Ubuntu Security Notice 1782-1 - It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.
8016649df7936a08004b2ecb225d08e87a24eada7f4d4e8cc369501b71865951This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
257e7dc02cc758e02ddfc07622def557b152de2354df0f2e8e6ddd5a95045d43This Metasploit module exploits a lack of authentication in the shell developed by v0pCr3w and is widely reused in automated RFI payloads. This Metasploit module takes advantage of the shell's various methods to execute commands.
c98b44143d435c087fc71dd51541d105f13f0b99cdf31def59cce893a060e474Asterisk Project Security Advisory - When authenticating via SIP with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
7ce9d396f6a8843def45150840621abd66a61195ea9967e14e7c6392d62f7a27Cisco Security Advisory - The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.
6c8d5ab39e1579248c235ac0fb6d130f03287e1bfe1c2113cc6a6081582b9a36Drupal Common Wikis third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.
0ead0c1b6461de562721b99bba7a816c5c188b5649caf9a8533d5386639df1eaEMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.
883d4810ac2c6054019ce2ac8a31a3711e9315ccc3a0dc8dd3c1d89e8cf6b06dAsterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.
7a1b07b00aaec1a54c4a018a3363c0392f9374f44ef12df07d9140f78bd6c056Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
f65bd4e39e183642a6d2572c9a108eb5574fee859a6831d2e4f41be3dc70ee7eDrupal Common Groups third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.
f669c1b9745c7be65686fd69d8357c49ea773ce0b1124fee20ef6d5c5668bc43Cisco Security Advisory - The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
d8a9ebcc5bcdbb846ebb55212f513487470545447c60d9e5baa8b680cb2e36b9Asterisk Project Security Advisory - The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely.
6dbcc321fa05a34d90ae2594f9ee9d1f4e3a55fa0610c69189ee26ee7c7e8f70Drupal Rules third party module version 7.x suffers from a cross site scripting vulnerability.
f2f8ca4e2b4ae29b0c45ac10b1bad3aa48a53157f2aaec80b06f22bcc52c9cd0BlazeDVD Free Edition version 6.1.1.6 suffers from a buffer overflow vulnerability.
bdbc3385b746b6b0cb6e4960656a9e6c260df28173c52e32937cf108929fe845Cisco Security Advisory - The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.
42356950e1cc56926e25264368f0756b639d7b291d5d8fd340c0a7946bc690e8Drupal Zero Point third party module version 7.x suffers from a cross site scripting vulnerability.
37b56deaef01f5ce524a97748fc68d4f269a0f41f3264e6e15807a3c27e9942bCisco Security Advisory - The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
7bfd2bd455cd5f6b92d91689d93812aab9c993e272761cdfb6ba0d2c3bf6c303Red Hat Security Advisory 2013-0687-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.
a3774347ea45c3c7ae68e1074b90367573297995db1225f26b9651f2ad1564edCisco Security Advisory - The Cisco IOS Software implementation of the IP Service Level Agreement (IP SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Mitigations for this vulnerability are available.
4162210f7ba691ed071fdc74e025a5bdfb0887df0caea4092a5359e11414c57bCisco Security Advisory - Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affected by this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP inspection.
8311d0cd7dd53190ebee1eb5be28570c0c0e1924521c952b8fe0af8712142057HP Security Bulletin HPSBST02848 SSRT101112 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. Revision 1 of this advisory.
5a5dcb7601ecc8493e08966dbb1d863b2d8e50c35ab09c95d4634bbc73448fcfSlackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2266.
a993d939b799c47a47bff241e1f49b6b00f251765344dc7c88ca3e0f7c959802AWS XMS version 2.5 suffers from a path traversal vulnerability.
e8265b5ddbb691c7801baa5e82a4c792f1e07efb41722fd028d1429b5c701edfMcAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method.
55fc445bc2332b108a292b07dc1275003a836cf017d276122b75dab94844b2a7A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.
7cda4cd2685e259b72b8a7f277f48a6fa21ea4dcfa18ce25de752b2336680f23
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed