Säkerhet

OpenSSL Toolkit 1.0.2

Packet storm - tors, 2015-01-22 19:02
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
Kategorier: Säkerhet

Arris VAP2500 tools_command.php Command Execution

Packet storm - tors, 2015-01-22 19:00
Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the tools_command.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username.
Kategorier: Säkerhet

EventSentry 3.1.0 Cross Site Scripting

Packet storm - tors, 2015-01-22 18:54
EventSentry version 3.1.0 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

Mango Automation SCADA/HMI 2.4.0 Cross Site Scripting

Packet storm - tors, 2015-01-22 18:53
Mango Automation SCADA/HMI version 2.4.0 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

X-CART e-Commerce 5.1.8 Cross Site Scripting

Packet storm - tors, 2015-01-22 18:51
X-CART e-Commerce version 5.1.8 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure

Packet storm - tors, 2015-01-22 18:49
Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.
Kategorier: Säkerhet

JasPer 1.900.1 Off-By-One / Heap Overflow

Packet storm - tors, 2015-01-22 18:46
The JasPer project is an open source implementation for the JPEG-2000 codec. The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. Versions 1.900.1 and below are affected.
Kategorier: Säkerhet

Exponent CMS 2.3.2 Cross Site Scripting

Packet storm - tors, 2015-01-22 18:44
Exponent CMS version 2.3.2 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

osTicket 1.9.4 Cross Site Scripting

Packet storm - tors, 2015-01-22 18:41
osTicket version 1.9.4 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

Mandriva: 2015:027: kernel

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Debian: 3129-1: rpm: Summary

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Ubuntu: 2475-1: GTK+ update

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Mandriva: 2015:026: untrf

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Mandriva: 2015:025: mpfr

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Mandriva: 2015:024: libsndfile

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Ubuntu: 2474-1: curl vulnerability

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Mandriva: 2015:023: libvirt

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet

Debian: 3128-1: linux: Summary

Linux Security - ons, 2015-01-21 19:08
Kategorier: Säkerhet