Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.
8d4c291abde8bba7e5f00f2280fc0bcd15d6a57a664e9d206fc17566399f7d6fSlackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.
42e86b23c5c42c1c2293aece44ea736ce80e7fbbf55df298c230be1f1a6bc079Red Hat Security Advisory 2016-0296-01 - The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.
33f627a2cd93446b36a77bf2e2d80c8c0986036c808f4d516649262a418ec657Debian Linux Security Advisory 3489-1 - lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default.
fc88a1fa23601fb407ecf1db601bf7b18c39dabde737a91f30afd206181614f7Debian Linux Security Advisory 3488-1 - Aris Adamantiadis discovered that libssh, a tiny C SSH library, incorrectly generated a short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits respectively. This flaw could allow an eavesdropper with enough resources to decrypt or intercept SSH sessions.
1988252901382621351e20121b78565f55bdb2d2c34f27c3e8ac0bfba280bda2ipset_list is a wrapper script for listing sets of the netfilter ipset program. It allows you to match and display sets, headers, and elements in various ways. Optionally, the output can be colorized.
7c0e0f1c240b0bab409ddff62f1d58e7a2af3946c198a88da78e4bc8f129cb76iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
3df050988c168ba8b69ab222f119edeb9969baa43ebb6bd589acaf09d121b9d2ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
25e06c5ddc6704c3182ef15077db6f3a133006ec2c1276f41403032fd715407fWordPress CSV Import plugin version 1.0 suffers from a cross site scripting vulnerability.
863e1032d1640aebfa24c19da831a78051d93f4903b0e68a3c869f3afc793193OpenAM versions 9 through 9.5.5 and 10.0.0 through 10.0.2 suffer from a cross site scripting vulnerability.
733a8d04f8cafa6811d950b5abe8bdd81bee1de0eb014f68a90053b49909b05dWordPress WP Advanced Importer plugin version 2.1.1 suffers from a cross site scripting vulnerability.
1b8f7c393fd5bfcc67c14b8eb5c2d1f72de2983a7826ed9a0b7c4695eac37754WordPress Extra User Details plugin version 0.4.2 suffers from a privilege escalation vulnerability.
f1d6b143ddf59b28109375dabf804a5de16504ba3016c474fc3de3e0ca85578dAdobe Experience Manager version 6.1.0 suffers from a cross site scripting vulnerability.
a54484ffafb491780a175c9a4691a07ca789395aac5a086de2cb09dd76ae94c9XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
e76427aab3dc3833b04e100ded60a2eb29b0f01256f63bdd522d21a5e322a603WordPress WP Ultimate Exporter plugin version 1.0 suffers from a cross site scripting vulnerability.
16c004fd9727443274406df89a6cdaa87f63fc7c1c2bf00b8e278750c2510f74WordPress Import Woocommerce plugin version 1.0.1 suffers from a cross site scripting vulnerability.
e1ebdab043cb433b08db920123aaf672c2c38a141cbaf95f44e861dc3301583fRozBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.
cd128fdb0719f9f0a5fc9b56517fee549a3bbce6ab7f755891643664f2240a7cCompass Security discovered a web application security flaw in the OpenAM application which allows an attacker to launch phishing attacks against users by redirecting them to a malicious website. An attacker is able to create a link that, when visited, will redirect the user to a website of the attacker's choosing once the victim attempts to login. This allows, for instance, phishing of user credentials. Since it is the victim who needs to visit the malicious link, this attack is possible for unauthenticated attackers who do not have access to the affected websites. Versions 9.5.5, 10.0.2, 10.1.0-Xpress, 11.0.0 through 11.0.3, and 12.0.0 through 12.0.2 are vulnerable.
88f9d412f3d250d135b3a6b3b9f26c0dcfeb53a8228338a90e7281309a6da7e9WordPress Calculated Fields Form plugin versions 1.0.x and below suffer from Http_only bypass and session hijacking vulnerabilities.
22fd62241b10270dd006f36d68ce4d0d900367987d8d02ce551d856593396acc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed