Samsung iPolis suffers from a buffer overflow vulnerability in XnsSdkDeviceIpInstaller.ocx.
b6d6a1c2a12ac249535847b900730cc7783217dd0b10561a9b461f6096e66d01Debian Linux Security Advisory 3164-1 - Pierrick Caillon discovered that the authentication could be bypassed in the Typo 3 content management system.
c7d416748a11a800ad18562734439e97fc5c7b23b11f531240da0f1795307876HP Security Bulletin HPSBPV03266 - Potential security vulnerabilities have been identified with certain HP Networking and H3C switches and routers running NTP. The vulnerabilities could be exploited remotely to allow execution of code, disclosure of information and denial of service (DoS). Revision 1 of this advisory.
1e5b7079d340789f718e38872fb41274da4f974274be3c825c5f3e12ddb930a8Clipbucket version 2.7.0.4.v2929-rc3 suffers from a remote blind SQL injection vulnerability.
f9100e2bf9451bea1a2cc28324f069af76f121782cfc3f115453c63ed3703a94PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a type confusion information leak in DateTimeZone.
960a07af7fc962fbbbd63879673d29572b4d34a6892640c9968ebecc39750216PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime.
a243dbfd64f8ccb636b6f3bfc76ae91d623d78d08de0e0aa1aeff9c533da6157PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
cc58ba4a1d07ec5ca49f517d759210bafd38a2e39191ea5182044edbd44c94adThis Metasploit module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.
194f0e7d20b41bd0f60332ef1dde95810fea4f44e8d6390c5cd8dd449d473c9bRed Hat Security Advisory 2015-0246-01 - OpenStack Image service provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more consistently than installing a server operating system and individually configuring additional services. It was discovered that an authenticated user could use a path traversal flaw in glance to download or delete any file on the glance server that is accessible to the glance process user. Note that only setups using the OpenStack Image V2 API were affected by this flaw.
4b10e1f36554d8953a3c5a43c497178ccb04e8fae974d0fddbfa4cf2f159ff12Ubuntu Security Notice 2504-1 - The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17.4 which includes the latest CA certificate bundle.
9022b804e945f154e3f6d1967e4ffa8b7d7349976e98ce2808681b930e35e1ddphpBugTracker version 1.6.0 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
80141a2040b6e83e1773fa82844b97f72955d8ce941b04a67be80c1a64d74097HP Security Bulletin HPSBUX03240 SSRT101872 - Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities. Revision 1 of this advisory.
abc2b7afc4f8f47e2bf3872b6662dfd3cbd30f380650ada88bbaf256a29a3160WordPress Easy Social Icons plugin version 1.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
fd957c35e50224cc064e2cf7276a9291121981439577b9efd85ab12f511589c2Debian Linux Security Advisory 3163-1 - It was discovered that LibreOffice, an office productivity suite, could try to write to invalid memory areas when importing malformed RTF files. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution via crafted RTF files.
cf591ba3144f2cc4d5e527fce22a32946a8b35589844e3ca830a1e843e8e4c34Debian Linux Security Advisory 3162-1 - Jan-Piet Mens discovered that the BIND DNS server would crash when processing an invalid DNSSEC key rollover, either due to an error on the zone operator's part, or due to interference with network traffic by an attacker. This issue affects configurations with the directives "dnssec-validation auto;" (as enabled in the Debian default configuration) or "dnssec-lookaside auto;".
712f536a8bf23bc5f8d33db7a0de53d43e7ac7b83f25eb9aa8ff4b95164b1dd54images suffers from cross site scripting and clickjacking vulnerabilities.
09c4abaa255db0a37a4f9f84e77c05b488e33ba4523376c67742e931a2cd42b2WordPress WooCommerce plugin version 2.2.10 suffers from a cross site scripting vulnerability.
3050b4f52a9bef799cfb09247cc5c4345f9a7d45e75923cfb83f6d4f552d9cffMyBB version 1.8.3 suffers from a cross site scripting vulnerability.
1d47711226472947526b8fac23169ceec888526e58a712734ce421ea17a18d26Hyperion is a runtime encrypter for 32-bit portable executables. It is a reference implementation and bases on the paper "Hyperion: Implementation of a PE-Crypter".
463693c779a9fe1609ab19cf5871b4c590340ef78f68ac0055a8b97792888187Ubuntu Security Notice 2503-1 - Jan-Piet Mens discovered that Bind incorrectly handled Trust Anchor Management. A remote attacker could use this issue to cause bind to crash, resulting in a denial of service.
896f3f1ebb14472afcabb7f719bd450e53bbba558630a1cb3030afc8ce469de1Red Hat Security Advisory 2015-0236-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes bug fixes, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was found that Apache WSS4J, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4J that rely on SAML for authentication.
a6ad49cfc9fa80817b40cd6dc90e6ccb53b55f47cc55c330a334b931986ef67dVarious Hybris Commerce Software Suite 5.x releases suffer from a directory traversal vulnerability that allows for arbitrary file disclosure.
17b94928a6a0b7178ed197b19f76f4af812b8e169995b757edc5833a7ce479d2The jQuery jui_filter_rules parsing library suffers from an arbitrary php remote code execution vulnerability.
131a9fd0e0fc4c224e84111b39ffb97b81febd81cf27c8d5d9d53012bf8b05a3InstantASP InstantForum.NET versions 3.4.0, 4.0.0, 4.1.0, 4.1.1, 4.1.2, and 4.1.3 suffer from multiple cross site scripting vulnerabilities.
198979dff8c07522717738454f6462a6ff57118fb83d630a79ed893092c24062Piwigo version 2.7.3 suffers from a remote SQL injection vulnerability.
4f89c8ae87708c11b47721a446fb545ef18c11237e913f40918d5b424441273a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed