Ubuntu Security Notice 1906-1 - Yorick Koster discovered that File Roller incorrectly sanitized paths. If a user were tricked into extracting a specially-crafted archive, an attacker could create and overwrite files outside of the extraction directory.
583492944776fbd0fbf5cc8cbacdc74c2df30d412ffaaa166afb48b3960e0321rpcbind CALLIT procedure UDP denial of service proof of concept exploit.
b1f8e8ac62cc8aa90feb364db73662e95355e499461aacc4babe70c99e31dd2dUbuntu Security Notice 1905-1 - It was discovered that PHP incorrectly handled the xml_parse_into_struct function. If a PHP application parsed untrusted XML, an attacker could use this flaw with a specially-crafted XML document to cause PHP to crash, resulting in a denial of service, or to possibly execute arbitrary code. It was discovered that PHP incorrectly handled the jdtojewish function. An attacker could use this flaw to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
ca764260def9fed8a82b043ed86476cd75c73a0e28f0a9a7dc0438cb6d7963b2Red Hat Security Advisory 2013-1076-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS.
e514c34f443c7c63e0a1cb1c40019ce86c10b07bf91c91138fe0259c0e5141acRed Hat Security Advisory 2013-1083-01 - The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was found in the way Keystone handled LDAP based authentication. If Keystone was configured to use LDAP authentication, and the LDAP server was configured to allow anonymous binds, anyone able to connect to a given service using Keystone could connect as any user, including the admin, without supplying a password.
f7335f06806387494c444983aa45f063b423edb34d8f85e771e34b0897104964Red Hat Security Advisory 2013-1051-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service.
a8237bc5b0d4bf99427f678d7db474dc77cb9ba7060a71275ad8e94debf18eb2netsniff-ng is is a free, performant Linux network sniffer for packet inspection. The gain of performance is reached by 'zero-copy' mechanisms, so that the kernel does not need to copy packets from kernelspace to userspace. For this purpose netsniff-ng is libpcap independent, but nevertheless supports the pcap file format for capturing, replaying and performing offline-analysis of pcap dumps. netsniff-ng can be used for protocol analysis, reverse engineering and network debugging.
be656505a745b41a05dc5fcf746b167dbb7dce761520725f93f79d222c6e5357The Joomla Googlemaps plugin suffers from cross site scripting, path disclosure, denial of service, and XML injection vulnerabilities.
165dc70f4d8846397f4d21ce1f9794a33e98cb8d13ea08baf7996288d00ca669Debian Linux Security Advisory 2722-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service.
205d6ba45c2ac50e43f376f72ec9f52ae8f2d51b5db211236230f603843dfbefPacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
ec6fdbe005e9789f64a2eb59bce6ed0182b40f164f99fe7d0081355897a00e21Mandriva Linux Security Advisory 2013-196 - Updated java-1.6.0-openjdk packages fix multiple security vulnerabilities.
869b68c084c8fd4d72ae353a576a7c8617307bf7360d63d7816d3a7a235ee7d1Ubuntu Security Notice 1904-1 - It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. Various other issues were also addressed.
cd859ab9c1529eb842030310fdae2e007f5f2c595e947035ccee976394f0e6e5Red Hat Security Advisory 2013-1063-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
309505c2c8254540813cdaa10f7c8c273952f53f9b8394498febda01107705eaHP Security Bulletin HPSBPV02891 - A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure. Revision 1 of this advisory.
a13c78b7e9815f844c448c9eb92c69522b4f6a4f767e7c12192d6a9794671eefDell Kace 1000 SMA version 5.4.70402 suffers from multiple cross site scripting vulnerabilities.
f31d9466c071de7d9384679b764eb2b12bfadfa571627c915b0ffc7b94cf09eeUbuntu Security Notice 1903-1 - It was discovered that the mod_rewrite module incorrectly sanitized non-printable characters before writing data to log files. A remote attacker could possibly use this flaw to execute arbitrary commands by injecting escape sequences in the log file. It was discovered that the mod_dav module incorrectly handled certain MERGE requests. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. Various other issues were also addressed.
abd462126aebf1bb2c7fabc5c4f67e1480ea33b6a384117cb877b884bcb02807Olive File Manager version 1.0.1 for iOS suffers from arbitrary file upload and cross site scripting vulnerabilities.
4923d8db6286e1cf6917d43aa359d9d1dbc6d093111aca760cfae1f6c1112cbcFTP Sprite version 1.2.1 for iOS suffers from a persistent script insertion vulnerability.
b17f9f86c93c7d304115e7a035b5f7635cf9f925526f289c29667e10571460d8Squid version 3.3.5 remote denial of service crash exploit.
247867b58f499ec2f8cbd7f45618c22bc77cf0fc844f2741c42df41f4033fd68Eglibc suffers from a PTR MANGLE bug. All statically linked applications compiled with glibc and eglibc are affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. Proof of concept exploit included.
886e08b8e90e2d9b861f8e4dba2d25b994c4200f1929e01cc6bc74363c57f184Red Hat Security Advisory 2013-1062-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
d5af94336d7fe63affede3df98c2a9ba5b0b2fe4b757d285b2aa441de70ebcfeNikon CoolPix L Series Fw version 1.0 suffers from an information disclosure vulnerability.
00c5dc25f1958967070a5163d5ecb6dda8b5bb295f0fb9e5d15b3cce7642bdc8Barracuda CudaTel version 2.6.02.040 suffers from a cross site scripting vulnerability.
7c11db64cfe677974655ad7002705d5f2f7e6ebaafd849999276966c27b4d925GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
8f5ab28d2f9a943a9dfc50307c5daaf56b714386bbe85c9e2477e3573ce613f4Huawei E587 3G Mobile Hotspot version 11.203.27 is prone to a cross site scripting vulnerability in the Web UI. A specially crafted SMS can bypass the function used to sanitize incoming SMS messages.
373b9c30f4352d098058d5cab005e87b017ca30d8f579978bd5c62448923b344
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed