Mandriva Linux Security Advisory 2014-006 - xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825. The updated packages have been patched to correct this issue.
d503e763b57122b1bd5ea97bd2b93533c0511e842cf6a0c87bc31b04792daf0dMandriva Linux Security Advisory 2014-005 - The TLS driver in ejabberd before 2.1.12 supports weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. The updated packages have been upgraded to the 2.1.13 version which is not vulnerable to this issue.
4f694e5ddc207e0db057b3c0ee6d0aba1eca623fa95f4affcd6efca3d29ffc0dJoomla Sexy Polling extension version 1.0.8 suffers from a remote SQL injection vulnerability.
386f633addc7fcd69c71714e10ca43a9577c114d2f48bae9ca88cbf0936b85a3Ubuntu Security Notice 2083-1 - It was discovered that Graphviz incorrectly handled memory in the yyerror function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. It was discovered that Graphviz incorrectly handled memory in the chkNum function. If a user were tricked into opening a specially crafted dot file, an attacker could cause Graphviz to crash, or possibly execute arbitrary code. Various other issues were also addressed.
25439a91952048a0b2275a1f124b3b5aa430718a373e261797e5b2b191ca184cMandriva Linux Security Advisory 2014-004 - Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list to the process_cgivars function in extinfo.c, status.c, trends.c in cgi/, which triggers a heap-based buffer over-read. Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read. The updated packages have been patched to correct these issues.
2a8a2c2fafea3404e1ed0dab309c14b4a4dc58b3300bfb3a8153d0ae8063119fMandriva Linux Security Advisory 2014-003 - Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor before 2.14 might allow remote attackers to execute arbitrary shell commands via $() shell metacharacters, which are processed by bash. The updated packages have been patched to correct this issue.
ae3af96c61f5cb0bcc8ef2cfd7bd0d9f0aa1fdf1facbc9382e974b70630cdf6eMandriva Linux Security Advisory 2014-002 - The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.4-P2 version which is unaffected by this issue.
68b6dd6470caf042a0953b19a031782926ab5363c4da8f8ff80fd46eaa48eecfClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
35f5e84d734cdd4532c1cc6c92560c5b31d1c24f2e1e203bef0ca1351eb223dccryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
336aa4af20dfe4c174d723a5d0fde77635c8ac95067c10378abc4eb6d136f915SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
2c181413b1ac98c2e968838cf2aff201b6ff5bba656c22f9d1c756626cd5aa16Red Hat Security Advisory 2014-0030-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
836069891824f01a4d1a0c0c357d7e19a31e12bd8afa1255bf2a8c7943cd1cf7FreeBSD Security Advisory - Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. This issue only affects authoritative nameservers with at least one NSEC3-signed zone. Recursive-only servers are not at risk. An attacker who can send a specially crafted query could cause named(8) to crash, resulting in a denial of service.
42bd91e5a207d906b383d2f4b8c14bcb28389b0113837035f0080c510470026dAjenti version 1.2.13 suffers from a persistent cross site scripting vulnerability.
f2384d32b3cba7169334e5e7866064ae6d12640e7c4f7b1f468bed3c547f1f20Drupal Anonymous Posting third party module version 7.x suffers from a cross site scripting vulnerability.
3f66516fa2d17f145270d1b32bfdcb6d5737821a00485d9156519b16c187b504Drupal core versions 6.x and 7.x suffer from impersonation, access bypass, and security hardening vulnerabilities.
f5c6a398f6c3eb4be7409e8de673476647efb02968ec5e6d76e45d68ffbfdae9DomPHP versions 0.83 and below suffer from a remote SQL injection vulnerability.
cb2dcf35ad0fd792e1f894e8174876bc0f117e63ac62244dd54a12a0b864d723A local stored cross site scripting vulnerability affects Y! Toolbar for FireFox on MAC version 3.1.0.20130813024103 and Windows version 2.5.9.2013418100420.
142248a0c37ee7fab8c5439b25c68e5735667f364eea08f98a2fd5994f534c29The JavaScriptUtils.javaScriptEscape() method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in a cross site scripting vulnerability. Spring MVC versions 3.0.0 through 3.2.1 are affected.
242790135a9927b7deb87c43607a629b3269e553eee7b7f28d9784435b870ce8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed