A vulnerability has been reported concerning the impossibility for MySQL users (with any major stable version) to enforce an effective SSL/TLS connection that would be immune from man-in-the-middle (MITM) attacks performing a malicious downgrade. Versions 5.7.2 and below are affected.
d063ca963fad7e412addd0e90a45f79969718f60a862dfd9f8babda513cc3918Red Hat Security Advisory 2015-0918-01 - After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite Proxy versions 5.5 or older.
40c60f672b91f21121ddd426f62251076e1bd107f99c313097ccf6da7bb650d9Mandriva Linux Security Advisory 2015-216 - Lack of filtering in the title parameter of links to rrdPlugin allowed cross-site-scripting attacks against users of the web interface.
378f2f83fc9ffb9eb5aa046d1050acc758d6573eff994eee9004e0f7b45b9c14Mandriva Linux Security Advisory 2015-215 - The t1utils package has been updated to version 1.39, which fixes a buffer overrun, infinite loop, and stack overflow in t1disasm.
ed193f33a25f4c323905f1deb31b33243e5a06e2570f6f5356c24049f3258f73Red Hat Security Advisory 2015-0917-01 - After May 29, 2015, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite versions 5.5 or older.
b8cbcc25c3cda1a8176c21af3a69ca2763aa8553cc507b91c49754c92ee84d2bMandriva Linux Security Advisory 2015-214 - The libksba package has been updated to version 1.3.3, which fixes an integer overflow in the DN decoder and a couple of other minor bugs.
c302ec3d51ab5341c57f021ffc07bdc2d71a1751d7ad214e9065351b15fec43dMandriva Linux Security Advisory 2015-213 - lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or just fool users into believing that it is a legitimate site. lftp was affected by this issue as it uses code from cURL for checking SSL certificates. The curl package was fixed in MDVSA-2015:098.
0e94abe5e27fe5c6984390ceef5e20904126efa7257c4f4f53cde5ada9829724Foxit Reader versions 7.1.3.320 and below suffer from a pdf parsing memory corruption vulnerability.
bd04944c6132e51165de2cd47879e4605bc439659bd47936955cab36552e79aa23 bytes small Linux/x86_64 execve /bin/sh shellcode via push.
75d9498093aed2a9179c7b68cf00235f14b652203486e70afa366f93e31858cb21 bytes small Linux/x86 execve /bin/sh shellcode via push.
a08ec90f690bc73b9db79afe9902f5e5389ff930c4979aac6f0b51e72cacabb4OS Solution OSProperty version 2.8.0 suffers from a remote SQL injection vulnerability.
afb9d76a0580b59eef035727449af6742f88e1ec6208060bf24d021e74f952d4Ninja privilege escalation detection and prevention system version 0.1.3 suffers from a race condition vulnerability.
0c04f125429ae3d5bf78e45cae4f47cf93b72213a6ec0a6ae100e2ab1807e2e3Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
282417b707740de13cd8f18d4cbca9ddd181cf96b444db2cad98913a5153e272WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities.
c7864d1f9f6c456cfb191d7c8ce59288c2188a532e7d7d1111c6f0c87c396032A vulnerability has been discovered that affects the certificate verification functions provided by the HNDS service found on the Centro Grande (ADB version) DSL routers of Swisscom. The flaw allows an attacker to have access to management functions that are normally reserved for the Swisscom support. Furthermore, this vulnerability combined with other vulnerabilities allow to completely compromise the Centro Grande (ADB) routers. Available Proof-of-Concept code enables a remote root shell on a victim's router.
f499313153621ff0da41ea39b1fcf63d873186851a10fffc5df7c8dea562cba3A type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.
b3a8329c29d10dca9d7ddc4c0f46af58e29999c11da31e6009cf9c41975e1db6A type confusion vulnerability was discovered in unserialize() with SoapFault object's __toString() magic method that can be abused for leaking arbitrary memory blocks.
628689009bd04f420924af79082ba1d3c89d666f96215bfa8944020190c85c15
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed