The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.
ddc747214ad4a4c1f0e032dfddc35ed3360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
d84bc7e15e0603a3d966adbd7178a4daGnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the current stable release.
1b3b6d55d0e2b6d01a54f53129f1da9bGnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the previous stable release.
b698ee3814ff0d4415e9a60e99656204Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
58f1e066069847a09cf398e10ccd8a0eSlackware Security Advisory - New libsndfile packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix security issues.
9a54ae907807d3bfe30fb66a953ec2b4Debian Linux Security Advisory 3472-1 - Two vulnerabilities were discovered in wordpress, a web blogging tool.
ed426b28a3bff5b1337da9d3008df11cDebian Linux Security Advisory 3470-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
39bf91a809d301fe035ac60af251050fDebian Linux Security Advisory 3469-1 - Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.
34b6d4c51cc5e4f14224ee3dfa59d600Debian Linux Security Advisory 3471-1 - Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.
ded9adc12dd631492b3380a60465ca09Red Hat Security Advisory 2016-0158-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
66cef5b36cc3630b2141823fcc8493a9Red Hat Security Advisory 2016-0157-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
1d1f4dce9ace349f9908cb1a0e1d55b6Red Hat Security Advisory 2016-0152-01 - The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. This issue was discovered by Mateusz Guzik of Red Hat.
15ff0821ec6f519aa7a7bbee63d5d3dcRed Hat Security Advisory 2016-0156-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format.
2db399f9c3bdc9974fb381ff590e13d9Red Hat Security Advisory 2016-0155-01 - OpenStack Object Storage provides object storage in virtual containers, which allows users to store and retrieve files. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication. Because Object Storage supports asynchronous eventual consistency replication, it is well suited to multiple data-center deployment. A memory-leak issue was found in OpenStack Object Storage, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.
4fda8a0c34517e937bbab455b903ad0eUbuntu Security Notice 2892-1 - It was discovered that nginx incorrectly handled certain DNS server responses when the resolver is enabled. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service. It was discovered that nginx incorrectly handled CNAME response processing when the resolver is enabled. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1a7fa25fcd1529bf2318519641ffe64bUbuntu Security Notice 2880-2 - USN-2880-1 fixed vulnerabilities in Firefox. This update introduced a regression which caused Firefox to crash on startup with some configurations. This update fixes the problem. Various other issues were also addressed.
5fdf68efeb82cf068a16906c3b06f79bThis bulletin summary lists two bulletins that have undergone a major revision increment for February, 2016.
d969559fb0b2dfa8c2e5830ce2828c20Joomla Scatalog component version 2.0 suffers from a remote SQL injection vulnerability.
b36254dc86eafe62ca5c0a068cf4ef47Joomla Subcategory component version 1.2.15 suffers from a remote SQL injection vulnerability.
ae2e532a00b7f90457f4f048c5068d71ManageEngine Network Configuration Management build version 11000 suffers from a privilege escalation vulnerability.
721f8a3a32e703192c42c95a2ac482ccThis bulletin summary lists nine released Microsoft security bulletins for February, 2016.
a623d3bf23d119823a0e6ae8432de530OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond.
3ac26a15ec16701e2fb2e821afc62436
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed