wtmpClean is a tool for Unix which clears a given user from the wtmp database.
10f1c941b82e5c32941825b7f59e6704592032f477faeac4c08b3c40729717cbBlackCat CMS version 1.0.3 suffers from a cross site scripting vulnerability.
fafc7f992e0efbd75e5e5533c4fb06f99f20b956f59f1d75cf78cda120736a55MyWebSQL version 3.4 suffers from a cross site scripting vulnerability.
c326b1b1c6e29b10557668743504e265316bd636ca6c9186e0599a9ec5f36b8bWordPress Advanced Access Manager plugin version 2.8.2 suffers from arbitrary file write and code execution vulnerabilities.
003e5940849ab6a302ac199a8b2d726fb390bc112f79728c3bd20e043f321df8Mpay24 Payment Module versions 1.5 and below suffer from information disclosure and remote SQL injection vulnerabilities.
d66f449493790a1e98ef90672f5ab7b9b5deff6e10cb67a05b35be7af45b6a95Jenkins version 1.578 suffers from cross site request forgery and command execution vulnerabilities.
6363635fc4f8f8d1c6bf9fa96800d6fbc994b86e1aa1c70cb35bf5039f8becd3HP Security Bulletin HPSBGN03099 - A potential security vulnerability has been identified with HP IceWall SSO Dfw, SSO Agent and MCRP running OpenSSL. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
1db2c455fdf69b059f5b562b7718ecf7c607a40347a536b4ca82d10b18abfb32Mandriva Linux Security Advisory 2014-172 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service via a crafted color table in an XPM file. file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service via a crafted file that triggers backtracking during processing of an awk rule. Various other issues have also been addressed. The updated php packages have been upgraded to the 5.5.16 version resolve these security flaws. Additionally, php-apc has been rebuilt against the updated php packages and the php-timezonedb packages has been upgraded to the 2014.6 version.
b9ec681569fac685bfa6d31a9d2c25e37d33a1ade655ac8cb434db2d31a3b86dMandriva Linux Security Advisory 2014-173 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. Busybox bundles part of the liblzo code, containing the lzo1x_decompress_safe function, which is affected by this issue.
fcc34020e34e26f76b502247b86cf085a924a4ece4f9f27fb43b914bf781dc0bUbuntu Security Notice 2339-2 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.
af710e3a425b8f1c589dca591ed48217ca6b1b8d1215d50f09cc6edcc8c3e10eUbuntu Security Notice 2339-1 - Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.
4e60bdc46e0904e8a9e4971ee29d0296c4c6e8a01e589be8af695bfcee0875baGentoo Linux Security Advisory 201409-3 - A vulnerability in dhcpcd can lead to a Denial of Service condition. Versions less than 6.4.3 are affected.
9f8b7f79c1b29c58f8e5a9236074b6a2d86cc261cc470e1909ab69421f55a638Ubuntu Security Notice 2338-1 - It was discovered that Lua incorrectly handled certain vararg functions with a large number of fixed parameters. An attacker could use this issue to cause Lua applications to crash, resulting in a denial of service, or possibly execute arbitrary code.
742386c70e5001c109ed1b9fd23764fe2289037eeb35b4ae341694d1484682deDebian Linux Security Advisory 3018-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.
5e18bc92d20bfd76066eb3563739f7d1aff2f7637b2c0014c4bd952fd7436099Automated SQL injection exploit for vBulletin versions 4.0.x through 4.1.2 that makes use of a vulnerability originally disclosed in May of 2011.
691b034516fcf7b0dc620cf1bbe0d96a66eb11f10db88c4bdbdcd15c897165c9vtiger.com suffers from a persistent cross site scripting vulnerability.
1b9a321cd6f74e699037983b2c238616b8c4bb11438d63766de2df5e758a9107The recent release of Firefox 32 fixes another interesting image parsing issue found by afl. Following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with a simple <canvas> + toDataURL() harness that examines all the fuzzer-generated test cases. Depending on a variety of factors, problems like that may leak secrets across web origins, or more prosaically, may help attackers bypass security measures such as ASLR. This code is a proof of concept for versions prior to 32.
7c5c90b2004b180e2ba9b417077aadeb4d76b33775e460d93cce1e056c3e1b29Olat suffers from a persistent cross site scripting vulnerability.
a476d049a0c6d30f4f69fbe42db9b48cb8ad35e811be5397349505a7b9f6aacb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed