Debian Linux Security Advisory 4111-1 - Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files readable by the user who opens a malformed document.
875fb1d918df3b661e4db466d4345a2f702d542ff1100d9a149bf7bbf114f493Debian Linux Security Advisory 4110-1 - Meh Chang discovered a buffer overflow flaw in a utility function used in the SMTP listener of Exim, a mail transport agent. A remote attacker can take advantage of this flaw to cause a denial of service, or potentially the execution of arbitrary code via a specially crafted message.
177e2fda59e9e6ba3a12f1c8d564ad42a8ca0e3bef74df674862b69bd02f1f54Debian Linux Security Advisory 4109-1 - Lalith Rallabhandi discovered that OmniAuth, a Ruby library for implementing multi-provider authentication in web applications, mishandled and leaked sensitive information. An attacker with access to the callback environment, such as in the case of a crafted web application, can request authentication services from this module and access to the CSRF token.
e59f433e0256fcb085e31cbcbe55a04241623a2742f3d2f521b26f9b0dd390b5Paypal / Money Transfer Clone Script version 1.0.9 suffers from a remote SQL injection vulnerability.
52d5d66942b0043aef7d321cc85c7938260c17772f2ee4067d2df036b7016027The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
2386b180183de2444fc4be1e86a6a581ba36877d6356baa5950a46293f5e1a09This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software ("units") without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands as root. This Metasploit module has been tested successfully with Juju agent tools versions 1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by Juju 1.18.1-trusty-amd64 and 1.25.6-trusty-amd64 on Ubuntu 14.04.1 LTS x86_64.
b9cf7f1398025752a68090222798f0555c42f1663cac0bf08ca8e26038f30d77SoapUI suffers from an arbitrary code execution vulnerability via a maliciously imported project.
e0430156b090f4e310fb65f9d97bfd534dbb8ded698fc0bebfe67d93c3f5f141Readymade Video Sharing Script version 3.2 suffers from a remote SQL injection vulnerability.
21a73403ac2fc9366ac278300a68d7247ba22c5efbd4d8cb353fe69ea07defdb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed