Visual Paradigm Server version 10.0 suffers from a cross site scripting vulnerability.
e73763c29114d3906a45e2af827e569bRed Hat Security Advisory 2015-2517-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
8ca7828726ccafd0284b76ef659e15a6Red Hat Security Advisory 2015-2516-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
2ff98908481157b3d767128b7c16d04cRed Hat Security Advisory 2015-2515-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.
92603867f8ae71c2b9527a995b6b7afbDebian Linux Security Advisory 3404-1 - Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings.
d88fd71d3211ddd5a510c9013e926cccUbuntu Security Notice 2818-1 - It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code.
5e228cb67945fe786a60acb4b8570d7dHP Security Bulletin HPSBGN03523 1 - A potential security vulnerability has been identified in HP Loadrunner Virtual Table Server that could be exploited remotely resulting in the execution of code. Revision 1 of this advisory.
d5bbe9a4bd5b08c5740bcfbbf6008c4aUbuntu Security Notice 2820-1 - Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.
3e9cf1eb8dd0479116658a68800e106cDebian Linux Security Advisory 3407-1 - Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.
f2a27348b5f9a4e0ddd79dd6b67a2aaeRed Hat Security Advisory 2015-2519-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information.
6bc1046a15b99db8952c14b22fa84adbRed Hat Security Advisory 2015-2520-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server.
2901ee3079f000fc7b23d245cdee413cDebian Linux Security Advisory 3405-1 - Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.
5f22316348f6b9f7f665784709b9c550Debian Linux Security Advisory 3406-1 - It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.
1caa2e1f4d34bccd8ca969134160f476Red Hat Security Advisory 2015-2518-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
3b3d7230ab72682f45f88bdaf566decaProFTPd version 1.3.5a suffers from heap overflow vulnerabilities.
ebb546df9609d5827f90fdfe2f5d1c6b
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed