Red Hat Security Advisory 2013-0994-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.
32c7604db4e8db147fcbddd83a091aa60f03d25791155e16d28b79f42a471506Red Hat Security Advisory 2013-0995-01 - A flaw was found in the create method of the Foreman Bookmarks controller. A user with privileges to create a bookmark could use this flaw to execute arbitrary code with the privileges of the user running Foreman, giving them control of the system running Foreman and all systems managed by Foreman.
a6ea90b4ec301210ea27cf545a21cf478f09de9e3ff6fc69ffd8f53ff3497b99Debian Linux Security Advisory 2715-1 - It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master.
fd2dc8e5853dbe33e218f6b50151a763e0ba4dd4cf9901134c0e021f9d1edac1Ubuntu Security Notice 1893-1 - Alexander Klink discovered that the Subversion mod_dav_svn module for Apache did not properly handle a large number of properties. A remote authenticated attacker could use this flaw to cause memory consumption, leading to a denial of service. Ben Reser discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain LOCKs. A remote authenticated attacker could use this flaw to cause Subversion to crash, leading to a denial of service. Various other issues were also addressed.
fadad9d01a7a48363d8538dad2db68b65dffa4ac54afcd7eeb83be412b82d57bUbuntu Security Notice 1892-1 - It was discovered that ubuntu-release-upgrader would fail when a user requested an upgrade to Ubuntu 13.04. This would prevent a user from migrating easily to Ubuntu 13.04 before the Ubuntu 12.10 support period ended.
c45c0cfedb56dfcb1b096118732bb29d017bc74a99184bfb68ea3a9190520815Mandriva Linux Security Advisory 2013-185 - Updated perl-Module-Signature package fixes CVE-2013-2145. Arbitrary code execution vulnerability in Module::Signature before 0.72.
c7e5d5ed176a33a19145b6155e1725b3cb982169c35e3e86fd5f5833bf0d01e6Mandriva Linux Security Advisory 2013-184 - Updated perl-Dancer package fixes CVE-2012-5572. A security flaw was found in the way Dancer.pm, lightweight yet powerful web application framework / Perl language module, performed sanitization of values to be used for cookie() and cookies() methods. A remote attacker could use this flaw to inject arbitrary headers into responses from applications, that use Dancer.pm.
5e4cd0dafb01b5590970bbb3187e0e97b40f6c3f624e3f8d33655f466899e46fMandriva Linux Security Advisory 2013-183 - Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. Various other issues were addressed.
3bc21ccc47d661daa96394b723e72056e5e5367a29aeae7693f91c800dd74b49Mandriva Linux Security Advisory 2013-182 - Updated mesa packages fix multiple vulnerabilities. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
a90b8aaa0be2c76505077698e6b25ae7036e5269415ca1a9259e114ff2f855f1Mandriva Linux Security Advisory 2013-181 - Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XF86DRIOpenConnection and XF86DRIGetClientDriverName functions. The updated packages have been patched to correct this issue.
a4beeeb10e775810693019d4dc5ba38575cb1e9c3f90070c99872a9c19730354Mandriva Linux Security Advisory 2013-180 - libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with \%HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller. The updated packages have been patched to correct this issue.
8930cdf17b729214cd1f709f26c69dc0640e1825f1cf4dcfb9fa79a62710a602This is a whitepaper called Digital Satellite Receiver and Safety. Written in Turkish.
d7cc66e8f99debfec1f75708fbfa4198805f1c26fc1e85a0a541cd7c1cd2a814This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.
4c7f2d07b2fb9904b25b6805e68094ce81bd292f4e93feb4b36e0f249b1ace06Cisco Security Advisory - Cisco ASA Next-Generation Firewall (NGFW) Services contains a Fragmented Traffic Denial of Service (DoS) vulnerability. Successful exploitation of this vulnerability on the Cisco ASA NGFW could cause the device to reload or stop processing user traffic that has been redirected by the parent Cisco ASA to the ASA NGFW module for further inspection. There are no workarounds for this vulnerability, but mitigations are available. Cisco has released free software updates that address this vulnerability.
ec64974b2ac07ab492e1a5dfadb995c59febd0ac9849aedd50b4abf8aa81eb7bCisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Content Security Management Appliance is affected by command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
3fc7baaa77ed48d81b4f09eba8467c1626fa1a90dd426aa437bd73366e18973aUbuntu Security Notice 1891-1 - Multiple memory safety issues were discovered in Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. Abhishek Arya discovered multiple use-after-free bugs. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to execute arbitrary code with the privileges of the user invoking Thunderbird. CVE-2013-1685,CVE-2013-1686) Various other issues were also addressed.
3ed99560bfcc1801f775973b6f002c03a20fca98adaee9a2e0e5b6eeac71f887Debian Linux Security Advisory 2716-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery.
5ebe91542f6fe7da0420bd343e5011912bd953cd6de2607de103d318b6008305Ubuntu Security Notice 1890-1 - Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free bugs. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
ac94c2cd9ce8eb413dd2b48e8bd494ce46fe84e71be3a9fb57c00d03ebbeeaffSend an empty password to PCMan's FTP Server version 2.0 triggers a denial of service condition.
5c6bc2540fe27f8b6ae22a14eac60214f4d64052fc02c888492e8709cf10aec6Cisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by multiple command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
bc277a683674b0d081255c33fb124f365f7e4cf928a696d60228bf202361ef7bCisco Security Advisory - Cisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by command injection and denial of service vulnerabilities. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
932804e2be92ceffb38ea7ef95554351baadb97daa74dff946b5066e74d61a87Xaraya version 2.4.0-b1 suffers from multiple cross site scripting vulnerabilities.
ed1a6f3ff2988a17b6db15e8220f076ffe9b16698f9b2452201a32c958af6c74Mandriva Linux Security Advisory 2013-179 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. Various other security issues were also addressed. The mozilla firefox packages have been upgraded to the latest ESR version which is unaffected by these security flaws.
b0b72cafbc2361750e49e061e443bf4c31ccb39cd9f5d1f6c678247054a8cf27Drupal Fast Permissions Administration third party module versions 6.x and 7.x suffer from an access bypass vulnerability.
11a82716b74d3388b64c64bd8529925dddcbabc2d3026fe8afbb8b4d42c34108InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.
58c5a918b42d3c4c9947890483bf68e4a4eea813701b686f794e5f548a9a717d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed