Symantec PGP Universal Web Messenger versions prior to 3.3.2 suffer from an unauthorized access vulnerability.
3232c190e9c3b61290c9500712c00ed512bdaaceabaa23ecf04aebb226a5dba7This Metasploit module exploits a vulnerability found in the command and control panel used to control Dexter (Point of Sale malware). This is done by accessing the PHP page used by bots to report in (gateway.php) which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot connecting. The 'page' parameter is used in this case. The command and control panel designates a location to upload files, and can be used as a reliable location to write a PHP shell. Authentication is not needed to exploit this vulnerability.
dce8241e9805e316fba94ae258cb1d530cdf76424afa2b06b216ab421407282cMandriva Linux Security Advisory 2014-033 - Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service via a long server name in the PROXY-CONNECT address in the command line. The updated packages have been upgraded to the 1.7.2.3 version which is not vulnerable to this issue.
abec99f3883ab46d466abbf1b96c480fe50c1baae17797d35de82ec45234cac2Mandriva Linux Security Advisory 2014-032 - The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. The updated packages have been patched to correct this issue.
92c35daa3ec0ffbce591b7131aece7d46e2073390c92cfedbba31c1c8da90fc0Mandriva Linux Security Advisory 2014-031 - The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. The updated packages has been upgraded to the 7.26 version which is unaffected by these security flaws.
38a8b456f1ddaea726c4ddda8c19d3cab055f6fca0243709c53c847616e62e95Slackware Security Advisory - New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
66cd1f4230fb7484ba0853348fbedf4f8fe9847826856451abeb3caf0e4ad540Slackware Security Advisory - New ntp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
f24dc5740ec0db7df6d2b7fa0393c41089456451df322b6e8e82a908e5b509dcMandriva Linux Security Advisory 2014-034 - The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. The updated packages have been upgraded to the 0.1.5 version which is not vulnerable to this issue.
11f41866c9ac0e18931739209b438667e222d055fc525a8992a226392b7e772bTomatoCart version 1.1.8.6 suffers from a local file inclusion vulnerability.
0db04e2aa39556df8a1625587d835afcc627d919a44f82e78ca794ed5802b291WordPress Better WP Security plugin version 3.6.3 suffers from information disclosure and cross site scripting vulnerabilities.
bafa2024f4c45430b34ad1a7bf7281c235b2ac9d77bc18d543a0ac4ec5aa3b0e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed