Winmail Server version 4.2 suffers from a cross site scripting vulnerability.
eec3c7ca5f439c77874ee890324a41cec3a56a1c5f7e183e0ee2900e4189c9c5KnowledgeTree OSS version 3.0.3b suffers from a cross site scripting vulnerability.
26ed7fb26ecaa5fc15303a5cb12cc717b096e034186db8f3f5d6c9efdad9b8acDebian Linux Security Advisory 3345-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser.
24e00d0d8a4aa48074979e8bfa8b317c0e56f053929afcf2a9f45eb65eb335e9WordPress sourceAFRICA plugin version 0.1.3 suffers from a cross site scripting vulnerability.
9efd1140b3838aceb2a7f90d528f8c60439da4fa3b7087995c279c33fe5f816aPluck CMS version 4.7.3 suffers from code execution, cross site request forgery, cross site scripting, and local file inclusion vulnerabilities.
9c15c9353fd157ff999d6c6642d64faa272b0ac770bc946572239db5e9949812freeSSHd version 1.3.1 suffers from a denial of service vulnerability.
394f6434e00eb05d1952d269485e3c3a636bd930a41c5b68ab983b352e8c2632WordPress Captain Slider plugin version 1.0.6 suffers from a stored cross site scripting vulnerability.
73470cb284596d274c1d8c36303b9ebc55b5a11435c41374e907a1eb3ff10eaeSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
f6fb90468e1cd0c34ded052060e2b58c5b9926d0b448e48b4918df3045d7fb6dThis Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.
675bfb209258c4d794420d872c3ae4a648abbf5cb0e2af4ea23e9559348211b2HP Security Bulletin HPSBGN03387 1 - A potential security vulnerability has been identified with HP Intelligent Provisioning that could allow remote code execution and unauthorized access. Revision 1 of this advisory.
ed6bd49edc27764e75614ec18b04b7f32dd48e7da2421103c5daa0d969b1fee7HP Security Bulletin HPSBGN03407 1 - Potential security vulnerabilities have been identified in HP Operations Manager for Windows. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
67048196abdfa69916a6efa701454c95118f91f9cde4a4921506b10a0f9aca07HP Security Bulletin HPSBMU03416 1 - A potential security vulnerability has been identified with HP Data Protector. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
7798d95ad3af5b0b8b2ff44645a5bf8e9920084de205b6bfe59393552829d13bThe programmable interrupt timer (PIT) controller in QEMU does not correctly validate the channel number when performing IO writes to the device controller, allowing both an information disclosure and a heap overflow within the context of the host.
13f86bfcab19e0b4b4a2b31f5267866e4f2e1bf60fa810d064d79e7a787b0c07Photo Transfer 2 version 1.0 suffers from a denial of service vulnerability.
368ca11913bbeb4d94a623944cf3e7c3b1a4042d78d4ba52a188f2e5f763a61dA stored cross site scripting vulnerability existed in the SecurePayment page on PayPal.
3c310cb10ff9633ba901e4ad17bf6fa88edfed42f8596e1d63c337b7eb6b4073Jenkins version 1.626 suffers from cross site request forgery and command execution vulnerabilities.
c340802683762618a09044390f24e3b3a483286548b95201dd3eb0d579b906a9WordPress Responsive Thumbnail Slider plugin version 1.0 suffers from a remote shell upload vulnerability.
f98b6997588b3f30ced3103e420f4be371274ba241219a5a03d4d7d3c513cfc0WordPress Navis DocumentCloud plugin version 0.1 suffers from a cross site scripting vulnerability.
eb89f9e25ace8d58f4187bff085dd55fdc0a330cda30e57a0db85050911c40f0Red Hat Security Advisory 2015-1693-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source.
9b2e9a060e33cc0a2687081a2c395aa46ddf9b9ec1e52e6502df3079ce61d110Ubuntu Security Notice 2723-1 - A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bas Venis discovered that the addon install permission prompt could be bypassed using data: URLs in some circumstances. It was also discovered that the installation notification could be made to appear over another site. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to install a malicious addon. Various other issues were also addressed.
4d49a8932c386a3626af418e26cce00ed96770da2972b0601cb7c78619dbe836Ubuntu Security Notice 2725-1 - Seth Arnold discovered that ippusbxd in the cups-filters package would incorrectly listen to all configured network interfaces. A remote attacker could use this issue to possibly access locally-connected printers.
a2f21595cca8c859e4e075ad71ffff0e79f50bf78c7230ecebc70dd37d933047Debian Linux Security Advisory 3344-1 - Multiple vulnerabilities have been discovered in the PHP language.
336d50d6256b315b13a267027575d849aa84b77d54fa92fb507a883c990583a8HP Security Bulletin HPSBGN03402 2 - Potential security vulnerabilities have been identified in HP Performance Manager. The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as "Logjam" could be exploited remotely to allow unauthorized modification. The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
7255fe9b9e0c4dc2613a0fce0cf8175e66e35e1985b0c6504390b0105dfe41deRed Hat Security Advisory 2015-1691-01 - In accordance with the Red Hat Enterprise Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 2 offering will be retired as of September 30, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Developer Toolset Version 2 after September 30, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided for Red Hat Developer Toolset Version 2 after this date.
e4a48f3f24af8ae3ca2c224da14a007a02a813aec85087da24a788efe4371e5eUbuntu Security Notice 2724-1 - It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A malicious guest could possibly use this issue to read sensitive information from arbitrary host memory. Various other issues were also addressed.
80b79018159461f757b7f8b7bcd9805650ddf859a2e27b6be0a84adade307939
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed