CNNVD.org.cn suffers from filter bypass and cross site scripting vulnerabilities.
ea97a2f0e9e90599d272a80276d4c4e7c4867e0356641442db74930ab6ce768bASUS routers suffer from authentication bypass and cross site scripting vulnerabilities, among the recent flurry of other issues that have surfaced.
6edc73bc09482eb4146ba7e7fb7884eac6f18e8dcfb66db1d1ad2bd22fd6087eInterWorx Web Control Panel version 5.0.12 build 569 suffers from a cross site scripting vulnerability.
955f6d56ae74fedcfe4e5e3b116ba99d361954921a81dec6f868f9a530f5bcfaSlackware Security Advisory - New gnutls packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
b1bcf86b50f13945e4651ed0ce9e77e77e5768f77e86c3da6c298710f5d17100Red Hat Security Advisory 2014-0196-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.341.
03252ceafb915633f418a58306c46d3c67d076e73055b5e2d6fc69c4a5d1415cMandriva Linux Security Advisory 2014-047 - Multiple vulnerabilities has been discovered and corrected in postgresql. Granting a role without ADMIN OPTION is supposed to prevent the grantee from adding or removing members from the granted role, but this restriction was easily bypassed by doing SET ROLE first. The security impact is mostly that a role member can revoke the access of others, contrary to the wishes of his grantor. Unapproved role member additions are a lesser concern, since an uncooperative role member could provide most of his rights to others anyway by creating views or SECURITY DEFINER functions. The primary role of PL validator functions is to be called implicitly during CREATE FUNCTION, but they are also normal SQL functions that a user can call explicitly. Calling a validator on a function actually written in some other language was not checked for and could be exploited for privilege-escalation purposes. Various other issues have also been addressed.
c056bd5ca9b35038413312e652959f8070f5e5ff57a1435e0827ea375cacaa0aGentoo Linux Security Advisory 201402-26 - Multiple vulnerabilities have been found in libssh, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 0.5.3 are affected.
54bc1c3293e955ccb3036adb8153e9f984fd1924bbf3e67b7588d7e7d05af3f8Gentoo Linux Security Advisory 201402-25 - A vulnerability in OpenSSL's handling of TLS handshakes could result in a Denial of Service condition. Versions less than 1.0.1f are affected.
dc177282d243b8879ad0b5b085aa003520dc2c9504ed6635ff0590bdc37c0499Gentoo Linux Security Advisory 201402-24 - Multiple vulnerabilities have been discovered in GnuPG and Libgcrypt, which may result in execution of arbitrary code, Denial of Service, or the disclosure of private keys. Versions less than 2.0.22 are affected.
b179c24948b12fd20220e710cd0fc8df88dcb5a2e4985677436d991735781ae4Gentoo Linux Security Advisory 201402-23 - Multiple vulnerabilities have been found in libXfont, the worst of which allow for local privilege escalation. Versions less than 1.4.7 are affected.
1cfd0d5f0fb45806d0f2f9036f3ae48ed7e9656364f91bdf2bfb40c33c748933Gentoo Linux Security Advisory 201402-22 - A heap-based buffer overflow in TCPTrack might allow a remote attacker to execute arbitrary code. Versions less than 1.4.2 are affected.
ed7d1c7c7983fbe5c6a0fc0434bd45572d8a04b05d945a883f877ca58302826dGentoo Linux Security Advisory 201402-21 - Multiple vulnerabilities have been found in libTIFF, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 4.0.3-r6 are affected.
707bad1294ac3b0a266eaeb2ec4cb55aa7008c0ab780cd9c1f258db6072baa3aGentoo Linux Security Advisory 201402-20 - Multiple vulnerabilities have been found in KVIrc, the worst of which allows remote attackers to execute arbitrary code. Versions less than 4.1_pre4693 are affected.
c61e316675969c2cfb76e436110b34ef9afcd12d0323484e5485524a38a3a01eMandriva Linux Security Advisory 2014-046 - Cross-site scripting vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. This upgrade provides the latest phpmyadmin version to address this vulnerability. Additionally phpseclib packages has been added due to new dependencies.
5499c576a7df330914ff676519142bf62bd04f5f2be1cdd03102f3ae2e614994Gentoo Linux Security Advisory 201402-19 - A buffer overflow in libtar might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.2.20-r2 are affected.
551d7905d4ffe777cd040b0ada4455c1bf57e0d94c1391a2b1c629e783ccfac8ATutor version 2.1.1 suffers from multiple cross site scripting vulnerabilities.
7772d5d04726dc9eca9f992b4b09c7718cd6b7879c83584b7b588b41971c633dApple Security Advisory 2014-02-21-2 - iOS 7.0.6 is now available and addresses a security issue. Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
cde1d10d64b0767872cce08826488246a3000f833e12e93ab69299851856330fGoogle's public data explorer suffered from an XML external entity injection vulnerability.
f1f93b1a77eeff328b95a62faf8d24425b8847dd2d7576805d6e28322cdc50d6Embedthis Goahead webserver version 3.1.3-0 suffers from multiple denial of service vulnerabilities.
44cd51d338e32d88e1eaa567a6bbc3e1b11cda0771b9da276ef085ebd630834fBarracuda Firewall suffers from a cross site scripting vulnerability in the exception handling functionality.
dc40815561f66aa5a2bb21a7ca2b1f03cd6c36a9519c40953253af410f5f16d2Multiple stored cross site scripting and cross site request forgery vulnerabilities exist when parsing user input to several POST parameters in Stark CRM version 1.0. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user's browser session.
8c7cb8470dd05d45f08a3c8bf719e35d3641de67c99f53df0cf0f5d685cf33c5AdRotate version 3.9.4 suffers from a remote SQL injection vulnerability.
e266028eac942f15f6d5c12f24958ce411494ef2b61a024a7a8ebda861c5fcd0The HITB crew is calling on the community of hackers, makers, builders, and breakers to send them their 30 minute talk abstracts for consideration to be included in the 3-day single-track agenda. Taking place at De Beurs van Berlage on the 28th, 29th and 30th of May, this single track, like the Haxpo itself, is completely free to attend.
5a94102535da35547f397090f1530a04aa901fc426aee761e1b4a5b78ed40e53Barracuda Networks Web Firewall X300 suffers from multiple script insertion vulnerabilities.
36ae852bde5cb477c4ae3614c988ae04b0ae0022389592cbd8ba055f726c683fEgroupware versions 1.8.005 and below suffer from a PHP object insertion vulnerability that can allow for arbitrary file deletion and possibly code execution.
6acf0c7bb78bf16c4e7a80bf94295df8ed76adf8b9f716ddf1396c8f075f25e8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed