Red Hat Security Advisory 2014-0908-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
ffbd23e1ffa92495eb815c4ce9fe146ac8dbf2ad7faab7a36f44fbff8b6e6656Red Hat Security Advisory 2014-0907-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine.
5d4dc327b258590b3b361bd36345fb85de08449993e8a79dc78af5a20677802dRed Hat Security Advisory 2014-0910-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.2 release serves as a replacement for JBoss Operations Network 3.2.1, and includes several bug fixes.
7af56d5dc9c292b2a0044d35f62a3d98324ab1a497e7002967f712beb2148fa0A race condition between updating httpd's "scoreboard" and mod_status leads to scenarios where a heap buffer overflow can occur with a user supplied payload. It can also leak heap and critical memory such as htaccess credentials, SSL private keys, and more. Apache version 2.4.7 is affected.
ee93437fdd7a87a46f45a1de0aa1d92409e430a87df1e246e818c6f4f25fa1ecMyConnection Server (MCS) version 9.7i suffers from a cross site scripting vulnerability.
5a16d17c8e73a4dfbe43b4d1e8e6c805b4f1e52f5f10b58566b5e4aa143981ceThe IBM 1754 GCM KVM suffers from code execution, arbitrary file read, and cross site scripting vulnerabilities. Versions 1.20.0.22575 and below are vulnerable.
34b46f6efc7a6f5be6994d9dd9ba60ffa5ba29218e6a3823dedc1b4384fc4d64Ubuntu Security Notice 2293-1 - Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
d0afde3f652695a582f8f83010eff7e3e04b687512bd57083978cd1bcf5e8994Debian Linux Security Advisory 2983-1 - Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting.
938dadbb8de11e8c9f694b1d0aa220d43066d093cbf3007b9fcf5251f03c8315Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.
331d4543cf61c142535437ee8da640bf5b3deac8ea9130d339f2b0c9876eec7bThis is a Metasploit-style module system specifically for XXE exploit code. This allows a common interface, including the ability to automate downloads of numerous files, or automatically walk the directory structure if the vulnerable system is based on Java.
2a7816d21a64e47351a2d07b9a62e0b2608e025ddb24e5a5ec4f745d5b82bbfbA vulnerability within the MQAC module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft MQ Access Control version 5.1.0.1110 on XP SP3 is affected.
ac6de6f3a8cc010f9936f8753463cdbb1d352b1255340abf3d899a75f1c67f7bA vulnerability within the BthPan module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Microsoft Bluetooth Personal Area Networking version 5.1.2600.5512 on XP SP3 is affected.
9520a3d17643c7ebf1130b867b4f899c083ee1d3103c9e343a9e895529ec8545Elasticsearch Logstash versions 1.0.14 through 1.4.1 suffer from a remote command execution vulnerability.
af4c8c7dd3bc0722d099ec0c672298ee3ab08240c306a42f89bf7e33cf00c9e4Tenable Nessus versions 5.2.3 through 5.2.7 suffer from authentication bypass vulnerabilities via parameter tampering.
33337334a513e4df4458a963f3444bbb96eb239bd1c02b33d1f2ff8080064786Proof of concept code for the MTS MBlaze 3G Wi-Fi Modem that suffers from credential theft, login bypass, password reset, and cross site request forgery vulnerabilities.
c237b06e1b37e1e0e5a7bab3e3cb3740e9813d5c396e49c2dd6218c589c8f199vBulletin version 5.1.2 suffers from a remote SQL injection vulnerability.
db8cf150020eef4c1a00944e82999c0b883bc572da700d8850068754842585aaWorld Of Warcraft version 3.3.5a suffers from a stack overflow vulnerability.
6c348ae053fb80af888cc9d1fe45f3ae586846d8bf805794fc5cc1a77e195153WordPress Gallery Objects plugin version 0.4 suffers from a remote SQL injection vulnerability.
303e8fce5b978c0a5f0a4342187a24f0b8a25adc008fa5057ac61f3fb16e685dSites designed by the Design Foundry suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
ac285e3041cdfdf4907dccb955ca1807933b3c910d7fea8386914ba076c0b995
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed