Debian Linux Security Advisory 3371-1 - Frediano Ziglio of Red Hat discovered several vulnerabilities in spice, a SPICE protocol client and server library. A malicious guest can exploit these flaws to cause a denial of service (QEMU process crash), execute arbitrary code on the host with the privileges of the hosting QEMU process or read and write arbitrary memory locations on the host.
8724adae44c0f76d42a3f5b53969d8f1a2b8410728271b1ae7c84ec133ccef00Joomla! CMS versions 3.4.0 through 3.4.3 suffer from a cross site scripting vulnerability.
429b040ae8eb0d56c0cc95bcf56bcdba82a2542bbf15a63cc532bd9f86d1f58aVeeam Backup and Replications versions 6 through 8 suffer from log disclosure and broken password security vulnerabilities.
297149a77606ab6deac1de2bb98b0f033747ba6db8266944dfe68b46fdffd256Red Hat Security Advisory 2015-1862-01 - Red Hat Enterprise Linux OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service cloud based on Red Hat Enterprise Linux OpenStack Platform. A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package. The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data.
5ea40faeb29a51d07126fa754ad6aa9ce63c8cee88b0b54a3e88de07ebad322fRed Hat Security Advisory 2015-1876-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. It was found that Django incorrectly handled the session store. A session could be created by anonymously accessing the django.contrib.auth.views.logout view if it was not decorated correctly with django.contrib.auth.decorators.login_required. A remote attacker could use this flaw to fill up the session store or cause other users' session records to be evicted by requesting a large number of new sessions.
877d266616c7a414824877b342ccbfa1856350019d29d18619838e614d8640faAn authentication bypass vulnerability in the web interface of a Buffalo LinkStation Duo Network Attached Storage (NAS) device allows unauthenticated attackers to gain administrative privileges. This puts the confidentiality and integrity of the stored data as well as the integrity of the device configuration at high risk.
8b56e71d7955315bcf04a3159d5fdfb83497857e77ff2660643acd96f4072268A component of Kaspersky Internet Security that's enabled by default is called the "Network Attack Blocker", described as "protects the computer against dangerous network activity". This researcher examined the implementation, and determined that it's actually a simple stateless packet filter with a pattern-matching signature system.
c93a85cd6e072be949ef0e44b2c0a5defdb132a1bdc0a750a43a8beadfd92a25The W150D Wireless N 150 ADSL2 modem router suffers from a cross site request forgery vulnerability.
d09ea1f749e714cfa623d2468198983f9b6a09ff2ee6b2e3583654d44f360254VeryPDF Image2PDF Converter SEH buffer oevrflow exploit that spawns messagebox shellcode.
fb0eb094b5e573fada445410e8039241a3a11cfe31027910642ed1bad8b24ddaFreeYouTubeToMP3 Converter version 4.0.1 suffers from a buffer overflow vulnerability.
c25aa7b8ea2738b878b257f4887fbc5682c63e244b2a8b7c9f9bf2bc5ff5bf55WebComIndia CMS 2015Q4 suffers from an authentication bypass vulnerability via remote SQL injection.
afc30dbcbcfb0ef32c6e8696ef381ed2d5d31290833839f08df44da1dacba8e1PayPal suffered from an open redirect vulnerability.
e887d6170d64eb863e814260146a628878b0b1d63fc18ec8ff72b27057825e3d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed