Gentoo Linux Security Advisory 201311-15 - Multiple vulnerabilities have been found in Zabbix, possibly leading to SQL injection attacks, Denial of Service, or information disclosure. Versions less than 2.0.9_rc1-r2 are affected.
376284ead2ebc1de7d71b4043ed1c195b1d07fa77b9a865731ec3db09ef944b1Gentoo Linux Security Advisory 201311-16 - A vulnerability has been found in fcron, allowing local attackers to conduct symlink attacks. Versions less than 3.0.5-r2 are affected.
66b03180e217e23b048a674187af4a6802ff86495b72dcbc3228880511f078d0Mandriva Linux Security Advisory 2013-283 - Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.
1c82e380a68105a8faa750720b4e2f2251bb1cd7f4dd03f29ae8a02d1b90188bGnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
7ca3e261402e90344585cbd5cc54379f4e294697b2cc7cd979458707666ac872This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.
bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93Mandriva Linux Security Advisory 2013-282 - Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks.
ae8a09f529384327fb193842fcebddd1a96d9cfda45247e283628ee923156f50ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.
ee17e74244675a46e555b896916b39a54ee8275031a95efac0f4ad9f7c932c7bPirelli Discus DRG A125g suffers from a remote SSID changing vulnerability.
2b1f91be8747fd519dafa4451cffde3fb3465914cd7c91ec96a5c22286dcfcecPirelli Discus DRG A125g suffers from a remote wifi password change vulnerability.
0844fc4064b35b2b1fca0daf8ee6e09c155f3fa44819becc99422a59b86589f0iptables-bash_completion provides programmable completion for the iptables and ip6tables programs from netfilter.org. Following the logic of iptables, options are shown only if they are valid at the current context. Additionally to the completion on options, matches and targets, it supports dynamic retrieval of data from the system i.e: chain-, set-names, interfaces, hostnames, etc. Environment variables allow to fine grade completion options. IP and MAC addresses can be fed by file.
0f7bd2fe3254cad9270ecead41bdee72d159e9eb6aeda443841f658250f0a6a0Mandriva Linux Security Advisory 2013-281 - Ivan Fratric of the Google Security Team discovered a bug in nginx, which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request, or might have potential other impact.
24200da29b62dbc19d61f3556eb553257ad19ae7b5b9d0f6454ad0816b56eed0Tapuz Flix suffers from a video password bypass vulnerability.
20f632be7ad02a0dcebd94c26baecb40dccfdf5a54d98a77fd3ae541fbfd3644LimeSurvey 2.00+ build 131107 suffers from cross site scripting and remote SQL injection vulnerabilities.
5c44ba55fe8e63eb71a478dcca53f2b4e82fdae8fea63259254d0ae14c55a594Pirelli Discus DRG A125g suffers from a local password disclosure vulnerability.
d3a434fc5af641e203162cf1a2bd32c1dacc470434958a1a05827b049654a80bTPLINK WR740N / WR740ND suffers from multiple cross site request forgery vulnerabilities.
6ed034621950641cdd64908b842248f86ceb3c3fa4144f7f1cd978a254f5ded8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed