FreeBSD Security Advisory - Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to run commands in addition to the desired SCCS or RCS commands.
64a06be92c3ae6e37bf4d6ed19120232HP Security Bulletin HPSBGN03372 1 - A potential security vulnerability has been identified with HP Business Process Monitor. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
2412a005d759cc2aa692e6eb8c11b231Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
7ffd48dadaa3262223ccd712677cc0cdFreeBSD Security Advisory - A remote attacker can trigger a crash of a name server. Both recursive and authoritative servers are affected, and the exposure can not be mitigated by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.
2047cc3417a329326545ba6278d4797bFreeBSD Security Advisory - OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts.
8cb4a72bf773c38e284608edf83d9522OpenBSD local memory leak denial of service proof of concept exploit.
abcf35a318f88ee51e0aae5b82ba1757WordPress Advanced Categorizer plugin version 0.3 suffers from a cross site scripting vulnerability.
347983de4aab3350e2a54d04608e7657WordPress Facebook, Twitter, and Google+ Social Widgets plugin version 1.3.7 suffers from a cross site scripting vulnerability.
07135e9368d4a7e2279972138f2e2e3dphpFileManager version 0.9.8 suffers from a remote command execution vulnerability that can be leveraged via cross site request forgery.
f1555c3c33e909c2e4fda99f6a2c3217Basware Banking/Maksuliikenne software suffers from hard-coded credentials, client-side auth checks, and other issues.
1f2fabdb04fa5f852115fd1a85765a4cFreeBSD Security Advisory - There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. An attacker who can establish concurrent TCP connections across a sufficient number of VNETs and manipulate the inbound packet streams such that the maximum number of mbufs are enqueued on each reassembly queue can cause mbuf cluster exhaustion on the target system, resulting in a Denial of Service condition. As the default per-VNET limit on the number of segments that can belong to reassembly queues is 1/16 of the total number of mbuf clusters in the system, only systems that have 16 or more VNET instances are vulnerable.
a66a42619ffbd61e012b14370befb044McAfee Application Control version 6.1.3.353 suffers from multiple vulnerabilities including insufficient whitelist protection and bypass issues.
9e9665313071b62a515db6eb74e7e7d7WordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.
c0026af52e5eb0282ab47eedf75b5cefD-Link DCS-2103 version 1.20 suffers from cross site request forgery and cross site scripting vulnerabilities.
9735060d7d88b4dd87100292e4c7f6f3Tendoo CMS version 1.3 suffers from stored and reflective cross site scripting vulnerabilities.
0d74d49fffdb8d452df1d32a49adfde2
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed