Red Hat Security Advisory 2013-1101-01 - The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges.
ec47d43348aba295395f355d49d7df9d89d29633f2e0a120214cee8ab4f597aeRed Hat Security Advisory 2013-1100-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. This issue was discovered by Lev Veyde of Red Hat.
17f080562461d9428e71f2571c2d5e807125df384a59fdf41c09bd5873a86e96The DMCRUIS/0.1 web server on Samsung TVs suffers from a denial of service vulnerability.
e9b3d22fa6b4f3fc19e75db76fe9f037ca994a090ee5b9c167a7c2876397d627Photo Server version 2.0 suffers from remote shell upload and command injection vulnerabilities.
149ec4f509df9c7841d47111e32d365b17fccc1ffcff2c4cc0364c89074f6895Dell Kace 1000 SMA version 5.4.742 suffers from a remote SQL injection vulnerability.
693c5b2e61edff845088532a9358fff8f70678f354d983b1ac6cbfc327108d2aCollabtive version 1.0 suffers from cross site scripting, remote shell upload, and arbitrary account deletion vulnerabilities.
db6047545975993b9eb3318de2e4ffdb0ea6799f5df0acdd3e8af273d4493481OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
66ebf924304409356b35a3423e4b7255996c5a42503c3188bf08c6446f436ddcThe WordPress FlagEm plugin suffers from a cross site scripting vulnerability.
b2aff13a721933615831574d3a200e0aa8d91b95d990db54195e7205f361aeb2PCMan FTP Server version 2.0.7 remote buffer overflow exploit.
823e653d8a82b7def332d37498fc6aa74c4bd6b3c4d38913e525c15b1fff1e71Microsoft DirectShow suffers from an arbitrary memory overwrite vulnerability.
966359e1bfa8e5872cbdaaf4d8d308eea241b248036ed506a60a1cb9909d046fRootPanel suffers from a remote SQL injection vulnerability that allows for account takeover.
3b0a2b15e86e26905ee913231acbaecfa5ddc1f2eefcea4109cfc8734f8e8c13Jetaudio version 8.0.17 suffers from a denial of service vulnerability when handling a malicious .m3u file.
120dc26c9dad5d23c8bbfa20b77c6e8094e7c37d3f7486ece227d645cfb2c75dVbsEdit version 5.9.3 suffers from a buffer overflow vulnerability.
58ac21c66b7e12fd936c5067c4466ccea32a8778db1358b7ba0282b79506259cCollectivemind CMS suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
bad38d512755ea1c18a2429471596ee43978221db2a5f3a850aeefcbe2d8e75dWebcoza suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
fee6d82682ff40c05030b449ed2b34542a4fb2ce3bea982d84367bbd12d69ccdAutoWeb version 0.9b suffers from a remote SQL injection vulnerability. Note that this advisory has site-specific information.
b522d5365a43eec87fe471d0ae5a4872f7c25b49037d37b6ba3187ba1a13b765MLM (Multi Level Marketing) script suffers from remote SQL injection and cross site scripting vulnerabilities.
3cea3e565701542fb819e5b8868b46f8e4a30b431ab8eef2f15a310434904029Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a nest expression evaluation that allows remote users the ability to execute arbitrary UEL functions.
a87988f73312e5bcabc2f319c28c75d1bd10eb46024a263f67c4d2162580e354Apache OFBiz versions 10.04.01 through 10.04.05, 11.04.01 thorough 11.04.02, and 12.04.01 suffer from a cross site scripting vulnerability.
26c1bb776a54ce85382e16dc08ca13d97a5a5b5d6f10425b3168cacf5d112692Barracuda CudaTel version 2.6.02.040 suffers from a remote SQL injection vulnerability.
f4960083a6184c632bdada74fff018ee80fc1a0d0750bea2a416036bd6567949DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
87730ed90b89d93ac706e6dca7ffb508b64659fbefaf41acab470380cc9e5987HP Security Bulletin HPSBMU02900 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. Revision 2 of this advisory.
aa5398e97437c28076d2f5544c40ed75d95e10ca70d3d9cb6dfa48709cc572f7Due to a unspecified bug in the Western Digital My Net N600, N750, N900 and N900C routers, administrative credentials are stored in plain text and are easily accessible from a remote location on the WAN side of the router.
bf88aed4d696455490d5a2c74cfe20b56aa34c64165c1b2bd7b7ccbb82331b9bDownload Lite version 4.3 for iOS suffers from a persistent script insertion vulnerability.
82e4453c93d34a4a9eeb5244557c1b3b482d6fd62ca90297b2309e440e3d8357Barracuda LB, SVF, WAF, and WEF products suffer from cross site scripting vulnerabilities.
e3c876d68a350dfb200bb77d98cc6369cd8bcba072ffecd0aeea77a84e63a647
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed