WordPress Simple Security plugin version 1.1.5 suffers from a cross site scripting vulnerability.
7903268191af99e0f4af1ae087e4cd87915db78de06194ae76e97b648cdc5af7The AusCERT2015 Call For Presentations has been extended by one week. It will be held at the RACV Royal Pines Resort, Gold Coast, Australia June 1st through the 5th, 2015.
e3d37e2713fcc3855493c2745aad5852c56e4891f486f425ab8e3c17c2715b89Proof of concept code that demonstrates a bypass flaw in Microsoft's cross site scripting filter.
0875f3451496c71e7cae3de5807a25a36dee4a8152a23f8e1981178604c35d34WiFi File Browser Pro version 2.0.8 suffers from a code execution vulnerability.
3a17fedccf065dba2df2c8cc06ab986128e6739ee172a59e2c48817e94704d18Sierra Wireless produces a mobile wi-fi hotspot device that is popular amongst telecommunication companies for re-branding to suit local markets. The AirCard 760S/762S/763S Web-based Administrative Console suffers from a HTTP header injection that allows an attacker to inject a file into the HTTP response from the device.
ded2a0627c3a429a64de38ac35a2932ed3eba1561ee7e5b46f1a77886f913fddTechSmith Camtasia versions 7 and 8 suffer from a cross site scripting vulnerability.
0da3668d93c5d907fcfe6b8abc0ab9b5251abb5997b3d5d0d8042ce947378c29Kodi/XBMC versions 14 and below suffer from a cross site request forgery vulnerability.
cecacfa36504e9b71f724b2954aff24637057840d82bcf91a6137809b422a665Foxit MobilePDF version 4.4.0 suffers from arbitrary file upload and local file inclusion vulnerabilities.
5f85f991b9a8dad94c8ffd8d5807d15fd8470726411c60a63efafc1858cefbceThis bulletin summary lists one bulletin that has undergone a major revision increment for January, 2015.
b35e37693f73c2e8b781524b432a3cf64d53b82f7dd69b8c458884d9df656e66This bulletin summary lists eight released Microsoft security bulletins for January, 2015.
2fe73ec475cd8a31081141991b6ee5bce05c41923fbbe4c4dd52789e2e920d24Blitz CMS suffers from a remote SQL injection vulnerability.
c66ceb6f433e98cdcfb6154dfe4e13c116eb212f54de99cc44c88cbcb6870da4KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
7d3cce0ee36f29266235b182ba2142ade64c886109aa061d0884fbcfb4375461Sitefinity Enterprise version 7.2.53 suffers from a persistent script insertion vulnerability.
bc702250ffdaf36a6363da46fb048aa11ee62eed45197602c51eac283f6341bbAnsible Tower versions 2.0.2 and below suffer from cross site scripting, privilege escalation, and missing vulnerabilities.
6e3115b310156299b33941a1b818a51f6f4f245f77904472bfc207672fab5870Congstar Prepaid Internet-Stick suffers from a buffer overflow vulnerability.
b161408db9940a56935ea3d2849edc91522ac265879fb0edcd77fc15f1807ba5T-Mobile Internet Manager web'n'walk Stick Fusion version 8.01.2015 suffers from a buffer overflow vulnerability.
6c14082d057cbbddf70192794e7aed3390eae31cd95dbd6f2dabe41eb835f51dApache Qpid's qpidd up to and including version 0.30 suffers from a denial of service vulnerability.
93e08a917a4400984c0daa916d80f064f905d79916e53644c6f039af207a0100CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability.
4b95a602e4064b14c1925613d95f0cd6ab4878e0ce547bf1e2ca309b92c192e4Ubuntu Security Notice 2470-1 - Matt Mackall and Augie Fackler discovered that Git incorrectly handled certain filesystem paths. A remote attacker could possibly use this issue to execute arbitrary code if the Git tree is stored in an HFS+ or NTFS filesystem. The remote attacker would need write access to a Git repository that the victim pulls from.
85b950ee8227de6144153e9f9d7593a621bb882118bc9fc9f52fbfc82a0d2838Red Hat Security Advisory 2015-0046-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.
f4b93c12f58e5c35affaf35be1f54a6e7e80329d12affa6b11389446e5167813Red Hat Security Advisory 2015-0047-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found that the Beacon interface implementation in Thunderbird did not follow the Cross-Origin Resource Sharing specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery attack.
c4c90cbbcab5333ce920d4813c89f6733d5c1a0c81ef3a8da7a3d197136f93aeRed Hat Security Advisory 2015-0045-01 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the 1.5-year life cycle of Production Support for the 4.0 version will end on June 19, 2015. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux OpenStack Platform version 4.0 after June 19, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to upgrade to the latest version of Red Hat Enterprise Linux OpenStack Platform as soon as possible. As of the End of Life date, this is expected to be the 6.0 version, based on the upstream Juno release, and will be supported for 3 years. In addition, the 5.0 version will continue to be in the Production Support phase until its End of Life on June 29, 2017. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on a currently supported Red Hat Enterprise Linux OpenStack Platform version.
58c4da3d86b9a303571a1d44dbac49ef14eaf8cec631e645d8305d189210b02dRed Hat Security Advisory 2015-0043-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks. A remote attacker could use either of these flaws to crash the system. A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.
9417d6425fbb2d1b37ec0488e89d2176d4de927c292cf623ef0ff73757c17c62Red Hat Security Advisory 2015-0042-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate, resulting in excessive consumption of CPU. This issue was discovered by Florian Weimer of Red Hat Product Security.
6706af2caac638d9939aa28f31ae15f6d34e9050051252c075201903cea2c614Red Hat Security Advisory 2015-0044-01 - OpenStack Networking is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main function is to manage connectivity to and from virtual machines. As of Red Hat Enterprise Linux OpenStack Platform 4.0, 'neutron' replaces 'quantum' as the core component of OpenStack Networking. A denial of service flaw was found in the way neutron handled the 'dns_nameservers' parameter. By providing specially crafted 'dns_nameservers' values, an authenticated user could use this flaw to crash the neutron service.
1dda85bebea21cccfc20796f94883bc7c92a1ae9924506a10d1b3c6408a7d1c8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed