Slackware Security Advisory - New libxslt packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.
640e3e73be3ffe2c386f4c383d1ce10f3e47136935943c275815b90f8fcae037Slackware Security Advisory - New libxml2 packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
897ec1b06118a1abb82b30b33d29eec72b0476ee15fe9ac75c98b6bc949cd736PHP Real Estate Script version 4.9.0 suffers from a remote SQL injection vulnerability.
a3d0e8975de183eab61fd4e51fae11a0ffdb9ee0737e12c2b4f7dffaac28a836Joomla Simple Calendar component version 0.7.6b suffers from a remote SQL injection vulnerability.
909535d927b0a5f9ec70c23acbde120032291e1894baa58b23ed8900b178752eDebian Linux Security Advisory 3587-1 - Several vulnerabilities were discovered in libgd2, a library for programmatic graphics creation and manipulation. A remote attacker can take advantage of these flaws to cause a denial-of-service against an application using the libgd2 library.
f2f6c7f99cc86a7323da7dcfecc1fc94a9783d8e35c09aac160019baa2b5e88fEMC Isilon OneFS and EMC IsilonSD Edge include an implementation of the SMB protocol. This implementation is vulnerable to a man-in-the-middle attack that could compromise the affected systems. EMC IsilonSD Edge OneFS versions 8.0.x and EMC Isilon OneFS versions 8.0.x, 7.2.1.x, 7.2.0.x, 7.1.1.x, and 7.1.0.x are affected.
c0278601cfff1854895a73db496eef4ed12459478f59de882cd68c1c9b252e49Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.
cc15398ab11d0e8cb5fd8ef9052046e7b29bea4c4d0c3133e418bc99ac79897bApache Tika versions 0.10 through 1.12 suffer from an XXE injection vulnerability.
f33971406fb04b391007116a0482ffc39feb7e43a3c815760b26a24fb10693d3Red Hat Security Advisory 2016-1132-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries. Security Fix: It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client.
16f38212bccb8010e708385b790d7d201292446b0a15ee643f9c173716e06293HP Security Bulletin HPSBGN03610 1 - Security vulnerabilities in the OpenSSL library could potentially impact HPE IceWall products resulting in Remote arbitrary code execution or Denial of Service (DoS). Revision 1 of this advisory.
8cc009ba6907782d4fc8e5af2fb95027485e1b514a4e20492a5f84bc0bfb8b0bUbuntu Security Notice 2985-2 - USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. Various other issues were also addressed.
2a6f679b626f83a064fc3dc159f612a216d5445b2d132256da0fb78b6542247dMicro Focus Rumba+ version 9.4 suffers from multiple stack buffer overflow vulnerabilities.
b06940b609cc3f264b437346350d607cf47b03cc6ffea20d742ff4e2f5a403fbRed Hat Security Advisory 2016-1135-01 - Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database. Security Fix: A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.
f0d10c6351dc1ccb2185e7748a900ce9ee506c454465193932f6e7408d290666Real Estate Portal version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
132b0a88c9bf85e088ae6a14d8bc97646acfe63f65b9b9e78602d0d7fc6e2ff9Real Estate Portal version 4.1 suffers from a remote code execution vulnerability via a remote shell upload.
ee40d9bcfcc0351770d9249cb68627f2796fa878c95e2755270299d38b835caaEduSec version 4.2.5 suffers from multiple remote SQL injection vulnerabilities.
ae2fb04d350828c0760dafcadaba1d40df871f24f55e80016a0916e53bf4cf74HP Security Bulletin HPSBMU03611 1 - Multiple potential security vulnerabilities have been identified with the Matrix Operating Environment on Windows and Linux that could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Execution of arbitrary code, Cross-site scripting (XSS), Disclosure of Sensitive Information, Code Execution, and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.
07f921689053d6bedbb8e1f9fc233c8b5f70902577e1ef3c8ec264ef9e30544eHP Data Protector version A.09.00 suffers from an arbitrary command execution vulnerability.
d3f1ffffb6eef9ed7cc7377227cb355ba26d3c2faa89427fe68466377916027eGraphite2 suffers from multiple heap-based out-of-bounds reads in NameTable::getName.
92ab9355abc4162c25a4e991f02a788212ed2613a916de8407f6e25cdf93f470Graphite2 suffers from a heap-based over-read in TtfUtil::CmapSubtable4NextCodepoint.
98cd8ac56c6af770b144124e7601583c8dd096fb701d50c77d5360b3bb28df8eGraphite2 suffers from a heap-based over-read in TtfUtil::CheckCmapSubtable12.
58c3fb7cc8d374ea523d5d1fbab1d2bd4a2884405f2abe2286fb3debc7650ab2Graphite2 suffers from multiple heap-based over-reads in GlyphCache::Loader.
127c0edd9c9f390519bd49f2ac51e2b3b0141cf51884c49eb448cc2ef3f5bf76Graphite2 suffers from a heap-based buffer overflow in GlyphCache::GlyphCache.
2a0c07f2c58d2e743b626408cccb90b11cded9b5fe12088cbc47e41ea0aa7570HP Security Bulletin HPSBMU03600 1 - HPE Insight Control server provisioning has addressed security vulnerabilities in OpenSSL that could be exploited remotely resulting in Denial of Service (DoS). Revision 1 of this advisory.
341dae9f50ec43fb24b92ecde65911dbb8eba0c9ce6d5266796050698f106475HP Security Bulletin HPSBUX03606 1 - Potential security vulnerabilities have been identified in HP-UX running the Apache Tomcat 7 Servlet Engine. These vulnerabilities could be exploited remotely resulting in URL redirection, access restriction bypass, Cross-Site Request Forgery (CSRF), directory traversal, unauthorized read access to data, execution of arbitrary code with privilege elevation, or Denial of Service (DoS). Revision 1 of this advisory.
df62ff6655a43fb30ff150baa36bd88eeea1345a5f855edc60c502d45bb1d955
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed