Red Hat Security Advisory 2015-1023-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
6eb794a5c0ab83b003193d853a129ca03eecc87bb5e448424373010f34554ed3Ubuntu Security Notice 2621-1 - Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. Noah Misch discovered that PostgreSQL incorrectly handled certain standard library function return values, possibly leading to security issues. Various other issues were also addressed.
698c9bbae93dfe50fd74e77f2fe4476beaa4cdf32cd2098bad76dae6f209aea5Debian Linux Security Advisory 3265-2 - The update for zendframework issued as DSA-3265-1 introduced a regression preventing the use of non-string or non-stringable objects as header values. A fix for this problem is now applied, along with the final patch for CVE-2015-3154.
3ed80bad260108444011947810e0434f6a3476ea2c1a354b05d75a8d188fe20bDebian Linux Security Advisory 3272-1 - Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of service.
0769bab7ebc694dbeaf6af932717a75df86598082acbabc2a20181b57e68e52fDebian Linux Security Advisory 3271-1 - Tuomas Rasanen discovered that unsafe signal handling in nbd-server, the server for the Network Block Device protocol, could allow remote attackers to cause a deadlock in the server process and thus a denial of service.
567fb50afd9751ca422d2bc84d615c534ab4290c75ef5d129abf23ad4e78b5edAcoustica Pianissimo version 1.0 Build 12 suffers from a buffer overflow vulnerability.
5b4e71656a5e56925fdd005d4978caf3ef93325e716e7619d25c2a02ea9be455Teampass version 2.1.26 suffers from a persistent cross site scripting vulnerability.
7a4a201a6f5ceb663b5f93b79a6632b544d658066bdff50e85aeb362619b26bbHP Security Bulletin HPSBGN03325 - A potential security vulnerability has been identified with HP SiteScope. The vulnerability could be exploited remotely to allow elevation of privilege. Revision 1 of this advisory.
f0623c7da0e57d8ed114c317df5465df0cd4cc455a883ecf6e80f8a1c340a140Bashi version 1.6 suffers from a malicious script insertion vulnerability.
712e2b7af451c8707b300f6092dfeea924aaf32185aec96947ad335dc5840e19WordPress Landing Pages plugin version 1.8.4 suffers from cross site scripting and remote SQL injection vulnerabilities.
38c93b584c4370e8a7448be532e3f9ddf49a3199592125e65aea3e71c9a0a8b1WordPress NewStatPress plugin version 0.9.8 suffers from cross site scripting and remote SQL injection vulnerabilities.
c21475a98b02c9872e5a37cf40c15b71b1986b1e59d0d40ea8f9648d635eb20dOATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
2346cb8a2fc75ea56934cb9867463001665772308f2d9e7fe487159d38960926WordPress Church Admin plugin version 0.800 suffers from a persistent cross site scripting vulnerability.
644b4b676956c1abe46ee05aed38b45a753085c0835c7ebf5f82dfeb84eae8ecWordPress GigPress plugin version 2.3.8 suffers from a remote SQL injection vulnerability.
c6416d8e44d2b5ff46c60336bc975b7742a4a66c4fe4b8de55f81ba500e1c382WordPress MailChimp Subscribe Forms plugin version 1.1 suffers from a remote code execution vulnerability.
582145284854aac7ad3c3a38aafe49d11fa99d1393cd594bd61e289d08ddb5c3phpwind version 8.7 suffers from an open redirection vulnerability.
2cfb428d9695da5e3fbaec0790c4d01de2be804abe377d5a13949da00f0523b1phpwind version 8.7 suffers from a cross site scripting vulnerability.
1604166fb1c18e5c1d11256ee06a7d58052ceebc51c063aba57f96fe039e1a21Vesta Control Panel version 0.9.8 suffers from a cross site request forgery vulnerability.
c2645b4a8ab272752f3327b66ce8adc1b4aa50f89c60265a5dccd5488f217b87INURL is a php tool written to make searching across multiple engines easier when researching web site targets.
46d0ecb060e9ed535e15234b1dd662cffc850ac87a4c0001b555c95e639dda2cWordPress Estrutura-Basica themes suffer from a local file disclosure vulnerability. Note that this advisory has site-specific information.
7e6fb03ddc410197b89cb711c3d7b49bcfd1effe84cbf71e952385fd8909c84aSITEFACT CMS version 2.01 suffers from a cross site scripting vulnerability.
25fc86df1f84c88ce94127d44b4351010b9f51233038fbac3801b2f2a88e0979UFONet is a tool designed to launch DDoS attacks against a target, using open redirection vectors on third party web applications.
8854c4ac73c3340e8df57a390b82f146de351b55103de03153e3838b80cd3341Gcon Tech Solutions version 1.0 suffers from a cross site scripting vulnerability.
78e2c8b0a4ea364a57ad54d204934326bc489abb43255c9176bf33aad8567441Gcon Tech Solutions version 1.0 suffers from a remote SQL injection vulnerability.
6ccc427f0a64e0f68d55e041ffc40efc5beee7b19b648e187aee34eae09cc753Ubuntu Security Notice 2620-1 - A flaw was discovered in the Linux kernel's IPv4 networking when using TCP fast open to initiate a connection. An unprivileged local user could exploit this flaw to cause a denial of service (system crash).
edd5f480421b210b457c2499a531a190bccab8ba2c8fbe7e2e7ed8ac17fa7415
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed