Mailspect Control Panel version 4.0.5 suffers from remote code execution, arbitrary file read, and cross site scripting vulnerabilities.
93840f05f3284db346ab563d9c92844b1815684ffd7b76a7df35d6f2fd20dc78HP Enterprise Maps version 1.00 suffers from an authenticated XXE injection vulnerability.
49cac9392e67761747314562b60d157df35c9cc117dcad5865d91f95214595b0WordPress Simple Share Buttons Adder plugin version 4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
9b7e8bd26dee08baac6ace569d5e3efc78505ee6d9b668bbb0577bd8be00f138Red Hat Security Advisory 2014-0799-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
0cd0550f77116d1c59d4591c717a83ad8cdbcaa969bb3bbe9aee718c1d4bb50bRed Hat Security Advisory 2014-0798-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
4027894893d78fcf6d51613b6eb6547eb5ddfe1627ca792ea319f27908c5bf31Red Hat Security Advisory 2014-0797-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an open source services framework, which is a part of Red Hat JBoss Enterprise Application Platform. It was found that the SecurityTokenService, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens.
05ee0efa8fd93561e6b04aa8dba65e5e2d2acb7ec219068a7f15f089b82cc7b0Gentoo Linux Security Advisory 201406-26 - Multiple vulnerabilities have been found Django, the worst of which may allow a remote attacker to execute code. Versions less than 1.6.5 are affected.
404e02910f0bba73ffd124d38235026d2d6b71b9979c90bfa6cd369b3b9e7d66Ubuntu Security Notice 2257-1 - Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
ee495aec8ec133e39c6bb8c1541534dba3717b1f8a19b4fd91f988c20373902fUbuntu Security Notice 2258-1 - Jean-Rene Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were tricked into processing a specially-crafted message, GnuPG could consume resources, resulting in a denial of service.
64ebbb4d63462023d548da35764df9fab01791f66fe49abd999b1c7d07f42781Red Hat Security Advisory 2014-0800-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. Various other issues were also addressed.
68b3fb1fb5d2a50a6aabb2fe63feed3bc724bdba866925293b9ec244d4b96131Red Hat Security Advisory 2014-0801-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free function) arbitrary kernel memory. It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement.
2d58046f306af9f0cc7dc7fd8e3bfda1967d5aa9658a9b13b62046678768bee4Thomson TWG87OUIR suffers from a cross site request forgery vulnerability.
95c9c6a1307d99533c4237f526c60deee7797da36e9b73b5208b2f1c3548557039 bytes small mkdir() 'haxor' and exit() shellcode.
bf2ab20d7cd87f06dd2d500a7dd63dfd9439ab284589c86cef4bc6ad5ac148faGentoo Linux Security Advisory 201406-25 - Multiple vulnerabilities have been discovered in Asterisk, the worst of which could allow privileged users to execute arbitrary system shell commands. Versions less than 11.10.2 are affected.
2f76e2b58cb0cbdbb77bba0f6a0aae5851cfc9aaac21444656a427bd4a831a5bThe Configuration Console of Sophos Antivirus version 9.5.1 (Linux) does not sanitize several input parameters before sending them back to the browser, so an attacker could inject code inside these parameters, including JavaScript code.
d5779939070931292b00a87c8ea949ce6bb287c59c479c89bc4cf5e8803265d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed