Jamroom version 5.0.2 suffers from a cross site scripting vulnerability.
69198ff23705681ef817fddb29ab688a6d071258cfde047842f9549a92f07f01Enorth Webpublisher CMS suffers from a remote SQL injection vulnerability.
2a4d4a78c1f9a888d7edc2e0c312ab46840931deb7521259a00b5464e322bee9Wireless Transfer App version 3.7 suffers from a command injection vulnerability.
1ade7573e480c75df01672dcb5285dea035618c5fae35d80dd995362fb2fe116Dell Sonicwall GMS version 7.x suffers from filter bypass and persistent cross site scripting vulnerabilities.
ba4b237b2c6d40f4321bd55bbd8de613019ab4e747ca87417e922cf9f1d42657NagiosQL version 3.2.0 Service Pack 2 suffers from a cross site scripting vulnerability.
d3403503f1d3b37a9fa1ba38f4fa616cdea171703b1898b64152c55b074e9db0RedAxScript version 1.1 suffers from multiple remote blind SQL injection vulnerabilities.
6b8f36199e8357cbfbdbc3b62976f84893ecd710c4ba586c66a459357a175c5eNeoBill version 0.9-alpha eCommerce suffers from local file inclusion, remote command execution, and remote SQL injection vulnerabilities.
a6206ac0375cd11d4b17033ae59e79dc8053b70ceca001d1b28de6d6ca4d3332Red Hat Security Advisory 2013-1790-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An information leak flaw was found in the way the Xen hypervisor handled error conditions when reading guest memory during certain guest-originated operations, such as port or memory mapped I/O writes. A privileged user in a fully-virtualized guest could use this flaw to leak hypervisor stack memory to a guest.
a99cca04bfacd745abf8cc429f9c5cbb5dbebaecb29a1c66a8fd85e125eb867cRed Hat Security Advisory 2013-1794-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A flaw was found in the way Ruby on Rails performed JSON parameter parsing. An application using a third party library, which uses the Rack::Request interface, or custom Rack middleware could bypass the protection implemented to fix the CVE-2013-0155 vulnerability, causing the application to receive unsafe parameters and become vulnerable to CVE-2013-0155.
135a48c1e3f99b850c2d60c2cd13ef3f61d6a033ac26df2f0c0908db190de34aUbuntu Security Notice 2048-1 - Scott Cantor discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
c20f5794bb126d61a57266741ccbe80c44ddbf98c011ace3654bedddefc949e5Red Hat Security Advisory 2013-1793-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5 and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
901d7300e4cf735abb8748f82ce5a1f821de1a54f1d8f212cdd5f80a7fff856fRed Hat Security Advisory 2013-1791-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.
597e41819c618a7a2036b4981f741cf922fcb4e227d620ed1ada7986295500c4Red Hat Security Advisory 2013-1792-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.2 will be retired as of January 7, 2014, and support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.2 EUS after that date. In addition, technical support through Red Hat's Global Support Services will no longer be provided after January 7, 2014. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 6.2.
d7b2e335343665c1a475d8c30aa610ef208f0a8fffbf6a691ca5ceb61d11f780Red Hat Security Advisory 2013-1783-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible.
cff59b9f88b0673c0f659fb3e6ef8f092e408c092cba79fe92e8d1112298771eWordPress Easy Career Openings plugin suffers from a remote SQL injection vulnerability.
91e56fc15be49b466edd276517672364545b3333953f474d6514eecc08deb3a3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed