Apple Security Advisory 2013-12-19-1 - An integer overflow existed in the handling of .motn files which led to an out of bounds memory access. This issue was addressed through improved bounds checking.
83fb4a6f570da86bd1acecf2795a558c8f827f1a3a1eadb210d497faad840f22RSA Archer GRC versions 5.4 P2 and 5.4 SP1 contain fixes for multiple cross site scripting vulnerabilities that could potentially be exploited by malicious users to compromise the affected system.
2ce8ca4e1e93acdd8a8433a7feff22bda50be99dc851f0979581da0574f407d2du Mobile Broadband version 16.002.03.16.124 suffers from a local privilege escalation vulnerability due to improper permissions.
2c70f2ccec1017caae9ab7e58c850bf30dd22596312e63d647efc6b69e032bccThe Apache Santuario XML Security for Java project is vulnerable to a Denial of Service (DoS) type attack leading to an OutOfMemoryError, which is caused by allowing Document Type Definitions (DTDs) when applying Transforms. From the 1.5.6 release onwards, DTDs will not be processed at all when the "secure validation" mode is enabled.
8718e8b28ba92f0c8d1021a89a00f91b0c89c346b43d6b5dba5031eb339cb16cMBB CMS versions 004 and below suffer from local file inclusion and remote SQL injection vulnerabilities.
398c2a077d4abbc969a441b3fd784add2425de7c3d23257f5dcdd5847b8a0415Codiad version 2.0.7 suffers from a persistent cross site scripting vulnerability.
6fd396ea8dd173caabd6c81d45224dd5d0b1746c6bb28918a6904caa9714cd8cCore Security Technologies Advisory - RealPlayer is prone to a security vulnerability when processing RMP files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing RealPlayer users to open a specially crafted RMP file (client-side attack). Versions 16.0.2.32 and 16.0.3.51 are affected.
138c669ee28a20c01fad95f2ddae01490a953b8043d0631d15f8c2f418a3d9c1HP Security Bulletin HPSBGN02950 - A potential security vulnerability has been identified in HP Autonomy Ultraseek. The vulnerability could be exploited as cross-site scripting (XSS). Revision 1 of this advisory.
e4fb0ebcfafaf42700c0a3aacf329b2205389329661f3cecad27218e4cb439bfDrupal Ubercart third party module versions 6.x and 7.x suffer from a session fixation vulnerability.
9ec60eea550b5d680533fd41cd5b758f5099d04826925243e66b12879d6ec282The InfoSec Southwest 2014 Call For Papers has been announced. The conference will be held April 4th through April 6th, 2014 in Austin, Texas.
339a930fc5b597160bf708c5dda8c237525d45a61ee405ab1c0dbb30e4ec22a5Song Exporter version 2.1.1 RS suffers from a local file inclusion vulnerability.
ea65da253d616e40f5ffe502874617705b1161d1a0b2f8c0e9df02a8b9936669WordPress Persuasion Theme suffers from an arbitrary file download and deletion vulnerability.
2a70725a6c45899c35c6c0202c7202b59dda01342cecd7705353378bc1f85037phpMyRecipes version 1.x.x suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
717dd33446428aed6b6a79a2fadd94fc507d0138e82b80c3ab389ab431f81f92Hancom Office 2010 SE suffers from a buffer overflow vulnerability when parsing the TEXTART tag in .hml files. Version 8.5.8 is vulnerable.
05541c8cc40849ea336d882d7811dc128a0cb46699ad4e48d5f4108d8f73f066Ubuntu Security Notice 2059-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. A local attacker could use this attack to possibly recover private keys.
16ac9e783f1fa692c48f7890174bad76117c06f8e39951e4f7f09ea68b7bdfafMandriva Linux Security Advisory 2013-294 - Multiple stack-based buffer overflows in file-xwd.c in the X Window Dump plug-in in GIMP 2.8.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a large blue color mask in an XWD file. Integer overflow in the load_image function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large color entries value in an X Window System image dump. Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an X Window System image dump with more colors than color map entries. The updated packages have been patched to correct these issues.
0c589706e06de2ee17c8adb14f2b13ecc5fc630ee2176e6b974e94db33c91251Debian Linux Security Advisory 2822-1 - Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.
66fcbb72905303854553c318110502945ae96573c41cae030df8ed60812bede3Debian Linux Security Advisory 2823-1 - Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code.
b8a639a177afca1986b40d6051d055f2f313629e9a1e2173c1b845c9f2956f34Debian Linux Security Advisory 2821-1 - Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.
2c2d8746bfc6dea5665e9588d1a565e9aff727d819902a5cb1828388f1e982a2Mandriva Linux Security Advisory 2013-293 - An integer overflow flaw and a heap-based buffer overflow were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
5e3bd9cac00599b26a7ec924df38599d0f1f666d992b0dd3e71b25bca6772aeaMandriva Linux Security Advisory 2013-292 - Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
53ecfaa26cc528aa74b8d4d52619c864a4263b41ba8d2f04813cc75c9f74c416Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the au1100fb_fb_mmap function in drivers/video/au1100fb.c and the au1200fb_fb_mmap function in drivers/video/au1200fb.c. Various other issues have also been addressed.
e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1Mandriva Linux Security Advisory 2013-289 - Possible security bypass on admin page under certain circumstances and MariaDB. The owncloud package has been updated to version 5.0.13, fixing this and many other issues.
2be9f28fc7baf97fcf0451a03c839ede1e68d3aff1131963db3c1c04ac9ef0e3Mandriva Linux Security Advisory 2013-290 - Kevin Israel identified and reported two vectors for injecting Javascript in CSS that bypassed MediaWiki's blacklist. Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users.
a043d15db222d711988b06beb8a88a68fdc48afb69eb8a49a4920d9ea05e5bc0Mandriva Linux Security Advisory 2013-291 - Multiple vulnerabilities has been found and corrected in the Linux kernel. The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. Various other issues have also been addressed.
e4a9556722b4bee5720cc309bc992b81c4ac568a9f675f7f404694d9b54048e1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed