WordPress WP-Table-Reloaded plugin version 1.9.4 suffers from a cross site scripting vulnerability in zeroclipboard.swf.
14e6669ec4891d780769a3d3fea70803731544b0f83c6144cc7693c1ff5b5d87This python-based tool is a disassembler for the Atmel MARC4 (a 4 bit Harvard micro).
452a69bddc6990de27e03b5529bc149c0e7cb6325221d84f63ff737f5aa70192Netgear SPH200D suffers from cross site scripting, path disclosure, and directory traversal vulnerabilities.
feb81bf5c98699eaaac241a0def910ecd684f41727637e5be8c37af1a136cd6aThis proof of concept exploit determines the password length of a local user who runs "su -".
022c6530fd20470c1bf0ebb6d2d713b94830d8056ee73fad6c52655e8f455190The WordPress RLSWordPressSearch plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
b26265f8773c88bd11c805605ff88de7f20c168b9649111452af6b633c767de8A critical security vulnerability that allows a remote unauthenticated attacker to remotely execute arbitrary code under root privileges has been discovered in Broadcom's UPnP software.
a9af7d158bb390ad756245dc9d569c020c94e28b5576407cf6cf4b7fe4378cd8Debian Linux Security Advisory 2613-1 - Lawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML.
5d302711fe7085a3a57416acfd4e867f6659113869e1eb15bbdb43a3f5cf667fUbuntu Security Notice 1713-1 - It was discovered that squid's cachemgr.cgi was vulnerable to excessive resource use. A remote attacker could exploit this flaw to perform a denial of service attack on the server and other hosted services. It was discovered that the patch for CVE-2012-5643 was incorrect. A remote attacker could exploit this flaw to perform a denial of service attack.
9d97517571b73923a15aeb84a647627412eb894f960c5b3782a66d7f74189a9dRed Hat Security Advisory 2013-0207-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. The GUI installer created a world-readable auto-install XML file containing both the JBoss Enterprise Web Platform administrator password and the sucker password for the selected messaging system in plain text. A local user able to access the directory where the GUI installer for JBoss Enterprise Web Platform 5.1.2 was run could use this flaw to gain administrative access to the JBoss Enterprise Web Platform instance.
d18964493095b0d32a7ae3cdadef21d3dfadaa904bbab54125baf24804ca0654Red Hat Security Advisory 2013-0209-01 - These packages provide a service that acts as a registry for virtual machine images. It was found that when the OpenStack Glance front-end communicated with an OpenStack Swift endpoint, the operator credentials could be logged in plain text when certain errors occurred during new image creation. An authenticated user could use this flaw to gain administrative access to an OpenStack Swift endpoint. This issue was discovered by Dan Prince of Red Hat.
ba4d3ac81d1773f1bd03e0efea6e41920e0db7f02055379d11726b0c89f6dae9Red Hat Security Advisory 2013-0210-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Red Hat will discontinue the extended subscription services provided through the Extended Lifecycle Support Add-On for Red Hat Enterprise Linux 3 on January 30, 2014. After that date, critical impact security fixes and urgent-priority bug fixes will no longer be available for the following products: Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux ES 3 After January 30, 2014, technical support through Red Hat’s Global Support Services will no longer be provided for these products.
3b61fe792e07273b0c163c336f85fe8df1067073972041076d8059d62a1fe81bRed Hat Security Advisory 2013-0206-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. The GUI installer created a world-readable auto-install XML file containing both the JBoss Enterprise Application Platform administrator password and the sucker password for the selected messaging system in plain text. A local user able to access the directory where the GUI installer for JBoss Enterprise Application Platform 5.1.2 was run could use this flaw to gain administrative access to the JBoss Enterprise Application Platform instance.
5a6f1e25dd8eaf6d992d5b079773d94c8cf686e12c544acc055b5ea88689cef0Red Hat Security Advisory 2013-0208-01 - The openstack-nova packages provide OpenStack Compute, a cloud computing fabric controller. The openstack-nova packages have been upgraded to upstream version 2012.2.2, which provides a number of bug fixes over the previous version. This update also fixes the following security issues: It was found that the boot-from-volume feature in nova-volume did not correctly validate if the user attempting to boot an image was permitted to do so. An authenticated user could use this flaw to bypass intended restrictions, allowing them to boot images they would otherwise not have access to, exposing data stored in other users' images. This issue did not affect configurations using the Cinder block storage mechanism, which is the default in Red Hat OpenStack.
5fd88f6598b40a559cd20867e3debfeaa0cd71227c88be7a409d9824869f3f9bUbuntu Security Notice 1712-1 - It was discovered that Inkscape incorrectly handled XML external entities in SVG files. If a user were tricked into opening a specially-crafted SVG file, Inkscape could possibly include external files in drawings, resulting in information disclosure. It was discovered that Inkscape attempted to open certain files from the /tmp directory instead of the current directory. A local attacker could trick a user into opening a different file than the one that was intended. This issue only applied to Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. Various other issues were also addressed.
ad9711511dcca224388d073b2dfe23803a095bc6b5187c2009d479f41de3f37dModern smartphones are equipped with a plethora of sensors that enable a wide range of interactions, but some of these sensors can be employed as a side channel to surreptitiously learn about user input. In this paper, the authors show that the accelerometer sensor can also be employed as a high-bandwidth side channel; particularly, we demonstrate how to use the accelerometer sensor to learn user tap and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern.
b36715f052367ed9e7831c08a743263d5a554a959e5c0fc9a1237b419a10bb1aSecunia Security Advisory - A vulnerability has been reported in Schneider Electric Accutech Manager, which can be exploited by malicious people to compromise a vulnerable system.
41f1958d57d4247fb1b4bb19563e653c9b33d93d8b89d4e96ca633e6767676abSecunia Security Advisory - Marcela Benetrix has discovered a vulnerability in the WordPress Poll plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
86b3e6752d4345a217662b4aee9ed7f869b7efe172dd6bd483c3c12d09653f63Secunia Security Advisory - Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
3fec122c7fcae1aab5bdb14657e244284b78be0042862006b82e773f8758cdbaSecunia Security Advisory - A weakness has been discovered in the Simple History plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information.
0fcb85de2ee4a307f52b85d3d0276620c4cd9bdc5b1c75ee8fa35e87096f8c83Secunia Security Advisory - Two vulnerabilities have been discovered in the WordPress Poll plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
eeed45a8aaf6223c1d99c43114f2609acdaceb563394f7e61ac5b82a0bdeb1f5Secunia Security Advisory - A vulnerability has been reported in IRCD-Hybrid, which can be exploited by malicious people to cause a DoS (Denial of Service).
a06d1c718d7bfaf3f8642e80e8357f8dd499f731fc2068b4af3699e17fbd2780Secunia Security Advisory - Ubuntu has issued an update for libvirt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
86e9db081f1c94c76c6a0731718f051b30592cb22281af6297706c40a90cee8bSecunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.
618aa92189b66698d6689f8dd82f4f1c9f0e97da7c5c42d6762b7ea362b77841Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM InfoSphere Information Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
1ea85eb44120fcd015fff882dbe999308436eea270eb510446ec0dff97971453Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM InfoSphere Information Server, which can be exploited by malicious, local user to disclose potentially sensitive information and gain escalated privileges, by malicious users to bypass certain security restrictions, and by malicious people to conduct spoofing and cross-site scripting attacks and compromise a vulnerable system.
c3b0c0d79d4689b12e198abf5c51be35cc91aac47d1c3f6600f1efd936fb4aac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed