Free Download Manager versions 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and possibly others are affected by a stack-based buffer overflow vulnerability. Proof of concept code included.
d757234aa82969bb55c4498cb2fc25d5a4f629a3efd5fc1a69edf4175c7a988aSeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities.
7222df803d22b5fb30d93e08afd977dc6a9b8b835ad9c5ef8d67af0e94f245cbHP Security Bulletin HPSBMU02975 - A potential security vulnerability has been identified in HP Smart Update Manager for Linux version 5.3.5. The vulnerability could be exploited to allow an elevation of privileges on the target system. Revision 1 of this advisory.
80b9684119823368861ac1a55ecf2583944cd93bec40ace432f5fbd7eac8f41dMicroP version 0.1.1.1600 local stack buffer overflow exploit.
d735cfe03abbf2db0ad8bf6acb6c8b51b1ff05643f2c5d19f0eb3fdc5a3d7f61WatchGuard XTM version 11.8 suffers from a cross site scripting vulnerability.
ba1a39b06837912987c84d2e2f37b55c4b8fa9bab0cd2a40903637fbd5714e5dHP Security Bulletin HPSBMU02967 - A potential security vulnerability has been identified with HP Unified Functional Testing Running on Windows. This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.
cf2d725ac72d50909e306f487cc4ca1305478a75311883f1955aef3d6587f353Red Hat Security Advisory 2014-0294-01 - XStream is a simple library to serialize and de-serialize objects to and from XML. It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application. The main distribution of Red Hat JBoss Data Virtualization 6.0.0 does not contain the vulnerable XStream library and is not vulnerable to CVE-2013-7285. Only users of Red Hat JBoss Data Virtualization 6.0.0 who installed an optional S-RAMP distribution as provided from the Red Hat Customer Portal are advised to apply this update.
e94f90ed91b9b18863d01d1278cf19bff6faceda04aad0f5805835514be9048bRed Hat Security Advisory 2014-0293-01 - The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon. This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
5d90c2ffd8ed8370885c882a091d1e810658d6c9577a1d0b2a5ecd31866b6e27Red Hat Security Advisory 2014-0292-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This could allow them to modify configuration values, as well as read and write any data the directory holds.
d914aecb3f667424883407c104a1690ef4e20fc9f1cdb411a6df0195c4d01e40Gentoo Linux Security Advisory 201403-4 - A vulnerability in QXmlSimpleReader class can be used to cause a Denial of Service condition. Versions less than 4.8.5-r1 are affected.
0a046802190aeec6c4120dcc9949be12f5b62bb9939471464f8331f6df156f20Mandriva Linux Security Advisory 2014-061 - It was found that comments in /etc/users.oath could prevent one-time-passwords from being invalidated, leaving the OTP vulnerable to replay attacks.
c6a62e06caed23c48a6e9b292f932b46cf045fc9e5a20a667fcfec9e225762a0Mandriva Linux Security Advisory 2014-060 - Imapsync, by default, runs a release check when executed, which causes imapsync to connect to http://imapsync.lamiral.info and send information about the version of imapsync, the operating system and perl. The imapsync package has been patched to disable this feature. In imapsync before 1.584, a certificate verification failure when using the --tls option results in imapsync attempting a cleartext login.
d7179931ea113dcaae71ae75cb498eeb6441d0deded88193dfac9bedc9b4b1b6Mandriva Linux Security Advisory 2014-059 - Multiple vulnerabilities has been discovered and corrected in php. The updated php packages have been upgraded to the 5.5.10 version which is not vulnerable to these issues. The php-xdebug packages has been upgraded to the latest 2.2.4 version that resolves numerous upstream bugs. Additionally, the PECL packages which requires so has been rebuilt for php-5.5.10.
95c04b7ba4395c3bf7ec869d0de9031560db76b9670d4e9962e9d49806fd0456Slackware Security Advisory - New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
aea64d7045b389cdf46050c3696732076ba95b733bd6138950d20fe7601a557eDebian Linux Security Advisory 2879-1 - It was discovered that libssh, a tiny C SSH library, did not reset the state of the PRNG after accepting a connection. A server mode application that forks itself to handle incoming connections could see its children sharing the same PRNG state, resulting in a cryptographic weakness and possibly the recovery of the private key.
dd19c9d7bfff0001fbdcba76e13bb535fcc99493ea338655b5c902a52dbaadfcMandriva Linux Security Advisory 2014-058 - SSHA processing in freeradius before 2.2.3 runs into a stack-based buffer overflow in the freeradius rlm_pap module if the password source uses an unusually long hashed password.
4abd4790fbbfe3df3a6955b9c9a46d812e0b17d035f4299001798f8b1b631ef1Gentoo Linux Security Advisory 201403-3 - A vulnerability in file could result in Denial of Service. Versions less than 5.17 are affected.
7238fceca009d282fe24eef40c5d8ba46f30cc8ead687650a72876e6c883ae2dUbuntu Security Notice 2147-1 - Beatrice Torracca and Evgeni Golov discovered a buffer overflow in mutt while expanding addresses when parsing email headers. An attacker could specially craft an email to cause mutt to crash, resulting in a denial of service, or possibly execute arbitrary code with the privileges of the user invoking mutt.
c01925d0c822da23c3c5d4616f125e482387423f012d0f69badc2a78a5b733dfSlackware Security Advisory - New mutt packages are available for Slackware 13.37, 14.0, 14.1, and -current to fix a security issue.
a31b046a39e2eab47fb09433678d91991377c09a4e251e8e58c25e8d870cf843Joomla AJAX Shoutbox suffers from a remote SQL injection vulnerability.
64883b00a307f31c0429ba45f2a67e2fa7f19c62dc666e414b874f3d9536979eTrixbox Pro suffers from a remote command execution vulnerability.
16c4989fd587dda06942b413211a881e0f52e9cf1be3fd56030a2eb7f44eab75iOS 7 suffered from an arbitrary code execution vulnerability in kernel mode.
a80dfd22eb4297c3c38e28620d240742691ea94f1473c9e9c446334c23938dffMac OS X, Safari, Firefox and Kaspersky all suffer from a regular expression denial of service condition that was discovered long ago in regcomp().
8d9bccde42a49a51d60d66232f596249d63d2b6443263209bcfa4a6ea5ad5d2fGNUboard suffers from a remote SQL injection vulnerability in ajax.autosave.php.
27ed72e6b9c12234ea050db92eeb684f66dbf2523f670b919e05fa9d75887ded
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed