High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in the database, and gain complete control over the web site.
cafb28bb825188284ca3e1bf56f3c9f0d39b3d6156ac9a33fbbe7021a4072fe2TigerCom iFolder+ version 1.2 suffers from local file inclusion and remote file upload vulnerabilities.
1267421c9bd551dd2e4b3f76da46d8d8ed467dcb04b8f564e7f3b243808ca0dcRed Hat Security Advisory 2014-0994-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles.
949f06302ebdd15da42d9c4bdee91521c3c370bd2d54ff6ea4bcf79a5f68e7edUbuntu Security Notice 2304-1 - It was discovered that kauth was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
7c89b70af19ac1649bedc4af2973ae7a0695ffbea57fdb9ce67c26a5df6ad153Ubuntu Security Notice 2303-1 - It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session.
eb7b8a8bb6ab99c23cd914fc4c3a266681936599f391e8324b01f671abd6a2a2Mandriva Linux Security Advisory 2014-144 - The live555 RTSP streaming server and client libraries before 2013.11.29 are vulnerable to buffer overflows in RTSP command parsing that potentially allow for arbitrary code execution when connected to a malicious client or server.
53dd71b46de909c852986127d7647538e45baf8456c5132bc8658a346d36743aMandriva Linux Security Advisory 2014-143 - Multiple vulnerabilities has been discovered and corrected in phpmyadmin. Cross-site scripting vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page. Cross-site scripting vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page. Multiple cross-site scripting vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted column name that is improperly handled during construction of an AJAX confirmation message. server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
b2f6ad263b0fb7a8fe5141ff3b59e1af4f3a8645dc84d6ed7677a33d39f72eaeMandriva Linux Security Advisory 2014-142 - A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the apache user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the DEFLATE input filter. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.
6643c25c7b920a477f9ecad591516b72e4c07aed6b35d1aaad3b6ab25aeab395Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
df2e9477f2926984fc559873ae7cbcf63d051af14d6cf3d2cf202daa8d859fbcChrome EXIF Viewer plugin version 2.4.2 suffers from a cross site scripting vulnerability.
c644383ea97849908e0131845cba66ddbf35234494ffc174a6062b9d9ba9160a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed