Red Hat Security Advisory 2013-0770-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
06677a3528c530864f134b8fafc2e1294751341077971c4ef9f0fa7bea9269f4Cisco Security Advisory - Cisco Device Manager contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on a client host with the privileges of the user. This vulnerability affects Cisco Device Manager for the Cisco MDS 9000 Family and Cisco Nexus 5000 Series Switches when it is installed or launched via the Java Network Launch Protocol (JNLP) on a host running Microsoft Windows. Cisco Device Manager installed or launched from Cisco Prime Data Center Network Manager (DCNM) or Cisco Fabric Manager is not affected. This vulnerability can only be exploited if the JNLP file is executed on systems running Microsoft Windows. The vulnerability affects the confidentiality, integrity, and availability of the client host performing the installation or execution of Cisco Device Manager via JNLP file. There is no impact on the Cisco MDS 9000 Family or Cisco Nexus 5000 Series Switches. Cisco has released free software updates that address this vulnerability in the Cisco Device Manager for Cisco MDS 9000 Family Switches. Cisco Nexus 5000 Series Switches have discontinued the support of the Cisco Device Manager installation via JNLP and updates are not available. Workarounds that mitigate this vulnerability are available.
578c40e757b0c353adc0922465a0e8993c86db06c683fad64b40139a6b84b6b4Red Hat Security Advisory 2013-0769-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.
64eb4276f4d6cab98919cfe1cf17b4bde978777315cfe94bc872ef3f95bb94dfCisco Linksys WRT310N version 2.0.00 suffers from a remote denial of service vulnerability.
96c706f91c3a5f744fbbc0b57a7b74560a10053170e63931f5e7a21c6402b759HP Security Bulletin HPSBHF02865 SSRT101158 - A potential vulnerability has been identified with certain HP ElitePad tablet PCs. The secure boot feature of the BIOS may not be enabled, allowing alternate operating systems to be booted in contradiction with the BIOS configuration. Secure Boot is a feature that, when enabled, prevents the system firmware from booting to unauthorized boot loaders, option ROMs and operating systems that can run in the pre-boot environment. Revision 1 of this advisory.
0a01d2d62c314de04c12d85282d5813e7def6f779255084b616f5f646041e24bHornbill Supportworks ITSM version 1.0.0 suffers from a remote SQL injection vulnerability.
2eeb3aa7245d5145d3ec988798da4951d75aef73c27a476bcea507ba736fbb89Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
3abe6e1063e80a66c609e4a0d369660588bfdefb8c8fff994d8199dab739ca5eD-Link DIR-615 and DIR-300 suffer from cross site request forgery, OS command injection, lack of cryptographic storage, header injection, and cross site scripting vulnerabilities.
d92d1912f11dbbae5692e74866d76e755ce2c196d6f9a7fa689ae37251fd787eClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
d872bdfd692d440bc2ade2f4e5a7befc37feb8885cd81adfb6346a8214aafc12Ubuntu Security Notice 1806-1 - Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
fb482b1d6a477dd71523149f9168031b4570c128ce30b71240ef31f2fa6d158bUbuntu Security Notice 1804-2 - USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol (JNLP) when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. Various other issues were also addressed.
788cd726d94bf98f4dc6192ab9c074b7cbe5cca9dc2456a6adbf105350c328e6This bulletin summary lists two re-released Microsoft security bulletins for April, 2013.
4c5b461ca8708792edf50c28f91334af4f000b0087439a86b6979d146a56b905Red Hat Security Advisory 2013-0744-01 - Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.
cbd907594e654e3d3d2b243dd52c44128cb2ec5866fbf646e4281d98046c891dSMF version 2.0.4 suffers from a remote PHP code injection vulnerability.
fb1fdb9f88f7a10a68b514edae1cd6ba816517347156676b1a236c8ed23c784bThis php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components.
88262f0098e3ae940b541af13f63757e65e56df737aad47c872d4403ce361308This is a brief tutorial that discusses obfuscation techniques used by phishers.
4c282764be11f363487575a3810708ce4b9779823e5dbdad0c980365b13992d5This Metasploit module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
bb2929226a8a08e2945d6536acc0a7c67d0777ced5120b0ffa098ac076125760Debian Linux Security Advisory 2663-1 - Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon.
d27a46903652511fd9626681594a7256f7c929cb46999751f76c9fe419b659fbMandriva Linux Security Advisory 2013-149 - A local file inclusion flaw was found in the way RoundCube Webmail, a browser-based multilingual IMAP client, performed validation of the 'generic_message_footer' value provided via web user interface in certain circumstances. A remote attacker could issue a specially-crafted request that, when processed by RoundCube Webmail could allow an attacker to obtain arbitrary file on the system, accessible with the privileges of the user running RoundCube Webmail client. The updated packages have been upgraded to the 0.8.6 version which is not affected by this issue.
185018b1135f20767fccdb3719f084ecdfac1009cbbf8690224b50a4414df48fRed Hat Security Advisory 2013-0746-01 - An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level.
e0e7bdb5b0b9301124043a493b224b471c5939586c857ab5a5abc339a3c008e4Red Hat Security Advisory 2013-0763-01 - The JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release of JBoss Web Framework Kit 2.2.0 serves as a replacement for JBoss Web Framework Kit 2.1.0. It includes various bug fixes and enhancements which are detailed in the JBoss Web Framework Kit 2.2.0 Release Notes.
bcc552aba157e86f9f1f7fc557510c73040d4381d49dbca767a3b296f3e6298fMandriva Linux Security Advisory 2013-150 - Multiple unspecified vulnerabilities have been found and corrected in mysql. The updated packages provides the latest supported mysql version from the 5.1.x branch (5.1.69).
d4d7bca72d325bd859ddc3e3320a1e7ee2036885c89d19fce95b03494d4124c8Mandriva Linux Security Advisory 2013-148 - Cross-site scripting vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. A local file inclusion flaw was found in the way RoundCube Webmail, a browser-based multilingual IMAP client, performed validation of the 'generic_message_footer' value provided via web user interface in certain circumstances. A remote attacker could issue a specially-crafted request that, when processed by RoundCube Webmail could allow an attacker to obtain arbitrary file on the system, accessible with the privileges of the user running RoundCube Webmail client. The updated packages have been patched and upgraded to the 0.7.4 version which is not affected by these issues.
896d4871100444999e1e08ae677ad26796a59074a1228813d175f9baf91e96catinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.
6ac15eab766c021629992053aa1a23f31a0c429eb0f3eb8f49c923476eea618bpyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.
bdf03e9b6f0815ad1875246f4b8d39d283d291b789b528d2a83ab6469bd69652
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed