Ubuntu Security Notice 2397-1 - Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. Various other issues were also addressed.
c6836488ba9b315c0acc9539519ca430c5a9d0acf813d465e7842be1b16a917aRed Hat Security Advisory 2014-1801-01 - Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys. A local attacker could potentially use this flaw to execute arbitrary code on the system.
0171334d7aa257e314bc0281597d3f19bc1049a94ca6aa0907ff335730228390CNIL CookieViz suffers from cross site scripting and remote SQL injection vulnerabilities.
a3ee80db996b5bd9fb995e0f9252847de164ffa783138dbcaa3903ed3c68c427WordPress Clean and Simple contact Form plugin version 4.4.0 suffers from a cross site scripting vulnerability.
1d91c931536f21ad20aa07da813acd456f8bec8475ff5a7c8e9689ecb7f54edeSlackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
d3c71b025a3b1e6dfc9dadb71847ae462f344b75d906db67740555ed5fb2bc43Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
fc542a6844bc71539681d08a215682726893e38cf2a930a49816509dd8a9d931Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues.
ef4f7bec4d928e06aa1985f7624af077f8bba56afdf4aecfc2ea091ad2e74f54Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and -current to fix security issues.
91b7f27b2b81fcaee5d4e18fe8db2643b728ce24658f2588664513f954765a20HP Security Bulletin HPSBUX03162 SSRT101767 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or a man-in-the-middle (MitM) attack. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. Revision 2 of this advisory.
c51bd30a7372995a2a077c7720121ca3dfb8254c3036fbf6a8b37926e402e633FastHealth.com suffers from an open redirection vulnerability.
a2ce9258c491432b0530ccb81a9790670dd737647fbbd3a061366430a4c7fa9dvBulletin version 4.2.1 suffers from an open redirection vulnerability.
caadc2b166f96c7a9221e96f42422bc769f60592be2d4b33103897aa96623519Ahrareandeysheh CMS suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
063270c0fd80b56b2ba7447565f3a3f480ebdaa112d77f55128ab41aabf7baaeSSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
05c5417a42590ca3bba3ad30881484bc6f8f78aad1a422b3765409428a5e3f06I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
ecf74f36440d02ffe810e9f650adc0dcd959616899d8fc6fe372d5148af0398aSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bc02f3202d523737697840ab82b5fdafbf74b5a2901e2a56a23422ccab890b33EllisLab ExpressionEngine Core versions prior to 2.9.0 suffer from multiple authenticated remote SQL injection vulnerabilities.
54d576bf2854ade7d5e970b099908aa7fdc8da9bbb562477b70e54d0cf8bc273ImageMagick is vulnerable to an out of bounds read / heap overflow in the function HorizontalFilter() in the file resize.c. It is triggered if an image has dimensions 0x0. The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.
f7f73acba950fe2fcdd7e2d0fba2650f734595e55003788431688a9c2e9377d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed