Tuesday, December 31st, 2013 |
2:01 pm |
Debian Security Advisory 2830-1 http://packetstormsecurity.com/files/124627/dsa-2830-1.txt Debian Linux Security Advisory 2830-1 - Peter McLarnan discovered that the internationalization component of Ruby on Rails does not properly encode parameters in generated HTML code, resulting in a cross-site scripting vulnerability. This update corrects the underlying vulnerability in the i18n gem, as provided by the ruby-i18n package. |
1:49 pm |
HP Security Bulletin HPSBMU02959 http://packetstormsecurity.com/files/124625/HPSBMU02959.txt HP Security Bulletin HPSBMU02959 - Potential security vulnerabilities have been identified with HP Service Manager WebTier and Windows Client. The vulnerabilities could be remotely exploited including cross-site scripting (XSS) and execution of arbitrary code. Note: The HP Service Manager WebTier and Windows Client resolutions below include updated Oracle JRE7 that addresses security issues in that component. Revision 1 of this advisory. |
2:22 am |
|
Monday, December 30th, 2013 |
3:03 pm |
|
3:00 pm |
|
Sunday, December 29th, 2013 |
3:09 pm |
|
3:06 pm |
|
3:03 pm |
VM86 Syscall Kernel Panic http://packetstormsecurity.com/files/124620/Virtual86SwitchToEmmsFault.c This program maps memory pages to the low range above 64k to avoid conflicts with /proc/sys/vm/mmap_min_addr and then triggers the virtual-86 mode. Due to unhandled FPU errors, task switch will fail afterwards, kernel will attempt to kill other tasks when switching. |
2:50 pm |
|
2:49 pm |
|
Saturday, December 28th, 2013 |
2:39 pm |
PhotoStore 4.0.7. Shell Upload http://packetstormsecurity.com/files/124616/photostore-shell.rb.txt This Metasploit module exploits a vulnerability found in PhotoStore version 4.0.7. By abusing the uploadify.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution. |
2:35 pm |
Debian Security Advisory 2828-1 http://packetstormsecurity.com/files/124615/dsa-2828-1.txt Debian Linux Security Advisory 2828-1 - Multiple vulnerabilities have been discovered in Drupal, a fully-featured request forgery protection, insecure pseudo random number generation, code execution and incorrect security token validation. |
2:35 pm |
|
Friday, December 27th, 2013 |
4:18 pm |
|
4:44 am |
|
5:33 pm |
|
4:32 pm |
|
4:26 pm |
IBM Web Content Manager XPath Injection http://packetstormsecurity.com/files/124611/SA-20131227-0.txt IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager. |
4:23 pm |
Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection http://packetstormsecurity.com/files/124609/cfme_manageiq_evm_pass_reset.rb.txt This Metasploit module exploits a SQL injection vulnerability in the "explorer" action of "miq_policy" controller of the Red Hat CloudForms Management Engine 5.1 (ManageIQ Enterprise Virtualization Manager 5.0 and earlier) by changing the password of the target account to the specified password. |
4:22 pm |
|