Debian Linux Security Advisory 2741-1 - Several vulnerabilities have been discovered in the Chromium web browser.
bdd10a6aa033fcc7c6611dd7a8e6b25e019466b4bb621cfcb18e5dff400ad50dObehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.
d5574eb95b9c81f907d0fcbec02ac11f615600255a8fae6dcf88f94ba7394837xml2 Fuzzer is a fuzzing utility that daemonizes in order to fuzz the client side of a web browser.
6ce1679a18a737f7e82c37dd5a21cc85bfe82165cf1e8c95fb312c29f4e930d0The WordPress Post-Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
a27e312e77262e178eaa8ddeb54a389448031e07bf31d9f1a766423a417f183cApache Hadoop versions prior to 2.0.6-alpha, 0.23.9, and 1.2.1 suffer from a man in the middle vulnerability.
920b4b37291877975ac89ad350cad1cbc7140726f76783a940c8e7f9a30bb34bApache HBase versions prior to 0.92.3 and 0.94.9 suffer from a man in the middle vulnerability.
5cbbf2fbcb303a708f88f69ffb41c24dc8538ff7d51887f0601d19e0d147af31myBusinessAdmin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
61199fcdd72948288b6ed131c61a7639d0420c74ff9601b8ff95b0b0efc14215This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This Metasploit module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).
fdafe64c526b291f8bc73bfd5eb8e62b37efd1524e773b087d3cc9cb3a8c5297FreeBSD Security Advisory - When initializing the SCTP state cookie being sent in INIT-ACK chunks, a buffer allocated from the kernel stack is not completely initialized. Fragments of kernel memory may be included in SCTP packets and transmitted over the network. For each SCTP session, there are two separate instances in which a 4-byte fragment may be transmitted. This memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way. For example, a terminal buffer might include an user-entered password.
31263b7b248f107d5f7ed98d3b388e63dc69a3862d01f93e4c9b344f9c86de7cFreeBSD Security Advisory - An integer overflow in computing the size of a temporary buffer can result in a buffer which is too small for the requested operation. An unprivileged process can read or write pages of memory which belong to the kernel. These may lead to exposure of sensitive information or allow privilege escalation.
831fd4ba520eff2086ca0682aa7616522338d8662d219c74c434ceb7166343dbDebian Linux Security Advisory 2740-1 - Nick Brunn reported a possible cross-site scripting vulnerability in python-django, a high-level Python web development framework.
1671b9c95174b9e627098dc3bd5a91753223b915764d97e06efb1312af248f2fGentoo Linux Security Advisory 2013-08-04 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.23 are affected.
0540da72c54f57cbe5a156cdb95056d98fa489beca31a869e539fa0bb49ca073Mandriva Linux Security Advisory 2013-219 - Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted TIFF or GIF file that, when processed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. Pedro Ribeiro discovered a use-after-free flaw in the t2p_readwrite_pdf_image\(\) function in tiff2pdf, a tool for converting a TIFF image to a PDF document. A remote attacker could provide a specially-crafted TIFF file that, when processed by tiff2pdf, would cause tiff2pdf to crash or, potentially, execute arbitrary code with the privileges of the user running tiff2pdf.
abadfaec26a7eeb332d6857b3d9a3fda4971210c3fa04c79b7632f3de3d6ec6eSamba malformed nttrans smb packet remote denial of service exploit. This is the second version of this exploit that adds an automated offset and second argument.
9ffc449f91de8aebdf2d549084d0b7ded62399e2e6a995fffee9b45af3a36af1Mandriva Linux Security Advisory 2013-218 - The python-django package addresses a security issue. The is_safe_url() function has been modified to properly recognize and reject URLs which specify a scheme other than HTTP or HTTPS, to prevent cross-site scripting attacks through redirecting to other schemes, such as javascript.
1504a9f25eef5880d207471510df5d68d0689eb24ea616adf9a8ef6310edda32Mandriva Linux Security Advisory 2013-217 - Updated spice packages address a vulnerability. A user able to initiate spice connection to the guest could use a flaw in server/red_channel.c to crash the guest.
0141aa0c20e6ba7b8bc867edb78229f58246fea99e2959aac781d177685f0cecMandriva Linux Security Advisory 2013-216 - ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
e270d97c7c30cd1dfa32136b75cbfb5d2f2f8687db2bbac9746b8e5e5f17ef6aFICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.
a3b64ae17ac6373785bfcea917ed3efed819ce567e81d61f13690c93de1a211emooSocial version 1.3 suffers from cross site scripting and local file inclusion vulnerabilities.
f6d11b27cd9d0d5b9bcb61f738af8f5ae3e5d96e66ec3b7958aa519b6521ef89Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability.
44db748efe1afb0144c46a27348301fabb29af09798bbf1a847a659236ae224dCloudflare suffers from a cross site scripting vulnerability.
681015cc7dbb3e4d2e076c6ae25daf1f2af32856d530de408b2030a5a71a1587Paypal suffers from an arbitrary account deletion vulnerability that leverages unvalidated email account additions.
841c2aec9aded6aabc4378df632abfd8fa15c280ccb7f358a5f308e52fa80358GDD FLVPlayer version 3.635 suffers from cross site scripting and content spoofing vulnerabilities.
44f7dd1212681cf231fd4da478749b23c764aaaf54bf4e11341f3f140cfc4311VMware Security Advisory 2013-0010 - VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.
75310092496198f08a5f8a13a612852a0938bbfbb7b8f5a1b4e025180516c7f1Gentoo Linux Security Advisory 201308-3 - Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation. Versions less than 9.5.5 are affected.
0af6a1ac495592b06c6193c61dbd2103e6d15307eaa4f7913b78ebea124c01ba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed