FreeBSD Security Advisory - Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to run commands in addition to the desired SCCS or RCS commands.
a20c17eaa0d678a6581f823ffc677e815ad4e27a81210c150dd342d5e8c22101HP Security Bulletin HPSBGN03372 1 - A potential security vulnerability has been identified with HP Business Process Monitor. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
9b73db045d143da79cc2c0b338b19a878898416fc761a2f8ac5e5472198a95e2Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
47135340b739a1ab5941e190a120381ca58ea3ea6256090a806959d64b20f10eFreeBSD Security Advisory - A remote attacker can trigger a crash of a name server. Both recursive and authoritative servers are affected, and the exposure can not be mitigated by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.
846c53d6de99a6145a851883cd99b3ff6c32854a6c9e0c92a215d8bd9d16df91FreeBSD Security Advisory - OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts.
5a62702946b5a02f2793adee927547243f7fc23df83ae91a601fe9c2411fbd69OpenBSD local memory leak denial of service proof of concept exploit.
06d406bc1d28a340f4d6972266ba9eb949cc47eb9f49a4aec013a294a61bafe6WordPress Advanced Categorizer plugin version 0.3 suffers from a cross site scripting vulnerability.
6fadf0a68a68d7a2224dead0e386baaf4e4a60df0ceff53723283c9beb898aecWordPress Facebook, Twitter, and Google+ Social Widgets plugin version 1.3.7 suffers from a cross site scripting vulnerability.
3290a2bb90bb054c2c4c266867566c028da4101297cd2c8c4f96794c20e77af9phpFileManager version 0.9.8 suffers from a remote command execution vulnerability that can be leveraged via cross site request forgery.
fd512bf32f9f9fc9a3b430ad2e4494742e35537f8aa5ba31a79fa463585369d4Basware Banking/Maksuliikenne software suffers from hard-coded credentials, client-side auth checks, and other issues.
20e493f8d0e70a0df374b32c5df84932a6164d9879098f4b621ab7f348013a2bFreeBSD Security Advisory - There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. An attacker who can establish concurrent TCP connections across a sufficient number of VNETs and manipulate the inbound packet streams such that the maximum number of mbufs are enqueued on each reassembly queue can cause mbuf cluster exhaustion on the target system, resulting in a Denial of Service condition. As the default per-VNET limit on the number of segments that can belong to reassembly queues is 1/16 of the total number of mbuf clusters in the system, only systems that have 16 or more VNET instances are vulnerable.
4651dfbd0c91abc16de434dacb94a6bbd086b3657240c2386bbf868ee0921266McAfee Application Control version 6.1.3.353 suffers from multiple vulnerabilities including insufficient whitelist protection and bypass issues.
56a0d4447cb0bd7f7b3072dc871f8d24fc7433bff2511b0d379a1e91aadfd4dcWordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.
976c6087ecb03d8b8cae5e43e9e600acaa4392bab73a3bae21e132826b40badaD-Link DCS-2103 version 1.20 suffers from cross site request forgery and cross site scripting vulnerabilities.
4d98416040832150a16ffa2a1c213edb24bd98271d14dbe192d4aa550a9fd010Tendoo CMS version 1.3 suffers from stored and reflective cross site scripting vulnerabilities.
cd9b09823f3b4f903977a3d92b3b7084b6e40bcacb0756fc6aafefeeafb8108a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed