Easy FTP Pro version 4.2 suffers from a local command injection vulnerability.
2178256b7259da6d78d1b13ad9aa6f3fe662260ca4fbc583ae68c77f00a7b952Cisco Security Advisory - A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted EnergyWise packet to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.
430dbd9de9dded0ac140b94a4055dcfac1af2a1aaa425a4dc841405ab0e5ae09HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.
30ec904a6c5c9b83f25c8416bbe55a4e98f45470d07086d87abb9523fa9c1f14HP Security Bulletin HPSBUX03087 SSRT101413 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS). Revision 1 of this advisory.
1299cc2ae31937153cba3aee6893facc0a9857094409153f01cd2e09689e173bHP Security Bulletin HPSBMU03086 - A potential security vulnerability has been identified with HP Operations Agent running Glance. The vulnerability could be exploited locally resulting in elevation of privilege. Revision 1 of this advisory.
0cf1cbf3b16ad9fd0a88aa77283dd7c9500a919d5916810876309bc59c44bddeHP Security Bulletin HPSBHF03084 - Potential security vulnerabilities have been identified with certain HP PCs with UEFI Firmware. The vulnerabilities could be exploited to allow execution of arbitrary code. Revision 1 of this advisory.
a94581306701dcefe204f5404e4ddee6e10f3547928db03c798f84ff69d2b1e2Debian Linux Security Advisory 2998-1 - Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service (application crash, large memory consumption), information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed (CVE-2014-3512).
4b5ba9dfa84b23a549dccdd763c181521186cfd1c85de543dddad5497811bba9Mandriva Linux Security Advisory 2014-152 - Updated glibc packages fix various security issues.
1af4dd0481b68704f9834dcaded267af850671c47554214e2e8525fd040b7ae3Mandriva Linux Security Advisory 2014-154 - Steve Kemp discovered the _rl_tropen() function in readline insecurely handled a temporary file. This could allow a local attacker to perform symbolic link attacks. Also, upstream patches have been added to fix an infinite loop in vi input mode, and to fix an issue with slowness when pasting text.
c4bd4fe482bbb7c5ccb04b70fea9089926839667f7031e53dc607a03df3e976eMandriva Linux Security Advisory 2014-153 - MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash, XSS in mediawiki.page.image.pagination.js, and clickjacking between OutputPage and ParserOutput. This update provides MediaWiki 1.23.2, fixing these and other issues.
513361c65ef5d99f22a6620ffae991735d389fc7a0080d6d37d97c6015739699Mandriva Linux Security Advisory 2014-158 - A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. An attacker can force an error condition which causes openssl to crash whilst processing DTLS packets due to memory being freed twice. This can be exploited through a Denial of Service attack. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This can be exploited through a Denial of Service attack. By sending carefully crafted DTLS packets an attacker could cause openssl to leak memory. This can be exploited through a Denial of Service attack. OpenSSL DTLS clients enabling anonymous DH ciphersuites are subject to a denial of service attack. A malicious server can crash the client with a null pointer dereference by specifying an anonymous DH ciphersuite and sending carefully crafted handshake messages. The updated packages have been upgraded to the 1.0.0n version where these security flaws has been fixed.
0c47d350a43e9ef06283b3a0d86eb7459ba8b68df64c0a7b9834987b823bc450Mandriva Linux Security Advisory 2014-159 - Multiple vulnerabilities have been discovered and corrected in wireshark. The updated packages have been upgraded to the 1.10.9 version where these security flaws have been fixed.
c90e1f87859e1c81db16e96f93eb20e4d652cdff2453f047056b9eb8c33ca978Mandriva Linux Security Advisory 2014-151 - In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd. It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
7d4d6b6d830e0e917745ad8442f7a68ed02759bd672d8f5b73f660cc5ce1b6f0Mandriva Linux Security Advisory 2014-157 - In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page.
fc80b7b18d7e41be36ad38f07de86d6a805c1e245779095aa82725a259172c3dMandriva Linux Security Advisory 2014-156 - Multiple cross-site scripting vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5c357971e36c14c0414e50fb1b84990b5389afeb16fc2aa44da5c440edfa7d75Red Hat Security Advisory 2014-1036-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
b59a81b51c4dbe9fb7a6532643acd29ff1751eb119129dc989543b7f2841ca3aRed Hat Security Advisory 2014-1034-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors, and tag plug-in configuration files. The injected XML parser could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance.
3e502c379842f949aa84688ae16c32c5acda8edbb9f220f665768110cbd1d22bRed Hat Security Advisory 2014-1033-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
11b122597204cf67083aa35572399e4f5652d58b214ee7bce749f1045d4e96edRed Hat Security Advisory 2014-1032-01 - The redhat-ds-base packages provide Red Hat Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in Red Hat Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information.
506872f34ed2175877a921d0343c8c22b79f293d6c52209cde0c6c8f19aeda8bUbuntu Security Notice 2308-1 - Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. Adam Langley discovered that OpenSSL incorrectly handled memory when processing DTLS handshake messages. A remote attacker could use this issue to cause OpenSSL to consume memory, resulting in a denial of service. Various other issues were also addressed.
03bad2c5caba72992e90e3884ed995a197ef58b33d81447b1b69e27d4faf9d73Red Hat Security Advisory 2014-1031-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information. This issue was discovered by Ludwig Krispenz of Red Hat.
232a3ab8bc09b5613a88e852edfa64a3b9381f1aabacba19be75ac5e3769f85cMandriva Linux Security Advisory 2014-155 - Multiple vulnerabilities have been found and corrected in the Linux kernel. The updated packages provides a solution for these security issues.
6933b6a5b4497c29f0f7974ac259e33c762ddd57109d3af0dfff4e246b46004c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed