WordPress Google Doc Embedder plugin version 2.5.18 suffers from a cross site scripting vulnerability.
497e2ccda286e008626a60f9d575f4384dab4de0b541b70d5e96999e15ecd3c8u5CMS version 3.9.3 suffers from multiple stored and reflective cross site scripting vulnerabilities.
24e18cc135d4a2f8248c258a2866d2eed34630258bfab05d9a0ca4686c51dcdcGentoo Linux Security Advisory 201502-8 - Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 9.17 are affected.
8b25111daeecad86d923dea6ab62f2ab11b37e8fde0d7e62cded8470639bf721Gentoo Linux Security Advisory 201502-7 - Multiple integer overflow errors in libevent could result in execution of arbitrary code or Denial of Service. Versions less than 2.0.22 are affected.
bf14a652ac6ffd0e3ea97788fd3308684bf2220e01960169dc8aff07eb0adc67Gentoo Linux Security Advisory 201502-6 - An SSL session fixation vulnerability in nginx may allow remote attackers to obtain sensitive information. Versions less than 1.7.6 are affected.
29faa459c2b40ea3986840cd0476717e4e2d52fb4e0c7250621ba4aad858db0cGentoo Linux Security Advisory 201502-5 - Multiple vulnerabilities in tcpdump could result in execution of arbitrary code or Denial of Service. Versions less than 4.6.2-r1 are affected.
e0a490dd275c1688bb051b684d6d9d603df423956d39194a2ba5460ecdcaa5e1Debian Linux Security Advisory 3155-1 - Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system.
1e243ed46aafdd0c6949039689c4eb88cbe7b3931bea8a5d830b2c688764226dMandriva Linux Security Advisory 2015-037 - oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service via a crafted raw file.
68bd780b6d562051b12179c4a57f5f38c82ab20ffcf49b061676f53913d8b1deMandriva Linux Security Advisory 2015-035 - The XML getters for for save images and snapshots objects don't check ACLs for the VIR_DOMAIN_XML_SECURE flag and might possibly dump security sensitive information. A remote attacker able to establish a connection to libvirtd could use this flaw to cause leak certain limited information from the domain xml file.
c0d0fdf11463d788b243f4b3b8f4937a46d2c5452896e3d87ed2c7e1d2f09f49Mandriva Linux Security Advisory 2015-036 - Jedediah Smith discovered that Django incorrectly handled underscores in WSGI headers. A remote attacker could possibly use this issue to spoof headers in certain environments. Mikko Ohtamaa discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Alex Gaynor discovered that Django incorrectly handled reading files in django.views.static.serve(). A remote attacker could possibly use this issue to cause Django to consume resources, resulting in a denial of service.
212e2d83ea64299229d2b7ec344d965843afb8af3da853f762e1f9a4d5f63fb2Gentoo Linux Security Advisory 201502-4 - Multiple vulnerabilities have been found in MediaWiki, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 1.23.8 are affected.
704af9a91a2aea64b538f4720a85bdb013ce9b13608e52b9e5fa6b57e832eefdMandriva Linux Security Advisory 2015-034 - An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
6f2b9aa523a2e44ac7be5aad5e6ca8583c556a47f7de8a17e2f369b1ba6386a6Mandriva Linux Security Advisory 2015-033 - Updated java-1.7.0 packages fix security vulnerabilities. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Various other issues were also addressed.
de75c842108c6518b8c37fd7513f0640f18b98d5881b31b9651786b1e9dad5adDebian Linux Security Advisory 3154-1 - Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol.
dcbe226d406b61d19c8b1c51800dc375e88a1e0e32f9b1ca5fd3bcae98146a79Mandriva Linux Security Advisory 2015-031 - The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this.
7ffcb0404049f1aab91ea9e1205ee647979c657bccac06a41d752983b70e64a3Mandriva Linux Security Advisory 2015-032 - sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a.php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a.php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service via crafted EXIF data in a JPEG image. The updated php packages have been upgraded to the 5.5.21 version which is not vulnerable to these issues. Additionally, the timezonedb package has been upgraded to the latest 2015.1 version, the php-suhosin package has been upgraded to the latest 0.9.37.1 and the PECL packages which requires so has been rebuilt for php-5.5.21.
bbf5efb46d8541bd4023fe632610b7ca5406d789dcad020b27374e3c6f00750dMandriva Linux Security Advisory 2015-029 - Multiple vulnerabilities have been found and corrected in binutils. Multiple integer overflows in the _objalloc_alloc function in objalloc.c and objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow. The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service via a small S-record. Various other issues have also been addressed. The updated packages provide a solution for these security issues.
bda0d61acbd6391b49dc2d370ec31108f30c2494d31e11439d5f07d72c954071Mandriva Linux Security Advisory 2015-030 - Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes.
acea29f59c141edc8ada636ab2ce9dbf146a254ce6ee6a3acd2dc28718b5b2c0Gentoo Linux Security Advisory 201502-3 - Multiple vulnerabilities have been found in BIND, allowing remote attackers to cause a denial of service condition. Versions less than 9.10.1_p1 are affected.
29996efc17656791f375ebed3e7ae8acf9c6003f05f2581f63f8031372d6ef5aGentoo Linux Security Advisory 201502-9 - A buffer overflow vulnerability in Antiword could result in execution of arbitrary code or Denial of Service. Versions less than 0.37-r1 are affected.
2198c6370eeb93248d3bea210c3784731d340e31da122180d580be4ae04cca5dChemtool version 1.6.14 suffers from a memory corruption vulnerability.
0f1baa44fefa1cf53f3f39ec07685a1b07441ee0b1a2c92b40091dca4247425bWordPress Redirection Page plugin version 1.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
8708e64c5d3cb9316c397f0b2945cfe98631e0b256cf9d8a44f41d8430029ce5WordPress Spider Facebook plugin version 1.0.10 suffers from multiple cross site scripting vulnerabilities.
05c4987140e7f12d38505e7a14c7e9256274ef46f188e1ab56081077a84daa69WordPress Cross Slide plugin version 2.0.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
caa03a6c9a143215c1d4269bc414496575d0db2bc33a311b7242be9b1c50217cMooplayer version 1.3.0 .m3u structured exception handler buffer overflow exploit.
eec4dc4d9f3e8684c1cc6b1b014bde1cf268832a90cc5b754c2528754a1f0c87
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed