iDevAffiliate versions 5.x and below suffer from a remote SQL injection vulnerability.
26ab2619923435710271391691fbf89cc5205e65a7c1e5123ca5a367e776fd43Symantec Messaging Gateway version 10.5.1 suffers from a reflective cross site scripting vulnerability.
e5603d99409476103f78311ef493f2d95d40d9bcf645e75379db4ed92b43ac48HP Security Bulletin HPSBMU03018 - A potential security vulnerability has been identified with HP Software Asset manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
332978aeae4871a3152a70a5202180bdb05e8d1bab52276229dfca74fca337fbHP Security Bulletin HPSBMU03017 - A potential security vulnerability has been identified with HP Software Connect-IT running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
eedf0b7a61c757e800c92074f51a4c6d976e18cc6856501acdf52c8e7f2f3e73HP Security Bulletin HPSBMU03019 - A potential security vulnerability has been identified with HP Software UCMDB Browser and Configuration Manager running OpenSSL. The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. Revision 1 of this advisory.
c477c805172e3484a7c8c365a44202e98084581b278701e1977105ff9030b9feUbuntu Security Notice 2169-1 - Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. An attacker could use this issue to cause Django to import arbitrary modules from the Python path, resulting in possible code execution. Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. An attacker could possibly use this flaw to obtain a valid cookie and perform attacks which bypass the CSRF restrictions. Various other issues were also addressed.
c06fe39660153662ccdc26aee4797b8b2cc6dc27ae9d5dcc5eacfa238b42bcacSlackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
c688410c854937e1a43a107261fcbb759d55218a6cd9f726b13c94f1a629dc79Slackware Security Advisory - New libyaml packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
67766d18c7be9bf99a4f145887c9b60870dbfefc692474bde2466c4d0a02c5aaRed Hat Security Advisory 2014-0421-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM in environments managed by Red Hat Enterprise Virtualization Manager. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
6bb6017ff037f6088c5db07a13171259bd985f61435dcf170ba95439f45a61c8Red Hat Security Advisory 2014-0420-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process.
5ff929048132cfe17cbd13f84dc1814a3f026c9794cbf817379cf915013f4b76Red Hat Security Advisory 2014-0419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system.
671b6cce6fddde41c73ae126802c85a3215d54ece7d82be64e6c0ae54cbef6a2Debian Linux Security Advisory 2911-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, out of bound reads, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
1c270a8efd85aadc9207bdba6fbb4a69a8079128f22ded1fffc00b71264ce953Sixnet Sixview version 2.4.1 suffers from a directory traversal vulnerability.
01cf2e952cb6e8a5f8d20f94845a9ada5d87bd828721483c34d78503bee0fea2No-CMS version 0.6.6 revision 1 administrative account hijacking and remote command execution exploit that leverages a static encryption key.
ff4347a0c66d027f8e6770f6cbecc86e96fb995315da7c1bc7cadc18a6e39c73Parallels Plesk Panel version 12.x for Linux discloses /etc/psa/private/secret_key as an MD5 hash allowing for offline attacks to crack it.
1445454f592a31c6187c107c5845c4007b83d4ca8f3adc887948aa9909a38116
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed