Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
76576be8630c45295bbad88ae0ff962e2700d9f8ae39ccd8dac71c467da5f8b9EMC Documentum D2 4.6 contains a fix for a D2 Configuration Object vulnerability that could potentially be exploited by malicious users to perform unauthorized updates on any D2 configuration object.
e75b30e6ca17c7c79757436ea8578d98713bfcf2f9474747642ed22891a2a893Ubuntu Security Notice 2945-1 - It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
dd6f4648c2718ace6da0c48f5654270405ee7be8fbef9a0febf2810c448d3304Ubuntu Security Notice 2944-1 - It was discovered that Libav incorrectly handled certain malformed media files. If a user were tricked into opening a crafted media file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
b720ac08b0266b887b424168df30f111dda29cc6d404e3fe4dc4554498731134An invalid write may occur in optipng before version 0.7.6 while processing bitmap images due to `crt_row' being (inc|dec)remented without any boundary checking when encountering delta escapes.
1bd3364babf6e41d15227faa39e310e80239d98d93e06b8da20ca014c7705af3Pulse version 0.7.0 Final suffers from cross site request forgery and cross site scripting vulnerabilities.
ea8464956bfa6c42a33165b5b3aba39f84d4fac00ae1a4d00252f2abba47e365MeshCMS version 3.6 suffers from a remote command execution vulnerability.
da04f5d5f4b1209e8faff39fb9ec4d95d49dbf0019c36962d2b9433ead3184acQuanta LTE routers suffer from backdoor accounts, remote code execution, weak WPS functionality, arbitrary file reading, and a ridiculous amount of other vulnerabilities.
574a7a5333ba067e960ea26d54102349d8fe190084d3f24d869cdee6d409231fHexchat IRC client version 2.11.0 suffers from a stack buffer overflow vulnerability.
b07b2b6db37675f941c07f3920bcced3c011698ca1f395c81b50c9da27d31a51Hexchat IRC client version 2.11.0 suffers from a directory traversal vulnerability.
d85c85fa9d30b29c7550b803c26acb4790dea434b0ea1c53012a436047bc51b1ARRIS SURFboard 6141 broadband cable modems suffer from a cross site request forgery vulnerability that allows an attacker to force a reboot.
9919da43c3cb5ad16850859eff7c17f749d065dc0e9c43a20adad79eb378fda3DotCMS version 3.3 suffers from a remote SQL injection vulnerability.
faa63524a8d16e4af5a5bf5641da111cadd20a585bd8aee91ab2604c4c1d63e8Cacti versions 0.8.8g and below remote SQL injection exploit.
694fb314b7fd9974acdf0ba7228bc6585d81d00e7d0e2d855c470dd4db4fe97cPQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.
fe3ed62353addd89a40fbd3f085160b2cf16ac8091c7f26ac31a481f95b1c9bbTradukka.com suffered from a cross site scripting vulnerability.
227aefd7dd2303ac6b8c1b12ff0f3df8af995ca725a860b372e2e8462b21d626The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.
05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48This particular vulnerability makes it possible to force a Stratum Mining Pool to accept "invalid" shares by the thousands for each mining pool round. It is possible to make pure money from this vulnerability. The exploit is real but affects only a fraction of Stratum Mining Pools.
98f38f195f99637fa5ba464c0ad0c782f7e5ed9d053eccf6a703a78f9c7c85a6Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
74c685f8da51b3f038a7b8185bdbed274aca25daf64ac7ea01eea60636727f26
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed