Gentoo Linux Security Advisory 201311-9 - Multiple vulnerabilities have been found in FreeRADIUS, the worst of which allow execution of arbitrary code or Denial of Service. Versions less than 2.2.0 are affected.
57bcce463337b741d7d21b72cef8fb2112833dc0e82e9e2ffac188cc8c2cd7edRed Hat Security Advisory 2013-1519-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
b7e3670d1883b8a69860346779ea0650b4c74cff69296f9794b964c54532bad5Zikula version 1.3.5 build 20 suffers from a cross site scripting vulnerability.
d4aa7a019d25c876743342db6f2f79b44ee7b8795498b59486f415c5a8de7698Gentoo Linux Security Advisory 201311-8 - A vulnerability in Netpbm could result in execution of arbitrary code or Denial of Service. Versions less than 10.49.00 are affected.
ea8452d7a1cee55fb0d6a0685cf72c7fe00baa2d82e6e1e8656247eb497acac8Red Hat Security Advisory 2013-1518-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-26, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.327.
178b171f3369f1af2726ea0d63663fd56d037b6043e9271330d369a6b06ba904Ubuntu Security Notice 2029-1 - It was discovered that Apache Commons FileUpload incorrectly handled file names with NULL bytes in serialized instances. An attacker could use this issue to possibly write to arbitrary files.
e46f28c46612b15cb45c3973ca0a42be6548193b0092ba892008a75ab4d2f9b3Gentoo Linux Security Advisory 201311-7 - Multiple vulnerabilities have been found in Blender, the worst of which could allow attackers to execute arbitrary code. Versions less than 2.49b-r2 are affected.
895983cec8d709bd182528490c8480f44f15829aec91e36fe248418bc732dbc2Debian Linux Security Advisory 2795-1 - Several vulnerabilities have been discovered in the lighttpd web server.
97f5377fa5f81c44691c211cbba072e5b63c58f1e78e4fb2f095951a55ecdee1HP Security Bulletin HPSBHF02939 - Potential security vulnerabilities have been identified with HP Integrated Lights-Out 4 (iLO4). The vulnerabilities could be exploited remotely resulting in Cross Site Scripting (XSS) or an unauthorized disclosure of information. Revision 1 of this advisory.
3888291bf876153209249206c85f63b50efba76aa74e3d2a2402421cca1fc42fLastPass suffers from container PIN and auto-wipe security feature bypass vulnerabilities.
e553b2ef39e91a61d36ce85dd65b50d74e4a10ec344dbac343f09847deddb505A persistent cross site scripting weakness has been discovered in the guest pass provisioning web interface of the ZoneDirector controller devices. An attacker with access to an authenticated user session with privileges for guest pass generation may cause certain malicious javascript code to execute in the user's browser with privileges of the user or the admin. ZoneDirector Controllers versions 9.3.x, 9.4.x, 9.5.x, and 9.6.x are affected.
d9fdcc876fdb2924d1ff1acb39eb8b431d9858e58ba9bb63afddfef5b1a68a58Bordeaux, Bulteno, Oxygen, Radial, Rayoflight, Reganto, and Rockstar WordPress themes suffer from a remote file upload vulnerability. This archive houses metasploit modules that exploits these issues.
22d89edcefa40f2e4c5a02d158b4a1dab6cbe9a532bae5bebe50cbf50b186e55Drupal Misery third party module versions 6.x and 7.x suffer from a denial of service vulnerability.
2dbacaa5074afcac5bea98ac5f26e51b44c1bb2fe470ed14db52df337f08beacToshiba e-Studio versions 232, 233, 282, and 283 suffer from a cross site request forgery vulnerability.
813b25171d5d0ee903faa0d349f7ab7458ca3298b27e86eb94edb42fed507bfcDrupal Groups, Communities and Co third party module version 7.x suffers from an access bypass vulnerability.
5534d53fdaf0ab5ad1c221bbf831f350d4927ba1423383b21c4974e91427dec0Drupal Revisioning third party module version 7.x suffers from an access bypass vulnerability.
a310c0a00913e9a0020fe05c25ea2ad4190dbaac412bf4800f58506a13bf4c70
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed