Red Hat Security Advisory 2013-1041-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.2.0, and includes bug fixes and enhancements.
01a332930e3b54aa66e37d38faf5261be617f0a2b3b9a9b5193cf5c0fd7a030fDrupal Stage File Proxy third party module version 7.x suffers from a denial of service vulnerability.
23967aa8e46741d57dfe02f01047b63ebac959fb12239ac77670027003d32d69Adobe Reader version 11.0.03 installs multiple vulnerable third party components.
92867cb438017412891299d6363d515d6e808f27508933657856de2352bdc38cDrupal Hatch third party theme version 7.x suffers from a cross site scripting vulnerability.
f13583226935979ac339ab88cc43455edebe5790b423925913ad8bfd7f015381Slackware Security Advisory - New dbus packages are available for Slackware 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2168.
6abf1900c85eae20f638426b2b7e6222d61f46c0eac24cd85c96f33b1e60511fRed Hat Security Advisory 2013-1035-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.297.
e8bc26abdaf96a6fb979f546c978c89aea6c18520be6a6a31742796a55e81afeRed Hat Security Advisory 2013-1034-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization security feature.
34121c82d03fd50f83ba71ea63684236a7136524febb537bcf818b837e55a165This is an interesting write up which shows how a lack of standards between Internet giants can lead to the divulging of a person's phone number providing you know their login id and try out the forgotten password flow.
54cfc1e7c3d85e9fef4c9c925d0a5b5c5893147a3941b1b2fa5eebd76c51e92aCisco Linksys E1200 and N300 devices suffer from a cross site scripting vulnerability.
d4ddb74d82c2fa1d4400b6358b8e0a2c48588deac58394aeddf97cfda04f7241Project Pier version 0.8.8 suffers from cross site scripting and cookies that fail to set HttpOnly and Secure flags.
2918560d315e4539695819dcf44ec0282aedfe9049c3ea821e80e1958c16a5a6HP Security Bulletin HPSBST02896 - A potential security vulnerability has been identified with the HP StoreVirtual Storage. This vulnerability could be remotely exploited to gain unauthorized access to the device. All HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer. This functionality cannot be disabled today. HP has acknowledged this vulnerability and will provide a patch that will allow customers to disable the support access mechanism on or before July 17, 2013. HP StoreVirtual products are storage appliances that use a custom operating system, LeftHand OS, which is not accessible to the end user. Limited access is available to the user via the HP StoreVirtual Command-Line Interface (CLiQ) however root access is blocked. Root access may be requested by HP Support in some cases to help customers resolve complex support issues. To facilitate these cases, a challenge-response-based one-time password utility is employed by HP Support to gain root access to systems when the customer has granted permission and network access to the system. The one-time password utility protects the root access to prevent repeated access to the system with the same pass phrase. Root access to the LeftHand OS does not provide access to the user data being stored on the system. Revision 1 of this advisory.
2e9b18cb67798b475a2521dfd3867a24e5b7dc2f948f4d2eaa0d5993e01cdd0fJolix Media Player version 1.1.0 suffers from a denial of service vulnerability.
58a89d1e3da8836bf1123d5ee7babaa98ef4c05d89af8efa24997efe039d05a0The vBulletin Advanced User Tagging module suffers from a stored cross site scripting vulnerability.
6ed28ca288dcae1a8b8f0d68cc85dff22e78aa97f6261fca14b7e0c1dc5157e4iVote version 1.0.0 suffers from a remote SQL injection vulnerability.
e92df3a9e230ad705c3cf0adc85407a1af9aa864677da01463fad9083153b548The vBulletin vBShout module suffers from a stored cross site scripting vulnerability.
844de421a694dcead3927d9398d6bd3109acf31bac84da005eabee397e5ec914Red Hat Security Advisory 2013-1029-01 - Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse MQ Enterprise 7.1.0 roll up patch 1 is an update to Fuse MQ Enterprise 7.1.0 and includes bug fixes.
d49e98b69560ade66dc250b4e224a5e152fb3faf4decf17786576ec266c040d1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed