Ubuntu Security Notice 2360-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
8df063b3cb939db382d3432ee23c8bcd73caea7a3cd58b252812d1a99c657ea8Ubuntu Security Notice 2360-2 - USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.
a55a4962a577d8dcb5a441b370937491b9b9fdb5894344155edfb3661a1dfc26Ubuntu Security Notice 2361-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.
0b164d83886f94da9bbceb2e461fb57b8928713d9bbb2d8fe7894da0839e1b98Red Hat Security Advisory 2014-1298-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.3.1 serves as a replacement for Red Hat JBoss Data Grid 6.3.0. It includes various bug fixes which are detailed in the Red Hat JBoss Data Grid 6.3.1 Release Notes.
77f8e8848f2af3253866e59b1a1259b83b7cd5ff39919c125a52301951c12da7Red Hat Security Advisory 2014-1297-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory.
e6a52a5860b1db89bab94e8df4cebd26369bf1a6fe701deae6b86897b2ad96c0Ubuntu Security Notice 2362-1 - Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.
38879f99144687f30726884eb5642eea192bbd07a6ce0db592a56ffdc7e29b5bWS10 Data Server version 1.83 SCADA buffer overflow proof of concept exploit.
a227c39064e66149b2e0e4bb39e15019fc146303af1110afbb8c02a974620e7d5pmweb.com suffers from a cross site scripting vulnerability.
44c1d53849693014d71a3e5d067e1538fe075a9353af17787fab810787c01387insight.ly suffers from a cross site scripting vulnerability.
7ccce86db3bea6965352f61c8695bcf45a7677abaa9756f4f9de035bd34465c9This Metasploit module exploits a flaw within the Device Manager (rrobtd.exe). When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary command injection. This Metasploit module has been tested successfully on EMC AlphaStor 4.0 build 116 with Windows 2003 SP2 and Windows 2008 R2.
3e993a7e854efa86fb910cf5ae6005aed96bf8fef7a6b5ff28fe00ff12003031This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.
2c87a396ae651d2548218234d6c075460d07bc9f8c985df84efe8276828e073eIt was found out that the application parser for SSH integrated in Suricata version 2.0.3 contains a flaw that might lead to an out-of-bounds access. For this reason a denial of service towards the Suricata monitoring software might be possible using crafted packets on the monitoring interface.
d9284970b7ebf84d7392e3f60e31b6673917978d712e1c5c6bc2048f65607f49X2Engine CRM version 4.2.1 suffers from a cross site scripting vulnerability.
1553980341872faee49549bbfd60e4d56207ceb47517d124f9a6b20c48de9053HttpFileServer version 2.3c suffers from multiple cross site scripting vulnerabilities.
2feb5ccca4ab293462a18355f56ef10135b82ba084f052bcbb31f14e195f9380iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
bc5e551ec5cf45782409f2f12f6dece5a828b5d3c81d2edc5ed907caa35aacc7ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.
64c062a17bef439d8105af12feae275a0e62d5b5549cb02f23b64c861a3692cbRed Hat Security Advisory 2014-1287-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
8df62525698bc6668060cc1b9b749fa9c3199a924d832bd499f7418d34dec723Red Hat Security Advisory 2014-1290-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements.
4f80131519fa532b2d939ededaed4995c7db19a53b730aec5e8cbebbbe84d586Red Hat Security Advisory 2014-1291-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.
ba67e16970bb0a46123e301e1f81f50c25821c0c92da96b2a81c3531ecce7e24Red Hat Security Advisory 2014-1286-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
b9b89d3bdf0d6dc5f868e4f4c0ca0b9c9b012be09000bcdd1cd915e646e3dbbeRed Hat Security Advisory 2014-1284-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems—such as multiple databases, XML files, and even Hadoop systems—appear as a set of tables in a local database. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Data Virtualization 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
7d9fe8f6f9c1f706a40f9442301f7e2f501859c472fa8d32b017decb12eaea2fRed Hat Security Advisory 2014-1285-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
10498041de84d4229d7b188aa858004477c478740f6176bd1e10893834c1c32bRed Hat Security Advisory 2014-1294-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
367558e0af4bea38e2153ee9ee9c6ce9ff57eb72553269ce1c96319107027e35Red Hat Security Advisory 2014-1295-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
0ab1587f987ce692a6ed8a870be5c168ea32c5c83293ed22e852410b266a93f8Red Hat Security Advisory 2014-1293-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
11602d72b531b9a3376befaf2f40d6b9bc9bb40b1d354a5986c1541d7c56f5cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed