Ubuntu Security Notice 2627-1 - Jakub Wilk discovered that t1utils incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially crafted font, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
82132d922e6165a5a4f95fddd9d0ec2f82d4f9431332bd65921346b24ac0f2a7SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities.
093017574bd7478707d43e7e2b1e19064b8c055c7cf9ea2fe8f3083b6a50e5cbResourceSpace version 7.1.6513 suffers from a local file inclusion vulnerability.
46b044d14179bda302739897595298f1156cad1c03bd441bd572c377ab5800bbUbuntu Security Notice 2626-1 - Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. Various other issues were also addressed.
06bce12d53f5ec99fbc1d758978c5c40fdc628d981cf9721763566a40840afb6Red Hat Security Advisory 2015-1044-01 - The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest.
6517c2b4fb156a82cdd7a4ef21a05a58324fbc17c77a6395b6f19a6ae96bfcaeRed Hat Security Advisory 2015-1043-01 - The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest.
d672a41927cf09ab8c23f63871280e1a2bcf29dcb658cfecfa609e820a709208RSA Web Threat Detection contains fixes for a cross site request forgery vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.1 are affected.
401d0a1173641d154d22d2cef52cb68cb8ad0d9bed610f2842f9f026dba5a2d1QuickTalk version 1.5 discloses the encrypted database password hash in a reinstall script exposed in the document root.
b6646d66429b6f67d0b0fd9334dde5b766209c738aff59d06769814980548880Jildi FTP Client version 1.5.2 b1138 suffers from a buffer overflow vulnerability.
3bb3e294f2460962da7a20ce9ddcd8b0adfdc8de477e3c91f61abfa2bb575c92Hive version 2.0 RC2 suffers from cross site scripting, code execution, and remote SQL injection vulnerabilities.
6af679c48de8375a85dccdedec19603ac83bdaaa7954773cdef8db2edc8743d1Boomchat version 4.2 suffers from a remote shell upload vulnerability.
f8cdb399db4dbf73495db8e6482c7699973e38f755d2a7ebee3696f5e7c8db52Debian Linux Security Advisory 3249-2 - The update for jqueryui in DSA-3249-1 introduced a regression where direct usage of the file jquery.ui.dialog.js can get broken due to a missing function definition.
5a2ac733be56ebd9ace967daa7eb439b0e56d19d9c70089bc3c52dc8b9756407Golden FTP version 5.00 suffers from a denial of service condition when receiving a large payload for username and password fields.
459a285a0206d485942a1faf129341cd7e80c57eb5551d29d6cef151892adceaDMX FORUM version 2.1a suffers from a configuration disclosure vulnerability.
b59c54230d2b3241e11892aa57cfdae07fa04d71b8943c16bcca774bc20f827d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed