HP Security Bulletin HPSBGN03343 1 - A potential security vulnerability has been identified with HP WebInspect software. The vulnerability could be exploited remotely to allow unauthorized access. Revision 1 of this advisory.
df0f638eada0a153fc9ca9b78d93c5eed762834d9b159f1070851cbdeb1005eaDebian Linux Security Advisory 3278-1 - An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module mod_jk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker to potentially access a private artifact in a tree that would otherwise not be accessible to them.
3d81f2f4af8c6a4430f3715b60d3f660036aa2342713122f5488dcb8cbd9a2bdRed Hat Security Advisory 2015-1072-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.
c01a17a54f2c2926f7fea2071ac64192b233b55f38f6fea5b4fae7dab6ec4e44Wing FTP version 4.4.6 suffers from cross site request forgery vulnerabilities.
08cf6c532bd175a4f87a62da6c6708f4eece0547ea170dbc1ee0ff8b6162a252Wing FTP server version 4.4.6 suffers from remote code execution and cross site request forgery vulnerabilities.
d5f811da15835c82a1d1dc941e5a6d7b9fabd30e25710fec8dd6e43f8b68b87fCA Technologies Support is alerting customers to multiple potential risks with products that bundle CA Common Services on Unix/Linux platforms. A local attacker may exploit these vulnerabilities to gain additional privileges.
5048295cdec92e29b7a34683d31ae5c982b6298a4a6c09ee5f965e0d77decae81 Click Audio Converter version 2.3.6 suffers from an active-x buffer overflow vulnerability.
ab3f148c4718d2a8ce1b5e910c5fb705d96975b4212916b4ca32116e08b624931 Click Extract Audio version 2.3.6 suffers from an active-x buffer overflow vulnerability.
8b01dc114225b25899010fb32a767a37a36147e0bb4170433e6f8f3deeaa00f2Beckhoff IPC Diagnostics versions prior to 1.8 suffer from an authentication bypass vulnerability.
c1258402de5e381e4a2cdccec967d1187990dd16ecfa6f773fdbc2ff8b3e5e29WordPress zM Ajax Login and Register plugin version 1.0.9 suffers from a local file inclusion vulnerability.
0777b6c2680f2262ab7b0d6ab4b9528430fa65de9ce505b2b4527249d85aaae2QuickTicket versions 2.5 build 20101222 suffers from phpinfo and password disclosure vulnerabilities.
6c45a2dd10fc3e83eff13312fbee6798682acdc73385fe7cf0aac986a43a549cAirties RT210 suffers from a stored cross site scripting vulnerability.
58a70a1fdd8cd05e813fcfdc513bf69d6112dbebe921e9619fd08082d4ec7784IBM Watson Cloud Computing SaaS suffers from cross site scripting and open redirect vulnerabilities.
acc63bbdedfdf83f7b1bfde9559b12ece29ab6b79619d0ed63d4289dad52db59ViArt Shop version 4.2.1 suffers from cross site scripting, local file inclusion, remote file upload, and remote SQL injection vulnerabilities.
21c1b721f2c9908781f6137ba2f38ae68c9fcfabdb4e702c63d10d643649392bSyria2u Arbahtube version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
27ebe3db1c565ad3eb04431e3c56e435f8b6cfc18b630f85993dece31f5689e0Syria2u You Shop version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
5a9a82af6ecdffc5eb56418866b2a37da0a5fd26a7b6aea4fb6b74e69a16d68e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed