s3dvt suffers from a local privilege escalation vulnerability due to a lack of checking the setuid() return code.
0a8c3b679a43618d9ffc8263cd5c4998800f72c4afbd6b76ebceaaf9c16532cbRed Hat Security Advisory 2014-0590-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
3ce09e0bbeeb6807c5f3a1b061e52b4fed2040dff175631e1dea9699fa8069a1Red Hat Security Advisory 2014-0591-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.
6e5aa47c9793de7bbc749ed60941233204e1aac6ba6a029a0ab7beec583f54f9Ubuntu Security Notice 2229-1 - Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a man in the middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
909640c0fc291193e5e61d9571f927ddf4e65f724d30fece71cc30df2475a8bfDCMTK versions prior to 3.6.1 suffer from a privilege escalation vulnerability.
e5daa4eb447688d47ee6554039d298426fdee9e6b9db86fd1833f9b82940238dXilisoft Video Converter Ultimate version 7.8.1 build-20140505 suffers from a DLL hijacking vulnerability.
9d010a0acfc983062ab447cbeaac928f56e1cce6c41aa73f7ae7b998328e425fSoftware made by Cetil but now distributed for free by the Brazilian government suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
43b8dc21aeb405e4b5208b0ce417048266d66db58b7bb5799ac9cdca9d81eaf1Digital Whisper Electronic Magazine issue 51. Written in Hebrew.
7d939903db20073d0eec06b6e28880dde07185d00ea9408a5b141ec6d6904da4Ubuntu 12.04 3.x x86_64 perf_swevent_init local kernel root exploit. Based on semtex.c.
fd9f72a2dd8542f0cfadb2584eac4af048d1bf2fa6f239359482f9522ecc290dEasy File Management Web Server version 5.3 USERID remote buffer overflow exploit.
b364c7edc6c03e244a4a4f0e0f4d9b842e07eab722f99c60858b54553b348888WordPress Participants Database plugin versions 1.5.4.8 and below suffer from an arbitrary remote SQL injection vulnerability.
bfc21df6b694bca18e519ca1846159aca72eb7d6798097b206b51fa8ad5cd048
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed