9b41786da11bff0463642c273fbe7690594d9Ebay Xcom Item Preview functionality suffered from a cross site scripting vulnerability.
6a48404cf1eebbb0f5b22ddcaa8f5c2dae1874b532ef5baa0057bd698d548ad4GoAutoDial versions 3.3-1406088000 and below suffer from arbitrary file upload, command injection, and remote SQL injection vulnerabilities.
7256456084495a4dbe3a66cfe151aa2d0781d6b24ed4d1d7335c61904ecd970cWordPress Yoast Google Analytics plugin versions prior to 5.4 suffer from a cross site scripting vulnerability.
6b96d28de3f357652545a0bed162424636126d5a3cec6ab77e597aa31454bbc8Proof of concept exploit for OpenBSD versions 5.6 and below that causes a kernel panic in sys/uvm/uvm_map.c.
85418d5d6e75f156c9e54a0e8d83c42c375ef65d5592db9ab51ada3a7746d9f6WordPress NEX-Forms version 3.0 suffers from a remote SQL injection vulnerability.
f3d2ee0169a4862b50a26f4db64ebb0dd910007cf1db21e531bf128f5fd07b11Red Hat Security Advisory 2015-0863-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.
3fda2d2de3dbc012f471e38333e69c22019fc8670e36541d0d45378234b7d9c9Red Hat Security Advisory 2015-0862-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space via ContentManager.
8eda90a855ac3577489468360a9085f7348941cc9faa95b71d882d2291f4609dRed Hat Security Advisory 2015-0860-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5 year life cycle of Production Support for version 4 will end on June 19, 2015. On June 20, 2015, Red Hat Enterprise Linux OpenStack Platform version 4 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. They encourage customers to plan their migration from Red Hat Enterprise Linux OpenStack Platform 4.0 to Red Hat Enterprise Linux OpenStack Platform version 5 or 6.
67a38b67f6434c96462afc823db59e7213b4f71c7938118b7b4627462d8b5991Red Hat Security Advisory 2015-0864-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support.
24e7a0f27ae4cfb8cbaeef49a7e9203298bb317a8eb324c5b8f16adb18278828HP Security Bulletin HPSBGN03305 1 - A potential security vulnerability has been identified with HP Business Service Management (BSM), SiteScope, Business Service Management (BSM) Integration Adaptor, Operations Manager for Windows, Unix and Linux, Reporter, Operation Agent Virtual Appliance, Performance Manager, Virtualization Performance Viewer, Operations Agent, BSM Connector and Service Health Reporter running SSLv3. The vulnerability could be exploited remotely to allow disclosure of information. Note: This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
5fb16d90b23b1ad2f3685f6f2de7e6587f649473276261eb9d829f2bebb968f5Ubuntu Security Notice 2573-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.
096e77766a83ea828d4b314e6b7b24c9ce7b6edc5965bc693fcea4a155666ee0Ubuntu Security Notice 2575-1 - Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.43. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
bf0daf90f0197bb158b3217908da68b65033335c6f6a3f5ab6b2f4607c225707Ubuntu Security Notice 2574-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data. Various other issues were also addressed.
0683424e8df590c4b914011d9c5b55a874444f3daa07b619898decc714cd7093ProFTPd version 1.3.5 remote command execution exploit.
33b411f75e9e92f4cce90334c9d86dca66a06474776854a23ec5f542a52da3b9WordPress NEX-Forms plugin version 3.0 remote SQL injection exploit.
ea15e9b2d9dd075be1540595aba9beb5f09e85bb2b6295eb3c61de9681bde77b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed