EMC Documentum xMS contains a security fix to address a sensitive information disclosure vulnerability where Windows Service user credentials may potentially be exposed in plaintext within batch files during provisioning of EMC Documentum Platform or xCelerated Composition Platform (xCP).
de1811d915ed6d6d148c73b5867e80d6616a3e8e6d683f6fdb8a1a4b1a78bd7cDokuWiki version 2014-09-29c suffers from a persistent cross site scripting vulnerability.
f3904c4b7095c2906f919c23af7958dffe8a653152cf6e88441674e356365afdUbuntu Security Notice 2540-1 - It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
faa3f38df2a778a2e8d6ecb02bc1d46cf098d1bce9d470cf79399514146a00c2Ubuntu Security Notice 2539-1 - Andrey Babak discovered that Django incorrectly handled strip_tags. A remote attacker could possibly use this issue to cause Django to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. Daniel Chatfield discovered that Django incorrectly handled user-supplied redirect URLs. A remote attacker could possibly use this issue to perform a cross-site scripting attack. Various other issues were also addressed.
53680626ecb8e98f0161296b291449a4aafee68328f4c80fd4a94fb42720042aDebian Linux Security Advisory 3203-1 - Several denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system.
f982ea3e2223a2551827b7656bffdf8e9f9e60e673b0057364629f70424d9398Debian Linux Security Advisory 3202-1 - Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards. Mono's TLS stack contained several problems that impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening (via FREAK).
78e5806120adde37c1de046b186252c04c44ae5d07e5fcbe085a7bc9e991000cDebian Linux Security Advisory 3201-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser.
eef6cafbaaa9b252c756e294b2fba9f996dbb1d9c0f913e32b9cbb45c024c477Debian Linux Security Advisory 3200-1 - Multiple vulnerabilities have been found the Drupal content management framework.
a5762218d705df594d18221d639a29bd5c5b1bcf466aa1154783cad00ccadb0bGentoo Linux Security Advisory 201503-12 - Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to cause Denial of Service or bypass security restrictions. Versions less than 41.0.2272.76 are affected.
e21a4857fac2b6be7dfa276ae891bfb47ee08a7c11c7130951a974443df0fd72Ubuntu Security Notice 2538-1 - A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Mariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. Various other issues were also addressed.
a0116195799207503ba79ca85d1479df4ac090ffbae10e606404c8c7a8ced0b4Debian Linux Security Advisory 3199-1 - Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. An unauthenticated attacker could use this flaw to cause an application using the xerces-c library to crash.
fe40402cd6a4bce3afcddae3aa6bb1ca5dc1d4a4c234a62b94defe6a4e6c221aDebian Linux Security Advisory 3198-1 - Multiple vulnerabilities have been discovered in the PHP language.
8cafab0900e78603565824e82aa2ca060461427914bf7a8984033a69621dcf97ManageEngine Network Configuration Management suffers from a cross site request forgery vulnerability.
92368df0e9e0f2127c3cd5b8c1a65d106c669a4abd4e4f69d29da58266507ffbWordPress InBoundio Marketing plugin suffers from a remote shell upload vulnerability.
7940c1bcc1be530b886d2e8945d3daedf9179235dd53a629eff265af18c5f93cWordPress MP3-Jplayer plugin version 2.3 suffers from a local file disclosure vulnerability.
0029d652e04d0be61d22db15d7a2fc2394e42ed9f13fde78fd7c9d9c0ad7c71dManage Engine Device Expert version 5.9.9.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
f20cf3a5eeba6944bf7c8e0b8e41afd3a2af615be2ecf3373dad1c709980a353WordPress AB Google Map Travel (AB-MAP) plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
d05ef630552b94fe4793abb6d6cfc370e265a055695867aac201a5912790ecfdManage Engine Device Expert version 5.9.9.0 suffers from a cross site request forgery vulnerability.
335ed01164ea71ca9d0063fed4f8122e7d1025d09630c8e1c87867e47945498eThe Joomla Spider FAQ component suffers from a remote SQL injection vulnerability.
1e2762eb2b150084329622dc9717ba845a0ba6a848ed72061df848c3e499db2bApache Batik suffers from an XML external entity (XXE) injection vulnerability.
0d4ea687c6256b341e53f9d48115540d7d0aa060c1c7eeaef6476e26de6a2c49Free MP3 CD Ripper local buffer overflow exploit that mints a malicious .wav file that will spawn calc.exe.
291049aedfaf3aeb04da4a251afe8b0a963d533f7a6438b9918cdac181567059
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed