A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested with VBoxGuest Additions up to 4.3.10r93012.
ed08fc54fb11f75fb8240f00e12ad3f0eb15c9ef81cff67a88e74e2b8793b557Ubuntu Security Notice 2312-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to expose sensitive data over the network. Various other issues were also addressed.
e3816f8c04ea2d8938354eb2bf7c96769ee3acaa5a8f4537d6a799ae59eeb90dCS-Cart version 4.2.0 suffers from a session hijacking vulnerability due to weakly minted session identifiers.
75b089cb05c7acd3308c73cf9aed379821ea108918fd45c8a1f4b82e65e09695GEL CMS version 4.0 suffers from a remote SQL injection vulnerability that allows for login bypass.
adce38f0b73c10b3b1fe34d367682cfe754530c4e55c16152797c3df8149dc48Opendaylight version 1.0 suffers from local file inclusion and remote file inclusion vulnerabilities in the Netconf (TCP) service.
b4c4f777d826b243c739648f5e37ec62fdf64c8901732abd6398dcdb787c830eAndroid applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. This release is an update to a prior advisory.
4e0dda886cea833a687c664d12a4435708cfcce65b89f11c91f68124746cc7f1HP Security Bulletin HPSBMU03089 - A potential security vulnerability has been identified with HP Executive Scorecard running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.
d854fc6c01d15af293b74d065d3d1747b841e3cac51232655a55481b5756ce47Debian Linux Security Advisory 2984-2 - It was discovered that the acpi-support update for DSA-2984-1 would make a laptop's power button forcibly shut the system down, instead of triggering the configured action (usually suspend to RAM). This only affects systems using the gnome-settings-daemon.
42557260d34d50a66f6fe09569e56e789759c32e94fdb6750ae406e5165eec71Gentoo Linux Security Advisory 201408-3 - A vulnerability in LibSSH can result in leakage of private key information. Versions less than 0.6.3 are affected.
8352f547da7a3cf848b8e227033600ae1aeea647697809d94f542b731d45e45aWordPress Disqus versions 2.7.5 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
2df5dbf30ee565d7f622d21cfbcd0f06f378ce8494ab640f6e97b5154395387eFlawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
bca7256fdf71d778eb59c9d61fc22b95792b997cc632b222baf79cfc04887c30WordPress CK-And-SyntaxHighLighter plugin suffers from a remote file upload vulnerability. Note that this finding houses site-specific data.
a56aed0703be5e8db85ed29cbd4c7ce15f30b85c42d4cc83cb27dde53df32e8cI2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
2216969ee7cb611f7fef701d5db08f6f40e9825e09684ad1a94dd08b031b6d5aSuricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
b6e554cbacb925bbcf88dd4554c9222b51b21796c39e198cdf5b0b9cdc1ed383
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed