GoToMeeting Android application (com.citrixonline.android.gotomeeting-1.apk) version 5.0.799.1238 is vulnerable to information disclosure via logging output, resulting in the leak of userID, meeting details, and authentication tokens. Android applications with permissions to read system log files may obtain the leaked information.
389df097f281daaa7d9dbb9c56c808dd4446da2ce103d5ebb8de28f30a998b7dWordPress SS Downloads plugin suffers from a cross site scripting vulnerability.
e7e32f80a9b115f22a4c04630e2287e8ec3e6d477abe62b6eeeca82b4b163304Simple e-Document version 1.31 suffers from login bypass, cross site request forgery, cross site scripting, remote shell upload, remote SQL injection, and various other vulnerabilities.
d8e915c9f3da5e00522f2f5a23346a479926590b24a8d0c3da5e67600297bd00WordPress Seo Link Rotator plugin suffers from a cross site scripting vulnerability.
396ce83d6ac42563fd0a710f4db39ced9b30c7118dc539f7f1e5c4936c37f350The whitelisting functionality in Apache Cordova/PhoneGap suffers from multiple vulnerabilities.
bf6c217f2c3f51ae1155eb33fcaa924979dee83db65e026dcd837d354f6d4dfbSkyBlueCanvas CMS version 1.1 r248-03 suffers from a remote command injection vulnerability.
edb1dc8edd44d6d33407ec7f1003b2866b604f61799c9db86b8103a2b24694b3Drupal version 7.14 EventCalendar suffers from a cross site scripting vulnerability.
1f3e58de44388bcc99c04ff88aaf23d52abd1dac99f452c857af5d0c9f80660eSSH Back is a set of shell scripts that assist you in shuffling an ssh connection over socat and ssl.
09af0387a939825a564d95498365c96e775d71722a4345510eaa553305ecb667Mp3info local buffer overflow denial of service exploit that spikes CPU usage.
b5deb6a792d6a949d3e5e679490e6aa9c87258ed31e39e318f17e5babbae1e81DAVOSET is a tool for committing distributed denial of service attacks using execution on other sites.
414e38c5d3ecc466d6afb732c1e3b474933f86631afb8d31464bcd5b0317d142pChart version 2.1.3 suffers from cross site scripting and directory traversal vulnerabilities.
b4febd30f5ce93221ca07adaa67509442b41b186e1b14b8debfe2154c84000b8Debian Linux Security Advisory 2826-2 - A regression has been found on the denyhosts packages fixing CVE-2013-6890. This regression could cause an attempted breakin attempt to be missed by denyhosts, which would then fail to enforce a ban.
1bbcb2ef9cd6819e795dc162ddb5c7da744ee0f48217762ade9f578929c5dbefMandriva Linux Security Advisory 2014-024 - Multiple buffer overflow vulnerabilities in graphviz due to an error within the yyerror() function (lib/cgraph/scan.l) which can be exploited to cause a stack-based buffer overflow via a specially crafted file.and the acceptance of an arbitrarily long digit list by a regular expression matched against user input. A build problem was discovered and fixed in swig while building graphviz for Business Server 1, related to the new php-5.5.x version as of the MDVSA-2014:014 advisory. Fixed swig packages is being provided with this advisory as well.
6996dd421efa9117f4b483fc6c479c51d2d2854a243ed739ddb0e740fc9be9d1Mandriva Linux Security Advisory 2014-023 - It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to execute arbitrary code.
91e13eb8f7923827c581c119376fd7f9a940365f7e3775d6636dfeb8210cd760Mandriva Linux Security Advisory 2014-022 - Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content.
a4e7b7f5fa921c10736f914500d3700c44b196142c7c1c7ad4fde57f33181a71Mandriva Linux Security Advisory 2014-021 - It was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it.
05feabcd42048ef05480549d29b92bb9644404398225353fca335e295da4c1c2JAMon version 2.7 suffers from multiple cross site scripting vulnerabilities.
05d3cecf7d59ce888a09043a4aa1af1988abd9d302ed9dd5da80c76ff2e50e0aUbuntu Security Notice 2089-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
df92bc480d2bbe6892b45b34f1f7ef44d0eca78db48442c04a95810382a58c45Ubuntu Security Notice 2088-1 - Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.
a0185fb2945b52f58676814f7c2d5a0d59a2bdc2468d9bf7fdbf55f2e85626b7Ubuntu Security Notice 2087-1 - It was discovered that NSPR incorrectly handled certain malformed X.509 certificates. A remote attacker could use a crafted X.509 certificate to cause NSPR to crash, leading to a denial of service, or possibly execute arbitrary code.
68b326ff5a9d1bc5579dcfa9d4d047a99dd6f38fdc19188032d750ad6a1721deDebian Linux Security Advisory 2848-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.
8de1a42f32bbbd17b73175f40ccc257f1623775f9476c9721e9cee2e5ee35c38Gentoo Linux Security Advisory 201401-26 - A vulnerability in Zabbix could allow remote attackers to execute arbitrary shell code. Versions less than 2.2.0-r4 are affected.
e0fb59bd4a266a7be27464719a779471253f871e5060cc531de6395af2005985Adult Webmaster PHP suffers from a remote password disclosure vulnerability.
5d256374da1c00ac65c89f84b2c767a7ce7a1f53d34c06fd56dd71fcdf7c38b1Apple Security Advisory 2014-01-22-1 - iTunes 11.1.4 is now available and addresses multiple security issues related to content control, code execution, and more. libxml and libxslt have also been updated to address memory corruption and code execution issues.
88e0818e053952a3bd2eb65f69993d1a072ba9bb5eaaa9ed5388a10cd7518e9eXOS Shop version 1.0RC7o suffers from a remote SQL injection vulnerability.
1e0e8100901e6b54d82414baef8ff4d635720aa18959798a0e446a285227c175
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed