Microweber CMS version 0.95 suffers from a remote SQL injection vulnerability.
a7fe9a012827e72ae85ac9723b0edd2d620dff190c228ec5e20b8a3d69c327e6Zurmo CRM version 2.8.5 suffers from multiple reflective cross site scripting vulnerabilities.
e8ad5e444260d1a470d810f235c031ebb743e78b01cfff15a78d14dcdbfa4353The printer administration web application on Brother MFC-J4410DW model printers with firmware versions older than version L (released 18th December 2014) are susceptible to a reflected cross site scripting (XSS) vulnerability due to inadequately sanitised user input.
b643bce6fe04adcf8ac56469f1306e0693883a9abf47de33b0c99c9b7caa87a0The first Security B-Sides Ljubljana will be held March 12th in Ljubljana, Slovenia.
aec3c5115b9550ec7f4c6b36a1a1581b5e843d8e9132a3583f54cfdf422a12dbUbuntu Security Notice 2455-1 - It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and can be re-enabled with the "expandaddr" configuration option. This update alone does not remove all possibilities of command execution. In environments where scripts use mailx to process arbitrary email addresses, it is recommended to modify them to use a "--" separator before the address to properly handle those that begin with "-". Various other issues were also addressed.
f5350ed84b2d35ccb571b03e756d99bfc727e95b63b04252b351e7a632505545Ubuntu Security Notice 2454-1 - It was discovered that Exiv2 incorrectly handled certain tag values in video files. If a user or automated system were tricked into opening a specially-crafted video file, a remote attacker could cause Exiv2 to crash, resulting in a denial of service.
e1cee62b6474f0fc80b6c6491b9dfdaa43efe5b7bbb2a49ea295b811b9ef9494Ubuntu Security Notice 2453-1 - Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code.
519a4169b63e7dd1fac5f92c80d83d0c4d3a4892ca2ea98747109a50df6492e9Ubuntu Security Notice 2452-1 - It was discovered that NSS incorrectly handled certain ASN.1 lengths. A remote attacker could possibly use this issue to perform a data-smuggling attack.
4a188e5586b1601d16f2403dd19db5371bbd99e010db7e131164f00ecae65f7eRed Hat Security Advisory 2015-0016-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application.
90cd9b71e30ab8c30bd38d9fa4f597107a84bbed6e771bcc76f44a2ec20281ffThis Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an exercise in the Metasploit Mastery Class at Blackhat that was facilitated by egypt and mubix.
a4ce59d4dd94c27dbf57cc0669eb39781c82929e9cbc36e77d98b4f23bc377e0HP Security Bulletin HPSBMU03118 3 - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), remote privilege elevation, and Clickjacking. Revision 3 of this advisory.
ed5b474d6192ffdd754964397c95808950f1c4b8f15881d0e952eb44d45938e5Debian Linux Security Advisory 3120-1 - Multiple security issues have been found in the Mantis bug tracking system, which may result in phishing, information disclosure, CAPTCHA bypass, SQL injection, cross-site scripting or the execution of arbitrary PHP code.
8b72c564f64e337de7047ae5659136032afcdbff013f3cec70d686cb7d778df9Microsoft Dynamics CRM 2013 SP1 suffers from self-inflicted cross site scripting vulnerability.
41e6f08ded3f571f338d58545a450ed803a63a8d8b352fe3850ccd7918e8dbf6This is a php script used to leverage an unauthenticated remote command execution flaw in AVM Fritz!box.
da4c6b0e1c996854115f6ec61b1eefac4f8ab243e55959e974580de173e8a0a3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed