Ubuntu Security Notice 2123-1 - It was discovered that file incorrectly handled Composite Document files. An attacker could use this issue to cause file to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Bernd Melchers discovered that file incorrectly handled indirect offset values. An attacker could use this issue to cause file to consume resources or crash, resulting in a denial of service. Various other issues were also addressed.
c15cd48bc8b2799f13c365755252a2482623291ddeebb7c5be3f90af4ec34e10Gentoo Linux Security Advisory 201402-27 - A vulnerability in pidgin-knotify might allow remote attackers to execute arbitrary code. Versions 0.2.1 and below are affected.
bd35a01c12edbb39efb00665101fb5625886d7cf8e22e46d5468af7c2c2f6b98Piwigo version 2.6.1 suffers from a cross site request forgery vulnerability.
9fa115551f322ba1a0b022b4e18de7ff9a95a261a5eb3f402337f5cf4f4d20a2CosmoShop ePRO version 10.17.00 suffers from an authentication bypass vulnerability.
9ca82553e2a91b39a4615aa811e754f8bc091c8b5bfe3f6def05090e26d88f4cWordPress Alpine PhotoTile for Instagram version 1.2.6.5 suffers from a cross site scripting vulnerability.
fb0e7ff33564e1c67c0ba31392952aafa3ffd8c78f14845e2a0d34d6165e9147WordPress PrintFriendly plugin version 3.3.7 suffers from a cross site scripting vulnerability.
0597b3f3efd8178b04551532352cc9d00f93f12822c84d0ab5fd356b6533aa61Drupal Project Issue File Review third party module version 6.x suffers from a cross site scripting vulnerability.
e28a6cbac52ea9062d475561ecd582132a19356c74b977a8f2c3c14fd96983e8WordPress mp3-jplayer plugin version 1.8.7 suffers from a cross site scripting vulnerability.
91b07fd21c45f1692daef0821fa7179eaedefe8e444588acf5a7ee01b5f84792WordPress BSK PDF Manager plugin version 1.3 suffers from a cross site scripting vulnerability.
5c5300181fb7e63a9409940bf6f5c2ca5a0fba53380dad56c2750875d79e9315Drupal Open Omega third party theme version 7.x suffers from an access bypass vulnerability.
3ffbc3e066436f401887a605bc6972b7273f85ee4b6ffcd592b9a0d7aa384779WordPress VideoWhisper Live Streaming plugin version 4.29.6 suffers from a cross site scripting vulnerability.
f31d3cbdaf63234b21c5fb7834cf22badf88ed91b40256060480d17b14fee27fWordPress Widget Control Powered by Everyblock plugin version 1.0.1 suffers from a cross site scripting vulnerability.
ba19ab112ca4f59177f954fde29f8db27ebda68e9b8957708911bfc40b9ad510GoAhead Web Server versions prior to 3.1.3 suffer from a denial of service vulnerability.
62316905684cbb42f570b049e4d87177417005d271d14da5f3b675df0a3f533aWordPress Post to PDF plugin version 2.3.1 suffers from a cross site scripting vulnerability.
dfe32028cb2dfb453144c718be3ef8f11ff9595e5a6081f52cc999718970b5fcThis Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xp_cmdshell is enabled in the included database instance, it's possible to execute arbitrary system commands on the remote system with SYSTEM privileges.
ef19d7abd0e99695337b2df4433d4785cfa21593bd61b704d3aa78a9d8ce5183Red Hat Security Advisory 2014-0212-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for Red Hat JBoss SOA Platform 5.3.1. It includes various bug fixes.
083d0305dc9b69b6fb620edee0c12f90b0c62b6152a1739f807e78fc9c42146cUbuntu Security Notice 2121-1 - Suman Jana discovered that GnuTLS incorrectly handled version 1 intermediate certificates. This resulted in them being considered to be a valid CA certificate by default, which was contrary to documented behaviour.
e31472c1008f49db136961e116376c9d6245bcd51804c58ec233ad40a1dc16b3HP Security Bulletin HPSBMU02971 - A potential security vulnerability has been identified in the Web Console component of HP Application Information Optimizer (formerly HP Database Archiving). The vulnerability could be exploited to allow remote execution of code and information disclosure. Revision 1 of this advisory.
7fa114f44e68956bc8ed3ff8e81ed51edc85fcef8252cb59af1e782d0de5c135Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
5f6e1facff15ba1522757d0f05523382784dbb613ed3191964599d233372cec2Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability via XXE when running untrusted web applications.
e5038c902c4a597115e468b2cd9304969026597458d6fd3280891c6e2c2d59dfRed Hat Security Advisory 2014-0211-01 - PostgreSQL is an advanced object-relational database management system. Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL.
b42104045524c5b6c7136d8eb51782dbe945f7f2d689f9496c733b7271a311baWordPress Zedity plugin version 2.4.0 suffers from a cross site scripting vulnerability.
bf216e13309ba2da46c46dfe289f9ead0670f5dc9fc964553aa0349e0959017fPrivate Camera Pro version 5.0 suffers from cross site scripting, command injection, and local file inclusion vulnerabilities.
17fb206f13e33a50cc85ae1512cbabef9096f351f2e53a74039828fd6491558dApache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from a denial of service vulnerability due to an incomplete fix for CVE-2012-3544.
8ac3ea938f07d2896bed13e92312af0a063d45b0633a23f122e4629acf2c3085Joomla-Base suffers from cross site scripting, XML injection, denial of service, and path disclosure vulnerabilities.
9c3d160db634706c722994d1718973ddd740dd54ab93bb856a71efe8bd1ddd6d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed