phpwcms versions 1.5.4.6 and below preg_replace remote code execution exploit.
815d662d1defc929cafd32019bac1baf9c7bd4c542eedf9b6366400a07994cd5Ubuntu Security Notice 1668-1 - Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certain variables in the apport-bug shell script.
df9e58013e69b4fde3e825db068c7ca9fc1c28b8b1e64fdf317a7448bbcf30a0Red Hat Security Advisory 2012-1577-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. As of October 1 2012, IBM J2SE 1.4.2 is no longer supported for use with SAP products. All SAP users should migrate to SAP JVM 4 provided by SAP as the only supported Java Virtual Machine. Refer to "SAP Note 1495160 - SAP JVM replacement for Partner JDKs 1.4.2" for additional details. These java-1.4.2-ibm-sap packages provide the last SAP certified IBM J2SE 1.4.2 release, SR13-FP13.
a43700d6ba0bc0574467857824d4435add3e4282a47fc4dc060447e3c6ab3d02Debian Linux Security Advisory 2589-1 - The tiff library for handling TIFF image files contained a stack-based buffer overflow, potentially allowing attackers who can submit such files to a vulnerable system to execute arbitrary code.
3ac4548e675387d7bd6ae0cf7e8dbce981647779ac6fc5142b558d8aa6c6c145Ubuntu Security Notice 1667-1 - Julius Plenz discovered that bogofilter incorrectly handled certain invalid base64 code. By sending a specially crafted email, a remote attacker could exploit this and cause bogofilter to crash, resulting in a denial of service, or possibly execute arbitrary code.
02c9705e1cbd1923e513a5e01cd882df617228cba48ea98cd940faf6f4cd1488Debian Linux Security Advisory 2588-1 - Multiple vulnerabilities have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
efb4a9141889fdb33abe81a021b698dc39bafb83a76d61ebabbcc1cb67866cc1Ubuntu Security Notice 1666-1 - It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
42c16fb115783c46c14f38bed8c9cbdf8ad2e0cc19ff88ef969a9f2f6594d0c1Ubuntu Security Notice 1589-2 - USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem. It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
5ede9c10aca0d60fd34b94b3e266cb77e4930fe9a283734c9b84820f56b74a90
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed