Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.
572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6bCIK Telecom VoIP router SVG6000RW suffers from default credential and remote command execution vulnerabilities.
3d60036023d39de042bb902b702af332a92465cb7c101f6e34a07aee126705c5Red Hat Security Advisory 2014-2000-01 - Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. This issue was discovered by Elliott Baron of Red Hat.
aeca17094bb56abecbd3f12a0b0b346a3d837163e0c5bf0e8cd9cb1cd587566eKonakart CMS version 7.3.0.1 suffers from a cross site scripting vulnerability.
44576257b6b465e0aeaec73a87765dd5657a1bf9c8d5dc1cb9a9f06fe0290513RSform!Pro versions 1.3.0 and below suffer from a remote shell upload vulnerability.
72319f37657e3ffbf18c3ee7f8cd880285e32e0cce5cd6babe2185cf1068f2a2RStickets! versions 1.0.0 and below suffer from a remote shell upload vulnerability.
b53c228a0ee7cc0f11b1201eab5c487dad45beaaf327134c1d88aa7bcf5f863bEttercap versions 8.0 and 8.1 suffer from code execution and denial of service vulnerabilities.
c3b781745f88cbd862cea63d2dda4901f96f9929928278c03b1c679d2601df98Elefant CMS version 1.3.9 suffers from a cross site scripting vulnerability.
55f849818464fd08ac27f9a2972f675a42d4ade6169ba99a04fea74e8d12420bArris Touchstone TG862G/CT suffers from a cross site scripting vulnerability.
ead08de5941f9903987136a17f510532192f42e31b904847e66f4d06640a9611Arris Touchstone TG862G/CT suffers from a cross site request forgery vulnerability.
2a82373f66affb49b6bfa467e5952fd04a9cd14179793ba072610383123dc973iWifi for Chat versions 1.1 suffers from a denial of service vulnerability.
3cab99079172c9e06514750282830fd8acfb059162cad3a99c24f705cc4e0a7biUSB version 1.2 suffers from an arbitrary code execution vulnerability.
b6a1a01769bd3f9334306167f581916259ec39c95f87d805b9060d1ee01766fcRed Hat Security Advisory 2014-1998-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
885c454e2df45f10d3dd5faa7793cbefdc2fe5c65b5a3e5121114ffc38dd334bRed Hat Security Advisory 2014-1999-01 - The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-". To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses.
550a292aa61b5f7a074e345298a0cd0059f2754363fdcbd0de30b1f3ff6b3bc4Red Hat Security Advisory 2014-1997-01 - A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.
9a42bc59092af16ac1038c9e5dce06d93b232fcce0c7a1ab4cb77a0af3e0b74cDebian Linux Security Advisory 3105-1 - Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the "mail" command.
3276ccbb50391322547e01d57c1b7e9bacbeee3a02b4097917699734e69e42daDebian Linux Security Advisory 3104-1 - It was discovered that bsd-mailx, an implementation of the "mail" command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute.
006d3763516e5cdc42e37f601fa0a12bc73a61ca2f541385a1185543a6bcf8e7Mandriva Linux Security Advisory 2014-252 - In the QuickDER decoder in NSS before 3.17.3, ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data. This update adds support for the TLS Fallback Signaling Cipher Suite Value in NSS, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0, mitigating also known as POODLE. SSL 3.0 support has also been disabled by default in this Firefox and Thunderbird update, further mitigating POODLE.
70a783dd698c32c35cc4ba737ea20e314d2dfed051a171704672b2b3fa1c0075Fuzzylime CMS version 3.03b suffers from a client-side cross site scripting vulnerability.
b03b03673686ccd16ead75ab8e0b9100792f4b1475e6cfa1c7142d96b8b58c33RelateIQ suffered from a mail encoding flaw that allowed for malicious script insertion.
1965f8f41f4b94ba228c1c5a7e705aaf4253a0394a33dde894eb206d9528a793WordPress A.F.D. Theme Echelon suffers from an arbitrary file download vulnerability.
0eaf643cace3cd4ee48bc42f9138192f2f3dbcf77a8c32224d60e11ac79ce0c4D-Link DCS-2103 suffers from cross site scripting and brute force vulnerabilities.
1b747820623f0f30adc18502d9d90b9a424d62981c4e8b89cb19fa11e3abed40CA Release Automation (formerly CA LISA Release Automation) suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Versions 4.7.1 Build 413 and earlier are affected.
0653e6f753223236bc7e18d2e1538e854fd0951b8c497541ffb7dc11afb28484
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed