Debian Linux Security Advisory 2722-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
205d6ba45c2ac50e43f376f72ec9f52ae8f2d51b5db211236230f603843dfbefPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ec6fdbe005e9789f64a2eb59bce6ed0182b40f164f99fe7d0081355897a00e21Mandriva Linux Security Advisory 2013-196 - Updated java-1.6.0-openjdk packages fix multiple security vulnerabilities.
869b68c084c8fd4d72ae353a576a7c8617307bf7360d63d7816d3a7a235ee7d1Ubuntu Security Notice 1904-1 - It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. Various other issues were also addressed.
cd859ab9c1529eb842030310fdae2e007f5f2c595e947035ccee976394f0e6e5Red Hat Security Advisory 2013-1063-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
309505c2c8254540813cdaa10f7c8c273952f53f9b8394498febda01107705eaHP Security Bulletin HPSBPV02891 - A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure. Revision 1 of this advisory.
a13c78b7e9815f844c448c9eb92c69522b4f6a4f767e7c12192d6a9794671eefDell Kace 1000 SMA version 5.4.70402 suffers from multiple cross site scripting vulnerabilities.
f31d9466c071de7d9384679b764eb2b12bfadfa571627c915b0ffc7b94cf09eeUbuntu Security Notice 1903-1 - It was discovered that the mod_rewrite module incorrectly sanitized non-printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. It was discovered that the mod_dav module incorrectly handled certain MERGE requests. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Various other issues were also addressed.
abd462126aebf1bb2c7fabc5c4f67e1480ea33b6a384117cb877b884bcb02807Olive File Manager version 1.0.1 for iOS suffers from arbitrary file upload and cross site scripting vulnerabilities.
4923d8db6286e1cf6917d43aa359d9d1dbc6d093111aca760cfae1f6c1112cbcFTP Sprite version 1.2.1 for iOS suffers from a persistent script insertion vulnerability.
b17f9f86c93c7d304115e7a035b5f7635cf9f925526f289c29667e10571460d8Squid version 3.3.5 remote denial of service crash exploit.
247867b58f499ec2f8cbd7f45618c22bc77cf0fc844f2741c42df41f4033fd68Eglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.
886e08b8e90e2d9b861f8e4dba2d25b994c4200f1929e01cc6bc74363c57f184Red Hat Security Advisory 2013-1062-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
d5af94336d7fe63affede3df98c2a9ba5b0b2fe4b757d285b2aa441de70ebcfeNikon CoolPix L Series Fw version 1.0 suffers from an information disclosure vulnerability.
00c5dc25f1958967070a5163d5ecb6dda8b5bb295f0fb9e5d15b3cce7642bdc8Barracuda CudaTel version 2.6.02.040 suffers from a cross site scripting vulnerability.
7c11db64cfe677974655ad7002705d5f2f7e6ebaafd849999276966c27b4d925
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed