Malicious web applications could use expression language to bypass the protections of a Security Manager as expressions were evaluated within a privileged code section. This issue only affects installations that run web applications from untrusted sources. Apache Tomcat versions 8.0.0-RC1 to 8.0.15, 7.0.0 to 7.0.57, and 6.0.0 to 6.0.43 are affected.
ae7ea53034ada919480d439f340f0f86e63c7361e273e4d38ea3034409f7672bLoxone Smart Home versions prior to firmware 6.4.5.12 suffer from flaws including denial of service, cross site scripting, credential theft, header injection, and control of arbitrary devices.
ab5062f89708dd98a37da8e485f31600d093f6ecd77a9ddf38203d4670fb5690Wireshark versions prior to 1.12.5 suffer from a heap overflow vulnerability.
1ae5af42f7ef14100630d0010d301d92234b3bf167a0e4c7fedd8095c080e3c8Websense Content Gateway versions 7.8.x explicitly trusts compromised certificate authorities.
cb0929e1d415d926a45e1ea7e6ee4fe7b60fdf18d7ab43644964d46477b4cb83phpMyAdmin version 4.4.6 suffers from a man-in-the-middle vulnerability when reaching out to github's API.
7874bceeec1e2f481da195934ba9bcdbc30d95e33a128f5b75118b179e149a02iFTP version 2.21 buffer overflow crash proof of concept exploit.
382191ce807dc79f171f5b0344774a48555d773f5c7122381be63607d9a2538fWordPress Media File Manager Advanced plugin versions 1.1.5 and below suffer from cross site scripting, various modification, and remote SQL injection vulnerabilities.
4166675e925816acdce6d734916fadfe5a205ce3a81f8404d06202ad9247bc71VideoCharge version 3.18.4.04 buffer overflow proof of concept.
e1a084ec49536ca70648e7612f0fc3bb3f79c650fb7f7461361e87546aeb66c7Seditio CMS suffers from a remote SQL injection vulnerability.
6fc784c2cf8e3e4d887cd6dedcf27e1a498c707a3482103944a3459ad64cc1f4BisonWare FTP Server version 3.5 buffer overflow proof of concept exploit for Windows XP SP3.
58e5810aae031a68cd432b034bb15b9f05ace289b4c03daf154387b45a18a446WordPress Contact Form To Email Plugin suffers from cross site request forgery and cross site scripting vulnerabilities.
2aca5d9a62624deeeede389712066d5e147d5a31e58641761cd32697cfcfbe4aWebfactory N&P CMS suffers from an arbitrary file upload vulnerability. Note that this advisory has site-specific information.
fc98fed6c5f6010a2337d399492011a87e1b1f46ed6a6e1a0a7dfebb279d616eUbuntu Security Notice 2602-1 - Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
29a3845fe005bc8068a27268e56834cbdf5aca8484a153d5db522b4aba1d1af4Debian Linux Security Advisory 3260-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows and use-after-frees may lead to the execution of arbitrary code, privilege escalation or denial of service.
e925bc4975f6d50ce7232865517b0c78763151f5f3b392fbe9c739d2926be244
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed