The WordPress Flash News theme suffers from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.
1ac281bb3a53ce04e90aed1ef3e8ae9f688dadce3a18924247fb39aa0095c0a6Apple Security Advisory 2013-02-01-1 - Multiple vulnerabilities exist in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_39.
c7879672067e4870f87d194d16149752cfcfc59a5ff6d331b4196e503807e190FreeBSD version 9.1 suffers from a remote ftpd denial of service vulnerability.
ee47445b28383e3aa5a3bd3988e583b7a429051d6f88bc8757efc1a780f4fbf8Technical Cyber Security Alert 2013-32A - Multiple vulnerabilities in Java 7 could allow an attacker to execute arbitrary code on a vulnerable system.
27df991b97e6432f067b4bcf73936870128f030ccdc0916250329d642d515379AdaptCMS versions 2.0.4 and below suffer from a remote SQL injection vulnerability.
10b28440296e69c4db952b068665c6894e07ffc6857babc5166dc7fe083cde72ArrowChat versions 1.5.61 and below suffer from cross site scripting and local file inclusion vulnerabilities.
f99d4cd6c8b68fda6b4411a581267736acdd1b484a1b4179f410efa7b644181ceasyXDM library versions prior to 2.4.19 suffer from a cross site scripting vulnerability using the location.hash value.
32a34c0b9a458b9716a047d0c5d149f245276bb10610212af8490aca25078e1cDC++ versions 0.802 and below incorrect registers URI schemes in Windows.
131c49c0e47e572eae845e2f81b8b15c415785066389e7b080aa18dcbb590fadSecunia Security Advisory - Red Hat has issued an update for mingw32-libxml2. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
fab1d8b617de64641d685ded145115800657ebede4e266471449305086475fddSecunia Security Advisory - Some vulnerabilities have been reported in HP Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
e3290454723797b91a04bec8c7a341c8ae5411dd83983f56296dbe55da5ace3dSecunia Security Advisory - Red Hat has issued an update for xorg-x11-drv-qxl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b47839cebb2f30f6d0ec4b6504ea456da110fe14fea7dbebb54d418722b065c9Secunia Security Advisory - A security issue has been reported in D-Link DCS-930L and DCS-932L, which can be exploited by malicious people to disclose sensitive information.
d7a1abb877b2186b0f1da3c8a161c4e1f464852ca3605a3ad6d6f345e2c496aeSecunia Security Advisory - Red Hat has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information and manipulate data, by malicious users to cause a DoS (Denial of Service), disclose sensitive information, or manipulate data, and by malicious people to cause a DoS (Denial of Service).
1a7f108a7e798cc51496c7e9414aeb21f3feed85568f92cef003ea9c78189200Mandriva Linux Security Advisory 2013-006 - A Null pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format fonts. A remote attacker could provide a specially-crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash. An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format. A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash. The updated packages have been patched to correct these issues.
3f10268fde1e677b8cbb611e28561f80e5c2be5b061f2d205fa851bda91c106cUbuntu Security Notice 1704-2 - USN-1704-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Brad Spengler discovered a flaw in the Linux kernel's uname system call. An unprivileged user could exploit this flaw to read kernel stack memory. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. Dmitry Monakhov reported a race condition flaw the Linux ext4 filesystem that can expose stale data. An unprivileged user could exploit this flaw to cause an information leak. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Rodrigo Freire discovered a flaw in the Linux kernel's TCP illinois congestion control algorithm. A local attacker could use this to cause a denial of service. A flaw was discovered in the Linux kernel's handling of new hot-plugged memory. An unprivileged local user could exploit this flaw to cause a denial of service by crashing the system. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
e9e792aadc97786927427c783a1b1572627f4f272916fcaa582f0780c5890272Ubuntu Security Notice 1698-2 - USN-1698-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
c46a8944c6adf5f34311710cc344aabe4f1d2d9345df52ca204adc9b0c6bdfc1Ubuntu Security Notice 1696-2 - USN-1696-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
e408a3102f01f5fccf4da6ee68f082b7cb946810d6adaf4f91a34a0cd7d733acUbuntu Security Notice 1700-2 - USN-1700-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
21c11ff5e2b4a56b072c318b8324099c90ae3de4a7b9f266fe9b4e164e3ad3aaUbuntu Security Notice 1699-2 - USN-1699-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression inotify/fanotify stopped working after upgrading. This update fixes the problem. Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
dd6ff2e0e516de16930d5650c1e19da4171a897ed4034dbca85ee945498d6aae
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed