Visual Paradigm Server version 10.0 suffers from a cross site scripting vulnerability.
11c702c88601ac6e95e42022410b65f5fca9d57c43f676ae447bdbbbf28e80b1Red Hat Security Advisory 2015-2517-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
307be76e804ec87b99d8c4285e6c0b866882e5818e8b5c81784f0fb7251ae4c0Red Hat Security Advisory 2015-2516-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
89a84ea97cadc015b03977c43f2838c425f5b6e67730b5a868ae859c0b8f11b9Red Hat Security Advisory 2015-2515-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.
e32fe9ddf8851ecabfcf5006bf82aa9daaffa5a9d19aa1c0ebfacda0fa5155ebDebian Linux Security Advisory 3404-1 - Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings.
0b58e8ca659dee4ee5116e23bd086472730fc449accaa2eca6cb5501d11fc141Ubuntu Security Notice 2818-1 - It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code.
a9fe82136c955c433722b503fc60c06705defffd05682f9e89d7645dee7a7255HP Security Bulletin HPSBGN03523 1 - A potential security vulnerability has been identified in HP Loadrunner Virtual Table Server that could be exploited remotely resulting in the execution of code. Revision 1 of this advisory.
6f4706b10ff069ecad90deb5270a945fba17698a771ff4c1087123518ddcb4ebUbuntu Security Notice 2820-1 - Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.
5ea619810a1858647bc6decd944ac40456af9ba8b3a6b17aa480ef128878af21Debian Linux Security Advisory 3407-1 - Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.
9598ae2264f8a14638f87a3ca5d821950ee36da44b3324ea62f986b8f2e0c4d0Red Hat Security Advisory 2015-2519-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information.
a69410df0fcb37dd6f888b0b290e215e7d2ec1cb9c8fa9f167275dbff6ff9de4Red Hat Security Advisory 2015-2520-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server.
5688d2b98fee014d2dc9754b03ff6046b68d6f1e776060d5583fadb5ece90aa3Debian Linux Security Advisory 3405-1 - Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.
093436dd8877007cc38f10a273809c83511466a1c55d6c0914d14c87e2b9cf4cDebian Linux Security Advisory 3406-1 - It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.
930894e681573a82ac8191e73c85435a31821c44a824377eb46afcc3622b98bfRed Hat Security Advisory 2015-2518-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
cd01d7b57fe3e51875ebdc9a1bf9b8098c2149ac2ff6216a439aa9920b087813
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed