Gecko CMS versions 2.2 and 2.3 suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
641924170b5fe97cd5206e6af2553f0f88558b8ee8f4c7c4992e6781afd735d2Snom IP phones with firmware versions prior to 8.7.5.15 suffer from authentication bypass, command execution, cross site request forgery, cross site scripting, privilege escalation, and directory traversal vulnerabilities.
d2c2d58cc183daa4264d0d86fbef93c03c64a2d566cceec9002e366fbba704ddThis Metasploit module exploits an unauthenticated SQL injection in order to enumerate the Wordpress users tables, including password hashes. This Metasploit module was tested against version 1.2.7.
b0515350e4ccd496fb0e7266e0caa11158145540d2f845735488187df6eb3bf1WoltLab Burning Board version 4.0 Tapatalk plugin suffers from a cross site scripting vulnerability. Versions 1.0.0 and above but below 1.1.2 are affected.
5d11f55fff359670f82ee7eec867318f3c3de3d121e95796ea80115d45a95335Snom SIP phones suffer from a remote denial of service vulnerability.
a9dfc90dfa8c8f12d789e27b1c02092ea4dd4c2c8d05e6763b86969b623aaa28Various Corel software suffers from a DLL hijacking vulnerability. When a file associated with the Corel software is opened, the directory of that document is first used to locate DLLs, which could allow an attacker to execute arbitrary commands by inserting malicious DLLs into the same directory as the document.
3ed69590b68e44bc5711dfe4b54294c20f7bfaa50ab879dbe8a42222c370cc12Fork CMS version 3.8.3 suffers from a cross site scripting vulnerability.
46817a9716513fbf904cc210f681e8ee0de86e3cba3780ae82bde54b0f343ef9CMS PHPKit WCMS version 1.6.6 suffers from a cross site scripting vulnerability.
bc631a532ede7f396bf10e2908c4f90fd2b39943a411c0476b46853b7947dd90CMS Croogo version 2.2.0 suffers from a cross site scripting vulnerability.
72dc727c24b207af6f9830f6a67f552c49b56c411677bd6a256ced26cc2fda78F5 BIG-IP Application Security Manager (ASM) versions 11.4.0, 11.4.1, and likely 11.4.x-11.5.x suffer from a stored cross site scripting vulnerability.
16576032ddeda7555602b8798ffb21e9ce47e0cba867050f523c045d39124b0dHP Security Bulletin HPSBMU03230 1 - A potential security vulnerability has been identified with HP Insight Control server deployment that could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
2cf200a92faa51490db9c4c86755eb7cfda0237026046639b790c80cfbbfa5d3Ubuntu Security Notice 2468-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
b87ad3513b1b14897c08a8fa67c7f83ae209118a25480a7387424398b46ff1ebUbuntu Security Notice 2467-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
6db7378aa52f1ea3d0d471f8fffba697ae4faed7d96f6528cf50a5bb6e55846eUbuntu Security Notice 2466-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
72ab799039264b012fe56154c3779f8c3a2e0239f77320cbea5170fef033aff4Ubuntu Security Notice 2462-1 - Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. Various other issues were also addressed.
0f5da1d8a858a44a37ab039d7f2dbbccb1c46685351becb6ec3a4369a865c5f3Ubuntu Security Notice 2465-1 - A null pointer dereference flaw was discovered in the the Linux kernel's SCTP implementation when ASCONF is used. A remote attacker could exploit this flaw to cause a denial of service (system crash) via a malformed INIT chunk. A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. Various other issues were also addressed.
07d103f30d4ad42e9fbba5870ef5da6e4ed83ec02f5cd414821e6b547da1c15bUbuntu Security Notice 2463-1 - A race condition with MMIO and PIO transactions in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel was discovered. A guest OS user could exploit this flaw to cause a denial of service (guest OS crash) via a specially crafted application. The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. Various other issues were also addressed.
da3c2be0fdb5fdfe7f461298d822b706d3f2c2d489afa8457ad3302c94e57aceUbuntu Security Notice 2464-1 - Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. Various other issues were also addressed.
f75d7cc0dcd4758392f8801245cba456c9322b7d08a6a0f867821d681a4df56cHP Security Bulletin HPSBOV03228 1 - A potential security vulnerability has been identified with HP OpenVMS running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. Revision 1 of this advisory.
54602e8de35c6c47fc8c1b533278a3d28121a1b297a194088df4d09262b8ccc0Ubuntu Security Notice 2461-3 - Stanislaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.
94388bafb691cbdc91477eab2a842c6ff957d642eb82cd9053ce4d95dff49efcUbuntu Security Notice 2461-1 - Stanislaw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.
1912ea1c0b403d856ee57fee50e164735f11c6866145ffe051d0d6582aa36d54Ubuntu Security Notice 2461-2 - Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.
191712b310456bed505292d7ad3776e02d33b05d362fa3e709ea54c23a287610This bot code was liberated from the Lizard Squad.
1af299a269ffdb4461e181ca774fc307a592288ad4b3f6b93226c955eb9b8084WoltLab Burning Board version 4.0 Tapatalk plugin suffers from an open redirect vulnerability. Versions below 1.1.2 are affected.
78fe732207c7a2a7abef9973cb5872d91bd7f59448276755a433bc56b43c81caHeroku API Deep Dive suffers from a mail related script insertion vulnerability.
48ce32c2570d9291a426f6f4cf128d5da25797234ae385b612fd9ea3398f7d25
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed