EMC Documentum D2 contains several D2 core methods and a D2FS web service method that may allow an authenticated user to execute arbitrary DQL queries with superuser privileges.
7395caedf23353f2c004c71398d331c69995e81e3870a73a34d75d29bc67dd3fCisco Security Advisory - Cisco Nexus, Cisco Unified Computing System (UCS), Cisco MDS 9000 Series Multilayer Switches, and Cisco 1000 Series Connected Grid Routers (CGR) are all based on the Cisco NX-OS operating system. They are all affected by buffer overflow, privilege escalation, and denial of service vulnerabilities.
7cbdd459508984ad05613b5f8dfd78e812d9c4aa6af13199816c11689911fb2cCisco Security Advisory - A vulnerability in Cisco Wide Area Application Services (WAAS) software versions 5.1.1 through 5.1.1d, when configured with the SharePoint acceleration feature, could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect buffer handling for SharePoint responses. An attacker could exploit this vulnerability by convincing a user to access a malicious SharePoint application. An exploit could allow the attacker to crash the application optimization handler and execute arbitrary code with elevated privileges on the WAAS appliance. Cisco has released free software updates that address this vulnerability.
debbd5883c0f1ee44fd9c6207d5297829694cf5da109411306a1a90b8555f5c5HP Security Bulletin HPSBMU03044 - A potential security vulnerability has been identified with HP Business Process Monitor running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.
75b0264fcbec223ee3f4ea20c5e45106bd20fec772506d86b5b521ab51e99c32HP Security Bulletin HPSBMU03042 - A potential security vulnerability has been identified with HP Operations Manager i running on Linux, and Windows. The vulnerability could be exploited by an authenticated OMi operator to execute arbitrary code. Revision 1 of this advisory.
f1b6918940249cce1d82af4f65bab7e6ca8abce69462188ab50ff2ced7fe6abcDebian Linux Security Advisory 2935-1 - It was discovered that malformed responses from a Gadu-Gadu file relay server could lead to denial of service or the execution of arbitrary code in applications linked to the libgadu library.
968e3067472edc877e3d58f8a306f4c3be00b07a88941c496bc361b1297c2a47Red Hat Security Advisory 2014-0536-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
efa88c6d2d6a9b3c9599b4e685e6a270ed5ced1f29e9a38839441774aef2e9beRed Hat Security Advisory 2014-0537-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.5.37.
a64031dc8f87dc015972399f06eeeb57a3646b9a5d9e864b433f49d12014a63aApple Security Advisory 2014-05-21-1 - Safari 6.1.4 and Safari 7.0.4 are now available and address code execution vulnerabilities.
cb432efb5b115028ce6fb6e5f7885637ec7ab0cf5c49906f721e09b631043157Red Hat Security Advisory 2014-0527-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
9fb819c8451770487a087050ba776284f3144e50d3ec95a8c17a734b3130b477Ubuntu Security Notice 2217-1 - It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks.
7117f75f37f74cb8144e237ee206d15a04b0be006cc53d7a29c7c0989a82f056Ubuntu Security Notice 2215-1 - It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.
9ec14266dd00638ce01decec4aed62bb9860586fae5fadcfe49e9de5ab42c55aUbuntu Security Notice 2216-1 - It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers. A malicious remote server or a man in the middle could use this issue to cause Pidgin to crash, resulting in a denial of service, or possibly execute arbitrary code.
61f14300a62299cd50efce5700362ece2d7b215429cb91d6d934e63d2287820fUbuntu Security Notice 2218-1 - Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources.
1323147313066b484ee5b52d71d153ee6004625cdbbfd1832e83c4fe24e53415Red Hat Security Advisory 2014-0526-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
c1e9ffa1b6b350b58747812efb219474e10395a552896a59069ce8b1d24f05faRed Hat Security Advisory 2014-0530-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
de34346940361343ae95ffefd8645ce90411e0a494e6ddc0b04b5f5c70f3a02fRed Hat Security Advisory 2014-0529-01 - The rubygem-openshift-origin-node package provides basic OpenShift node functionality. A command injection flaw was found in rubygem-openshift-origin-node. A remote, authenticated user permitted to run cartridges via the web interface could use this flaw to execute arbitrary code with root privileges on the Red Hat OpenShift node server. This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team. All rubygem-openshift-origin-node users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
254a71155ea09c0d3018088efb69aeccb585bf706d95a39a5a4041737d3ddf9dRed Hat Security Advisory 2014-0525-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
37b4e3425277b7016817fdf155a03c83226e8297ca34a53c49d26f5266d14cdaRed Hat Security Advisory 2014-0528-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.
665c8003d5fa01b9594d0a03ae8df4ebc09edf6ea6f0254bba9dd07db6c66f80Apple Security Advisory 2014-15-20-1 - OS X Server 3.1.2 is now available and addresses a security issue with Ruby.
bfce49f39e7a268a72f7369a75b2a37d4f854447872c18e703a46b24932bbd5bAll users of the following (and possibly earlier) versions of Panda security products for Windows are vulnerable to a local privilege escalation which allows a local attacker to elevate privileges from any account type and execute code as SYSTEM, thus obtaining full access over the compromised host.
bd05592c98a9bbeefe7ba5ee744232314670a99e8285c1dafadcf505cd119f51BSS Continuity CMS version 4.2.22640.0 suffers from a denial of service vulnerability.
d7e9e0e3d9e9e78fbf9acded3c17d9c2499a49a7fd4828f158617351e69206d1Debian Linux Security Advisory 2934-1 - Several vulnerabilities were discovered in Django, a high-level Python web development framework.
f3cac867348584be5c7e3a98278d62b519f5059a1407c982fa0160a95cfab217Debian Linux Security Advisory 2933-1 - Several vulnerabilities were discovered in qemu-kvm, a full virtualization solution on x86 hardware.
4609c037e37dde4bff9f2e2e89d521f16f72c77707b5de202ee9ad47dad1558aRed Hat Security Advisory 2014-0520-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system.
cf3230577c1120f15292cc4b5ce4d76ea79c82dfeeb2391d814a2ba0d353662d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed