Business Solutions CMS add administrator exploit that does not require authentication.
fa6b20834c1535c6a89139a7f3194efde7fe3bb133b1ffaf7e80a747ce527856The Microsoft .NET Framework contains an error in the Intermediate Language (IL) verifier which could allow hosted partial trust code to elevate privileges to escape a sandboxed environment resulting in arbitrary code execution with the permissions of the user. Affected are Microsoft .Net Frameworks versions 1.1 through 4.5.
079e079043b920220d28f1a88dcf3dd9d69b471f51c59bc6253d0bd339e455acMandriva Linux Security Advisory 2013-004 - The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce values instead of nonce values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. The updated packages have been patched to correct these issues.
0f6f2fdd564188898a7147b9d1bc195b5fd0b89edd4b2aaaca208eaea27223dbRed Hat Security Advisory 2013-0151-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
da53a6a9c886ec1076f05400b23c0d28eb3099dbcfee4fe515fbe62926eaa0e4Ubuntu Security Notice 1684-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.
a13ef4d294465071b2a61382d84d80fe26c5944c7223069e6c86df3c652031baUbuntu Security Notice 1683-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.
58d54e3f8882a8b5c415c501a401d5b5582c6e8aa8c6d834857d3ad3ef725a2dSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
b4fc7b177a111c538a0421e455f21ea1fb001da91eea21da29693d75e5cafd5fSecunia Security Advisory - A vulnerability has been reported in the WP SlimStat plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks.
998b0ff33a72723ee46bc252df2f0601037565a03c022bb70b0e7ddf06128830Secunia Security Advisory - HP has issued an update for xfs. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
625cd9c318511d22dc0e3c7584a4ce0b8ced247a5c7a78806552d65cd32ce5fdSecunia Security Advisory - Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, and compromise a user's system.
7ef5ce47c1d328fdef932de19b9556c4831a79c1eb71aa765d41086154d64178Secunia Security Advisory - A vulnerability has been reported in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service).
0d547ff078da8e3b76150189f942840fd5c3f583e4de81b438bfcf1433a82903Secunia Security Advisory - Gentoo has issued an update for haproxy. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
7927d4a560d2c37f515ba2a4e87e67f276949c1427c146dd5061671b92406033Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
c5d09d856f4e09cba8290e3e0b14a460c1172a48c5eb12436ee22c950e782162Secunia Security Advisory - Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
9261a6485edd7279341aa627c5e6e2af80f130ed8917e2a462eb4c96c45a09adSecunia Security Advisory - Gentoo has issued an update for dhcpcd. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
5403a3aaf0c88a340dba41ce9c0011dc81495a208357c3635dc7a0d742a35128Secunia Security Advisory - Janek Vind has discovered a weakness in the GRAND FlAGallery plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
c907558f61da00be667bb7fcb5c5537ef1d98ddf1c89d76ac73011869b1a751eSecunia Security Advisory - Debasish Mandal has reported a vulnerability in Zoom Player, which can be exploited by malicious people to compromise a user's system.
bd45e259e02cd0bc683d011687bb9c6480fa3c6a27deae8c36c116da82f8c3c4Secunia Security Advisory - A vulnerability has been reported in CiscoWorks Prime LAN Management Solution (LMS), which can be exploited by malicious people to compromise a vulnerable system.
5491c379c38dcac1b3c02c368d09ffaa7ac79cda66ab24dbba5a7ffa6a562c4dSecunia Security Advisory - Debian has issued an update for emacs23. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
97e7b670a714cf81d2e49859da6c0549f02aa7330d7e0b5b9f6a091b5c1d33d8Secunia Security Advisory - Debian has issued an update for rails. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
46ceab3a1570e624a9b00b408dac4aa3b164fc38e8ae529605e0d129a4e92d8cSecunia Security Advisory - A vulnerability has been discovered in Ettercap, which can be exploited by malicious people to compromise a user's system.
45f6f9587ff05c34ccc647f51e8d5d9f0c2720a7dc74f2226a50509823c6173bSecunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
e106f9b7edc73cfab8d226818a0acf126795be362914f3eada51ff340ce7c073Secunia Security Advisory - Oracle has acknowledged a vulnerability in tcsd included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
d6cee4080ab795ea060085c152f6a8036212edd1a9d1ab8a6c1504938806224cSecunia Security Advisory - Two vulnerabilities have been reported in the Search API module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
42fd17cb95b700815786a87d8124229a0c03ff7bc6c67efcfad63a979a14fd8fSecunia Security Advisory - A vulnerability has been reported in Adiscon LogAnalyzer, which can be exploited by malicious people to conduct cross-site scripting attacks.
13c6c23355496d3ff29efcd04ac2b0da761174e56562b5d6865326a45620c4a0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed