Red Hat Security Advisory 2014-0794-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.
439b96c02a30c4328b81453d07a7086ec8c6af7f89b4275e8c8731cefb9e9772Red Hat Security Advisory 2014-0791-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.
560b97d2370ca4284212130499acba95663b8d20758d8acd8e448914811060d8Red Hat Security Advisory 2014-0793-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. It was found that the org.jboss.seam.web.AuthenticationFilter class implementation did not properly use Seam logging. A remote attacker could send specially crafted authentication headers to an application, which could result in arbitrary code execution with the privileges of the user running that application. The CVE-2014-0248 issue was discovered by Marek Schmidt of Red Hat.
71f11326c586f5c3601f41424af7061f1e6c23e84b907f4f5fc03198bc4abc09Slackware Security Advisory - New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues.
b2008713dccbaff442909f9725fde99b723311ed09d5cb961a6fa237a372a196Drupal versions 5, 6, and 7 suffer from a cross site scripting vulnerability.
0a41801d96ef56fb221a470344be2e6815c1304687e4a5802e95ca5896451f33This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.
ea90ec1ce02362764c088f9a23d4e3e49eb058ef8047c0f1c9b916a1d71d04e3ZeusCart version 4.x suffers from a remote SQL injection vulnerability.
14392edcd2386fc3bfa622c4621025b3d4cac45565be688d86e2d5c417ae827bRed Hat Security Advisory 2014-0786-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
a129a6ab0073091556499735a5f8f8e80ead78b268c608d9656be19c8bbccf5f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed