When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). This is the proof of concept exploit. Versions prior to 2.7.4 are affected.
b4e14816e4c5cdc0de651f2cc750a97fa531e3a0c488cb71922a3bc534259845A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.
490680f010ed632a71b903374189cc43de53208be861742cff821a065866c2aaMonkey HTTPD version 1.1.1 suffers from a denial of service vulnerability.
9f43c0d9a2bd9b380f9c63f0e17d6265c76af43e959168f66ca0eb9c22f6dac0Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.
a1be0c732a451012a3ce3790491e07d11ec1d79c4b31ee3517a8f1106d62c7d6Ubuntu Security Notice 1843-1 - It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.
bdf64ce78ce70768d1fe3ce67fda771767ed7e96de1d354350dab867eaaad7d3A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.
3c7292de3b3be1ee12992e0ae63f056545cf432aee257c5c37c07bd209db55b4RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.
51025b283bf7b06aa4e48a2045497a92ea112092445f55c38c3447b5bb77e3c5Mandriva Linux Security Advisory 2013-169 - A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been patched to correct these issues.
be1c65865610ffa4ea64d482af3d1506e85a734aee82c78be916717a870a7144Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.
640ea9174e71b305a5f1b339da29ee15b1585728d406cc4960dddb989aadb1bfUbuntu Security Notice 1842-1 - It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.
5c9dfe86b629e13c70465ca13b50699af22a4c89469cb4a7e9f48576a2adb371Mandriva Linux Security Advisory 2013-170 - Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been upgraded to the latest version which is not vulnerable to this issue.
b6470f67993d2d22bc91e370c86c46404de158d07c1702819900e876709ab063YeaLink IP Phone firmware versions 9.70.0.100 and below suffer from an unauthenticated phone call vulnerability.
22671d10a80df232f64150e4e78af6be36a8803fbdb6475a8eb01087172a3425TP-LINK WR842ND suffers from a remote directory traversal vulnerability.
ac4197fdb577b1dab807bec29d445b9cd6d5ff28f301aaac5ea7915033dfc735MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
8235ee04f4189bc07a3fe23cd8d28c1f794edd27430d87abbda4d3a71671592dCA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.
2e54655588c25bdefe31a55c53e84ad769d4df7d8697929e133e8c471bd7394dUbuntu Security Notice 1831-2 - USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. Various other issues were also addressed.
a50ab4b4de6a17a5bf675ce2e2d8f1ac4f8d0e30adadd5f88dc4ecf39fa42552
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed