Ubuntu Security Notice 2549-1 - It was discovered that the libarchive bsdcpio utility extracted absolute paths by default without using the --insecure flag, contrary to expectations. If a user or automated system were tricked into extracting cpio archives containing absolute paths, a remote attacker may be able to write to arbitrary files. Fabian Yamaguchi discovered that libarchive incorrectly handled certain type conversions. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
a21c54de461ecbc21d0031ce3c666809c5980fd2ba0a648ee1d7e916688abbcaDebian Linux Security Advisory 3197-2 - The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied.
8ffa01890f95e94ab414f9473060e0fffbf3f3be11fbf797714fa6a0c0a6d411pfSense version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
17f91d13806f834c29b1b913f8c480f5b36357931284cb1c6d8b791cd8c6f217Ubuntu Security Notice 2548-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
d292c8c54c0625368669907a9cb53fed70161f0ef2a1072fca343fe9f3cbc9daWordPress Marketplace plugin version 2.4.0 add administrator exploit that leverages a vulnerability that allows an attacker to execute any php function unauthenticated.
ac59d4a9526b37f10ef94defac072ade2a47ac7bfca88a79255e93f826142f61Mini-Stream RM-MP3 Converter version 2.7.3.700 local buffer overflow exploit with message box shellcode.
4ed27043a3181af40f56ae9bf436272d765cd8693620a76592e3424d76c080f3HP Security Bulletin HPSBGN03285 1 - Potential security vulnerabilities have been identified with these three packages. These vulnerabilities could be exploited to allow execution of code. HP Operation Agent Virtual Appliance for monitoring VMware vSphere environments (OAVA) HP Virtualization Performance Viewer for monitoring VMware vSphere environments (vPV VA) HP Operations Manager i 10.00 Virtual (OMi VA). Revision 1 of this advisory.
172838bdb356ce6ff085acbfa8cc07719e149fed64df6c1daaa6c456b43e7a32HP Security Bulletin HPSBMU03263 1 - Potential security vulnerabilities have been identified with HP Insight Control running OpenSSL. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
e9470422791d2a2b95c43579456c672fbc3a4de6806dd7e01f693c18ab61c8c6HP Security Bulletin HPSBMU03291 1 - A potential security vulnerability has been identified with HP Operations Orchestration running Powershell operations that could result in the remote disclosure of information. Revision 1 of this advisory.
dfa33d95c5b97229bad94d7c80beb01e5a9d49c60dd241d5263e97aaea3bce57HP Security Bulletin HPSBMU03292 1 - A potential security vulnerability has been identified with HP Operations Orchestration that could result in authentication bypass. Revision 1 of this advisory.
509a6fcac01c24dff38150100ab1f08082dd575792764b055a22d55c0c785c5aHP Security Bulletin HPSBMU03262 2 - A potential security vulnerability has been identified with the HP Version Control Agent running OpenSSL on Linux and Windows. This vulnerability is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. A second vulnerability could be exploited to cause a Denial of Service (Dos). Revision 2 of this advisory.
218f0c2a31014c81caf3dc20a4383a93b33e4c8723e78076f68121e372890291HP Security Bulletin HPSBHF03276 1 - A potential security vulnerability has been identified with HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4). The vulnerability could be exploited remotely resulting in unauthorized access or Denial of Service. Revision 1 of this advisory.
0bb3556b2a1709dbbc1f3c292420358bf30f6b1c1c79507ceb5876a01ecc94b6HP Security Bulletin HPSBHF03275 1 - A potential security vulnerability has been identified with HP Integrated Lights-Out 2, 3, and 4 (iLO 2, iLO 3, iLO 4). The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
172e4ff7e09b9e3d9390027c862dbf18f867bdecc9c0c44208f7297496685b6bHP Security Bulletin HPSBMU03301 1 - Potential security vulnerabilities have been identified with HP BladeSystem c-Class Onboard Administrator. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" or "POODLE", which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.
c0ddf1cba31f6d75cc901730731461ddf99ca69b7955086116786dd7bed332a3Red Hat Security Advisory 2015-0720-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files.
4ce89b92cfd48ba7281a739aa5bd977c0dd79177e1e4b9ae367ed1deba2659c9Red Hat Security Advisory 2015-0719-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. It was found that the 'do' parameter permitted expression language injection, which could allow a remote attacker to execute Java methods on an affected server.
3bc10be638561a84a22f7d12bb3bbe4617b2600873ca067c9751772eb657ddd8HP Security Bulletin HPSBGN03288 1 - A potential security vulnerability has been identified with HP Server Automation. This vulnerability could be exploited remotely to allow execution of arbitrary code. Revision 1 of this advisory.
d6a1647519e8e6318998d9bf72dbd53af0d42837ee32a610e3accf6ae3e02c08HP Security Bulletin HPSBGN03282 1 - Potential security vulnerabilities have been identified with the underlying Linux Operating System kernel which supports these three Virtual Appliance packages. These vulnerabilities could be exploited to allow execution of code and other issues. HP Operations Agent Virtual Appliance for monitoring VMware vSphere environments (OAVA) HP Virtualization Performance Viewer Virtual appliance (vPV VA) HP Operations Manager i 10.00 Virtual (OMi VA). Revision 1 of this advisory.
864b0db9d75f4f8f952cedebeb176669331ab60bcc28a09d3c66acf6f249367dWordPress Marketplace version 2.4.0 suffers from an arbitrary file download vulnerability.
ff5c9bca6be4f917e44ba3f43280d1887e3442049bcb78dc75cd7e35100af664HP Security Bulletin HPSBHF03151 1 - A potential security vulnerability has been identified with HP Integrated Lights-Out 2 and 4 (iLO 2, iLO 4) and Chassis Management (iLO CM) firmware. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) remote execution of code, and elevation of privilege. Revision 1 of this advisory.
6d007742f5d31173b6a72e6a8245ed5bde88f82e18a6f74138485feba30517e1Joomla Spider Random Article component suffers from a remote SQL injection vulnerability.
fa08b153d4be75c3ef3dc85593c751b07ba4907dd1c8090e641c63c957325b65Question2Answer version 1.7 suffers from a persistent cross site scripting vulnerability.
e26696f351c024c5393265e8748ed1af7855f5d0b528fc56711ca201d3840a08
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed