WordPress Navis DocumentCloud plugin version 0.1 suffers from a cross site scripting vulnerability.
3666b2a096dfc4da80d3cdb14a833994Red Hat Security Advisory 2015-1693-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source.
1939a40da10e838d9a31fb71738f482aUbuntu Security Notice 2723-1 - A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bas Venis discovered that the addon install permission prompt could be bypassed using data: URLs in some circumstances. It was also discovered that the installation notification could be made to appear over another site. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to install a malicious addon. Various other issues were also addressed.
87ca780b444b16497435b87d09c1df72Ubuntu Security Notice 2725-1 - Seth Arnold discovered that ippusbxd in the cups-filters package would incorrectly listen to all configured network interfaces. A remote attacker could use this issue to possibly access locally-connected printers.
aab790f1a5abd844411410cf99a38276Debian Linux Security Advisory 3344-1 - Multiple vulnerabilities have been discovered in the PHP language.
f24a8a0feb679af5a1adbe3e68ff7806HP Security Bulletin HPSBGN03402 2 - Potential security vulnerabilities have been identified in HP Performance Manager. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
c32c736bb5be833a33501bcb5d1d3179Red Hat Security Advisory 2015-1691-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering will be retired as of September 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 2 after September 30, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 2 after this date.
5a98499d4bd4ea83ae9228b04b89047eUbuntu Security Notice 2724-1 - It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A malicious guest could possibly use this issue to read sensitive information from arbitrary host memory. Various other issues were also addressed.
e6ff9fe93e822d70b635257f4a557371HP Security Bulletin HPSBHF03408 1 - Potential security vulnerabilities have been identified in certain HP notebook PCs with the HP lt4112 LTE/HSPA+ Gobi 4G Module. The vulnerabilities could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
f7a3d6c6fb9d2d23bc8e88516e73bf18FENIX versions 0.92 and below suffer from a buffer overflow vulnerability.
e5047b02a9025591ad7839ba5567a1adLinuxOptic CMS 2009 suffers from an authentication bypass vulnerability.
58943fd951646406bc7b55f1ffb22208WordPress Private Only plugin version 3.5.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
40ece1592792a98c7fd2b9743e479c87Anchor CMS suffers from a PHP object injection vulnerability.
62068af7cf2e03185b175a305bee5d8dBSIGN versions 0.4.5 and below suffer from a buffer overflow vulnerability.
1cfc437d85bcd9d3cec039820d54b64cDogma India dogmaindia CMS suffers from an authentication bypass vulnerability.
86b413ae82677aa5ededa2a6c0f44d91The Windows Script Host executables suffer from a vulnerability due to a missing embedded manifest. Using another exploit, the combination of "wusa.exe" and "makecab.exe" files can be copied to the Windows folder. Copies of a manifest and the script host allow to execute the copied script host and bypass UAC warning messages in case the UAC settings are default. Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't accept the admission because it's not a remote vulnerability. Surprisingly Microsoft didn't accept the vulnerability because "UAC isn't considered a security boundary". Only Windows 7 is vulnerable, Windows 8 has a embedded manifest and Windows 10 is untested.
742a0b632607f8b5cd134cce36956c7f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed