Mandriva Linux Security Advisory 2013-262 - In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal sensitive information or cryptographic keys to remote attackers.
5fc98e0d42f5fd76de60ac4145a29bc092240bcb14f6ed7ad75cba5b75bbecb6Mandriva Linux Security Advisory 2013-261 - Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59. Inconsistent delays in authorization failures could be used to disclose the existence of valid user accounts in dropbear before 2013.59.
aba56fe4695484e1274e59199138625389fdcdffdb016feda736408ca221f0e3Mandriva Linux Security Advisory 2013-260 - Multiple vulnerabilities have been discovered and corrected in x11-server. The updated packages have been patched to correct these issues.
50969d2a09bdf2e48ce14b12843f678f7e90396dd3d3c735132e96cfb2be5013Mandriva Linux Security Advisory 2013-259 - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
d73de32034766dc93737b3ea8cb07c6ae13f7aee39585ad2d16563b6745e2abbMandriva Linux Security Advisory 2013-258 - It was discovered that ICU contained a race condition affecting multi-threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
548ed919c730db114b9bd87b6261a35bd35e86d1171dfc5eb7b59850b01cd652Gentoo Linux Security Advisory 201310-21 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected.
ac99ffc7a59e19273c6f7c08c59b9e2e2bc135cfd07f27fd127001d0bd0ca8d6Gentoo Linux Security Advisory 201310-20 - A vulnerability in acpid2 may allow a local attacker to gain escalated privileges. Versions less than 2.0.17 are affected.
aabf1d5fd5c7875c07a261f92c1372e4e767ccd10a4f2bdc817de1fb02971c38Gentoo Linux Security Advisory 201310-19 - A path vulnerability in X2Go Server may allow remote execution of arbitrary code. Versions less than 4.0.0.2 are affected.
1b4d8c2d5d5e5cc903e0656136ff595271108c26520fa60e84ddf1fb892a61a6Debian Linux Security Advisory 2786-1 - The Google Chrome Security Team discovered two issues (a race condition and a use-after-free issue) in the International Components for Unicode (ICU) library.
fff614ff927cf78e679c00b762b70597a0e8fafbaa8f65901ab464f3c04fa797Gentoo Linux Security Advisory 201310-18 - Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to Denial of Service. Versions less than 2.12.23-r1 are affected.
dae2553c4427a86dc8b3c9a695288ffe228b8243b84bee882ce07c7536efbf41Gentoo Linux Security Advisory 201310-17 - pmake uses temporary files in an insecure manner, allowing for symlink attacks. Versions less than 1.111.3.1 are affected.
720961ebfdd7c172ab996cfa7fe9379f3ed54bc16906d9e466e5d2cf72806d13Debian Linux Security Advisory 2787-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.
16835cafc45de428b561f8da656aead6d60655755a053be0641fc356c2a3e1f6Debian Linux Security Advisory 2785-1 - Several vulnerabilities have been discovered in the chromium web browser.
48628ebb43be4560f718b05e27f8d8a4debb8f5353ec1e118afdb50298d992fdGentoo Linux Security Advisory 201310-16 - Two buffer overflow vulnerabilities in TPTEST may allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 3.1.7-r2 are affected.
8ea7d93b3f09f11db13f0a5774d837544a744a76e8540d8d14e2145af3fda22cvBulletin versions 4.1.x and 5.x.x suffer from a remote unauthenticated administrative user injection vulnerability via upgrade.php.
56d71874ee918e0adb9b0501022ef1127c5fdefdaf17dc30ef3b50197d6283f7The 2014 Symposium on Protocols and Rules for Security has announced its call for papers. This conference will be held from March 10 to 12, 2014 in Suzhou, China.
ae2674aa6a192148552feb9c35953da68b726d96381f026b36b2ef17fe634087VideoCharge Studio version 2.12.3.685 SEH buffer overflow exploit that pops calc.exe.
d27b5ed8cc328e282657f03687971424f237cd948b2fae44a499656a8a01baadHorde Groupware Web Mail Edition version 5.1.2 suffers from multiple cross site request forgery vulnerabilities.
8673f2fbe62fe700aec9d6ff06fc03cec542e451e35d65fa4c149331868f9a02Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security. Bricks is a completely free and open source project brought to you by OWASP.
8648e3ada70089bf4824eb36d5ce9c49c02e9aeef87efb5ec36e8151fb8972ddBackup File Finder is a discovery module for Recon-NG that checks hosts for exposed backup files. The default configuration searches for wp-config.php files which contain WordPress database configuration information.
e2a1b50ffde6e78f47fb1689941867580a665c3ad6ca97dc73fe66d832856946WordPress Curvo theme suffers from a cross site request forgery vulnerability.
5ff60ac7b29216353fb30ef419bb9de1554c55378b3babe5a55ed21ebf8be6aeInteresting File Finder is a discovery module for Recon-NG framework which checks hosts for interesting files in predictable locations.
ba1e26712709fcad3a38f2e0d4785244718cd606547b70a24fcd141746e55868PayPal's Shipping web application suffers from cross site scripting vulnerabilities.
9c4d2cb0b351592d3d9a5e20ce9df32095fe904a95ba829525059c28eafad531BalkanSys suffers from default credentials, arbitrary file upload, and open redirection vulnerabilities. Note that this advisory has site-specific information.
8f26c405b63c9567a1ce3478b4d6d560ea287f16b230a9696b659a3b5169206fWordPress MobileChief Mobile Site Builder plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.
82f649c8ad747842d6c10048a9dbcba503dcaf02a4f6bd9cfa8a8017df2d094c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed