Secunia Security Advisory - A security issue has been reported in the Payment module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
d41c25e85ac4ae160c13096d82962b6b9d3104a46805976580816c4d5740380cSecunia Security Advisory - A vulnerability has been discovered in Oracle Java, which can be exploited by malicious people to compromise a user's system.
75f5df567ca6e5bb598956eaf61a16cdddb621017f941ae6d2e9c7a4aa090ceaSecunia Security Advisory - A vulnerability has been reported in some Cisco Unified IP Phone models, which can be exploited by malicious people with physical access to compromise a vulnerable device.
dffe809d76acdd2e6c7a7db4b0da2c83d70f4192ab5ed207d630f38f4bdbdb87This Metasploit modules exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This Metasploit module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.
b30345fc0ce669f179e6185df91c57d68d20a383c5a011c0ba877c1319ef539bThis Metasploit module exploits a vulnerability in Microsoft Internet Explorer. A memory corruption may occur when the Option cache isn't updated properly, which allows other JavaScript methods to access a deleted Option element, and results in code execution under the context of the user.
307b7adfa8d05c300b48db94ceb041a3ced231d646f14a788423d6874081b7c4This Metasploit module exploits an authentication bypass vulnerability in eXtplorer versions 2.1.0 to 2.1.2 and 2.1.0RC5 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to any writable directory in the web root. This Metasploit module uses an authentication bypass vulnerability to upload and execute a file.
8483dda079be04a44863b410b51eecbb3374b00177e8c973282a9974a2918555Nero MediaHome version 4.5.8.0 suffers from multiple denial of service vulnerabilities due to improper handling issues.
a667ecae12bef1ca764da84656ce5d402feb400df56dbf141eca769b9ea9f54eSamsung Kies version 2.5.0.12114_1 suffers from a buffer overflow vulnerability.
ba64ccf75ec04e06017109e58437056a7a1dbd3ba88cbccb70812d4d1fcc3311Quick.Cms version 5.0 and Quick.Cart version 6.0 suffer from a cross site scripting vulnerability.
8252388141e7acdab8a3ad358488b4c7928f6202ea3ddb4ef3a0897770e81079Drupal Payment module version 7.x suffers from an access bypass vulnerability.
535b4866a799a0a1dabbbc5fe8374c834ad2d16e56968915a6a9127056d9b313Drupal Search API version 7.x suffers from a cross site scripting vulnerability.
06241ab4337401841fd2750490e3015827b816e490cbf2adbf637a1776a32900Mandriva Linux Security Advisory 2013-003 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.
3d94d3b0d2d1647beb5ae26b794650a765c690cdc66365234712f301f98b0429Mandriva Linux Security Advisory 2013-002 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. Various other issues were also addressed.
9ee750b2b8c7902fd7785c0edbfdc5773ae0ab089e0b3acc4daccaf1b8b4b1c4Red Hat Security Advisory 2013-0150-01 - Adobe Reader allows users to view and print documents in Portable Document Format. This update fixes several security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-02, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
20a8dbd66e4be016adc44781debcd765abb0af106be7033d99dc1ef90025792fDebian Linux Security Advisory 2604-1 - It was discovered that Rails, the Ruby web application development framework, performed insufficient validation on input parameters, allowing unintended type conversions. An attacker may use this to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on the application.
0581d96f49dc1b55c0f151232b2d24acf9a7d686380b72bd666cefac298521beDebian Linux Security Advisory 2603-1 - Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to "safe".
ddf7bc7c4889ddfe1ef2ad9bd0556f0b667bb36217ab5501a99f4c11108e2209Ubuntu Security Notice 1682-1 - KB Sriram discovered that GnuPG incorrectly handled certain malformed keys. If a user or automated system were tricked into importing a malformed key, the GnuPG keyring could become corrupted.
69f30d35a0a66cd25764996ab169e31f2ac7befe5e898436f48e9aaa8d5629faDebian Linux Security Advisory 2603-1 - Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to "safe".
ddf7bc7c4889ddfe1ef2ad9bd0556f0b667bb36217ab5501a99f4c11108e2209Websitebaker add-on Concert Calendar version 2.1.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
08f398cedb0b208dc2348c5f4b971fa4c1f1f8a17d18a0ccc2f9741ea6710a5bInmatrix Ltd. Zoom Player version 8.5 memory corruption and arbitrary code execution exploit that leverages a crafted JPEG file.
e93c531005e5c45acf7db63cf82c525cc84d2dc9abe53bbded611012472ddc3f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed