Drupal MRBS third party module versions 6.x and 7.x suffer from cross site request forgery and remote SQL injection vulnerabilities.
b142181a17115a9d5fea3ecd0371961dc0b831c2b04c9cc9a0aa05db9b2f8020NanoSSH on Avaya Ethernet Routing switch (ERS) 5698 and 5698-PoE suffers from a remote denial of service vulnerability.
4ec9685eea0f9205acd2516ddd10ca2ebd352f49eb06fdac3f8ea83053652e25This is a brief write up that provides a shell script for passwording a shell bound with netcat.
cfc1acda80ec146d9ab2c3f0450fde46f259d590816a5459a6af88bcf081612eHP Security Bulletin HPSBHF02888 2 - Potential security vulnerabilities have been identified with HP Network Products including 3COM and H3C routers and switches. The vulnerabilities could be remotely exploited resulting in disclosure of information and execution of code. Revision 2 of this advisory.
5b2e403ecc8c93bc0c644e3fc1d4fec3fee8c718711c9b91ae6b9da7a7f835bbFlux Player version 3.1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
465c1518ad65e7480d885d0a2f972364b3e3056cb6929a00c3d865700721eb31OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability.
38b297dd1ab04c81707528c624dcbe14c157ef5ed3c0efec359d9e679dce13fbWiFly version 1.0 Pro for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
9751e2310d25b8f3052a555036d3c6fb9a08e73ed5071f891c6994938f2c160dEMC Avamar version 7.0 suffers from improper authorization checks and cross frame scripting vulnerabilities.
2581fa5ef9d8d7bdf1d100067207d09b59c5cfcac21e72f041a71709dafd1897Cisco Security Advisory - Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or modify information in Cisco Unified CM. Cisco has released a Cisco Options Package (COP) file that addresses three of the vulnerabilities documented in this advisory. Cisco is currently investigating the remaining vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
84003a42547734b89d56319bd564adac91c646bae378b2895d1a82abadfb3192Ubuntu Security Notice 1904-2 - USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.
73ee61050460c5c1a204774c868ab1fa47667ad17da81dbf917de23f5248cb36Debian Linux Security Advisory 2723-1 - It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely.
5eb4558096f018f55bb641d30881cb44792c27980ef9cb7a5fa7ed75885fbf0bRed Hat Security Advisory 2013-1090-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
a3b4688f851d6898ccaab5569bbee67a2fe383fc6cbdc119e712e6320810a647Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4113.
d5d4e47648f1ebfb86bdfd934a4fae3bdbdeabda22ebceca0621c2a1c9d2ae04MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.
e7d1ebafa357dc3be45f9cf26f26f66c2a057c0cc51364b9154c4436a393da48Voice Logger suffers from a remote SQL injection vulnerability that allows for authentication bypass as well as an arbitrary file download vulnerability.
6dd5934f028b093d5d8bd5693b5f0b0569da00f3dbba65651175bba34bfcf673HP Security Bulletin HPSBGN02882 - A potential security vulnerability has been identified with HP Database and Middleware Automation (DMA) using SSL (Secure Sockets Layer). The vulnerability could be remotely exploited resulting in disclosure of information. Revision 1 of this advisory.
1c8aa47f9f2e09465ab06f9945672671893feca383420e5a612c31b0e69875aaHP Security Bulletin HPSBMU02870 SSRT101012 2 - A potential security vulnerability has been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized access. Revision 2 of this advisory.
a39e1e5022520740186ade11e6be3b34711c0b0948c29a2d7d5e7a42c5297b20The Samsung Galaxy S3 and S4 phones come with a pre-loaded application that allows for spoofing and creation of arbitrary SMS content.
de5e8b452ffe3b39a1cf8ac1351ee8616bf67fdf04eb175ac2a45a481240863dApache Struts versions prior to 2.3.15.1 suffer from code execution and open redirection vulnerabilities.
cfb047b4ebb0d3b89917486fe66d84f07ca4bcc5bdfe377bf3b3ee90d011ce92Red Hat Security Advisory 2013-1081-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
f9129cb7b162f33a50d0586fe43b9ef540311ae9b94fa4fadf255a67472c0415Red Hat Security Advisory 2013-1080-01 - Red Hat OpenStack 3.0 includes a custom Red Hat Enterprise Linux 6.4 kernel. These custom kernel packages include support for network namespaces, this support is required to facilitate advanced OpenStack Networking deployments. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.
1f6ec7f2b1348b3f77f691853c0661c2b6d8c71c0c15a9154155add5bdc0cc30Kate's Video Toolkit version 7.0 crash proof of concept denial of service exploit that creates a malicious WAV file.
67c470f887d0a666ab1d02341218d7300a3a1cc134aa2a732d995763227cb5d4Ubuntu Security Notice 1907-2 - USN-1907-1 fixed vulnerabilities in OpenJDK 7. Due to upstream changes, IcedTea Web needed an update to work with the new OpenJDK 7. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. CVE-2013-2458) Various other issues were also addressed.
ee7c3dad063c66f3fcb29977ac335a9fccb8ed9c785c0f351c718cd376bc5370Light Audio Mixer version 1.0.12 crash proof of concept denial of service exploit that creates a malicious WAV file.
c877efbdaffb2739770c88b26e45cb0a2f408187958b6199cd15d8ca84cea187Ubuntu Security Notice 1907-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. A vulnerability was discovered in the OpenJDK Javadoc related to data integrity. A vulnerability was discovered in the OpenJDK JRE related to information disclosure and availability. An attacker could exploit this to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.
1ad3edd6b52fc4bda88c057fb372ea41602e2d9426e0d7249af965f82f420ff6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed