CMS Saurus version 4.7 suffers from a cross site scripting vulnerability.
c976c6baa79025033fb95b0d12b1014d81986b7c453a16543edf4263720be6dfFreeBSD Security Advisory - The input validation of received SCTP RE_CONFIG chunks is insufficient, and can result in a NULL pointer deference later. A remote attacker who can send a malformed SCTP packet to a FreeBSD system that serves SCTP can cause a kernel panic, resulting in a Denial of Service.
824eda45cddf866613c0fa7058809512cfb24cd0a5c87ec79135569a334f0747Hadoop User Experience password cracking script. Written in Python.
346c8debb6514dbf4ca115ad94a87c52957b2b54af20bc5ca235907b448747a8Whitepaper that provides an analysis of the Windows privilege escalation vulnerability as noted in CVE-2014-4113.
34ed90c2f2b6359caf15ad498e604c49bb3eb433fb57a74f048e4ce792eb1747T-Mobile Internet Manager suffers from a DLL hijacking vulnerability.
166dfceb43c6b95cb0dabb5fe01c754f2762e18cdfd8ecf6925606f53ee52fd3Ubuntu Security Notice 2487-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network.
977618fcde6fb14bb9e08695cbf23c0db9631a6d42f7460996b7515dc431b25bRed Hat Security Advisory 2015-0104-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit.
b1cca658d4b8f1fdf7bcc3b84f7d28ce7411a215dd2e3dc836aab539982213b3Red Hat Security Advisory 2015-0103-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 will be retired as of February 28, 2015, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after February 28, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to plan their migration from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.
28763e7aef77a0a6d56c094e5c660599d5c01b5b111a915ab16a7f3f16df2685Red Hat Security Advisory 2015-0102-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. A race condition flaw was found in the way the Linux kernel's mmap, madvise, and fallocate system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.
d6cb35f9eec16000c013c4d690821d03205cdba86b1d5048733ff6c4beccc835Debian Linux Security Advisory 3143-1 - Two vulnerabilities have been discovered in VirtualBox, a x86 virtualization solution, which might result in denial of service.
f1050808d1f6554b991987409e2d3f7e51d9567d16d64f3037ee3c32f9ea580fRed Hat Security Advisory 2015-0100-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.
f99e14e79ad38221edda7624248f82e2ac3c99c67404e44d0ef285df877f138dRed Hat Security Advisory 2015-0101-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
74405882e85d1ed82abffab2b60dc45d12f3952a92ab2a5fd816bee6b62ea845Red Hat Security Advisory 2015-0099-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.
07ae3d608c7bc928e164c5f0edd07d9fed0b40c519ef06bfed163e6e7f1b23faHP LaserJet printers with firmware 20130415 and below suffer from information disclosure and unauthenticated test functionality vulnerabilities.
de398ae4079091da76521d5c9f293e42efbd2443898883b6e4bd84295203ec2b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed