VIGOR 2130 suffers from command injection and cross site request forgery vulnerabilities.
158da6869360c34440401b7d762e6ad0e7bc58128556d9bb4750ab4cd08a562eThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
bf04b7786c5c29409ca48454de25aa3e70f2bbd3428a393d3424069f89e3a40eApache mod_cgi remote command execution exploit that leverages shellshock.
aa65be966107716b7bbf1adb14837e5908955fc01c55881d0c81e03aed890e9cPostfix SMTP with procmail shellshock exploit that affects versions 4.2.x up through 4.2.48.
2defb18f0a8b00ec8fed37883f8a633b4382c93a3edfdbab3f7778291f08879aRed Hat Security Advisory 2014-1359-01 - Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent, which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
0fee47ca432cafc7ca8247b552b997a272c16bd14b4202c52afa29007073c237CA Technologies is investigating multiple GNU Bash vulnerabilities, referred to as the "Shellshock" vulnerabilities, which were publicly disclosed on September 24-27, 2014. CVE identifiers CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278 have been assigned to these vulnerabilities. These vulnerabilities could allow a local or remote attacker to utilize specially crafted input to execute arbitrary commands or code.
3db7713d504c91a2a12a2610e9cd8a98e74b36f790d1df3c77d0e4b33c6098c5Gentoo Linux Security Advisory 201410-1 - Multiple parsing flaws in Bash could allow remote attackers to inject code or cause a Denial of Service condition. Versions less than 4.2_p52 are affected.
97311eeb89e6cca85680a723ad6c691b7e5512cffffb554a2af1e30435ca6ef6Debian Linux Security Advisory 3046-1 - It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed. A wiki user could be tricked into performing actions by manipulating the interface from CSS, or JavaScript code being executed from CSS, on security-wise sensitive pages like Special:Preferences and Special:UserLogin. This update removes the separation of CSS and JavaScript module allowance.
a8c028bd8f5b773c2db161c0427d597f71d4ffad2009685a807ddd29f797ca7bDebian Linux Security Advisory 3045-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.
70386335468c79a9bd2bd25b77c7a646092311f40b2f6b2d2f8c4b641e26f40fDebian Linux Security Advisory 3044-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
e8599a5674fc1ceb3a5eeb1f77badb3c647eb985a9f21338ab517290856e4b31Debian Linux Security Advisory 3042-1 - Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service.
43df66ca231a1e10d06ae38318336afbff48e864d01026eb0f490e50624f4e13Ultra Electronics versions 7.2.0.19 and 7.4.0.7 suffers from directory creation and remote SQL injection vulnerabilities.
2cb3e712f11a6279888f18aee5eaa0b8a3c583bc84ae88e70b4594bc9877d20aAsx To MP3 version 2.7.5 suffers from a buffer overflow vulnerability.
bef28d8b1c7084a05d5cc8583507b55c91b58580a99283830469ba36a799ccf2The PayPal Inc GP+ online service web application suffered from cross site scripting vulnerabilities.
50c0dae176ef91f6e6e660139b18ce37e3a4639a510c409d420554ceb0da093fThe PayPal Here mobile notify me online service web application suffered from multiple cross site scripting vulnerabilities.
2b11836909e30915503c7ee6c890fa917b33517dde5f9c9619d253b76cc1e341TeamSpeak Client version 3.0.14 suffers from a buffer overflow vulnerability.
295b37f295776501806fbc213aa99959eb696a5c44acb220c32bbb53d6a614b2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed