Multiple vulnerabilities were discovered in ntp, an implementation of the
Network Time Protocol:
Monthly Archives: April 2015
DSA-3221 das-watchdog – security update
Adam Sampson discovered a buffer overflow in the handling of the
XAUTHORITY environment variable in das-watchdog, a watchdog daemon to
ensure a realtime process won’t hang the machine. A local user can
exploit this flaw to escalate his privileges and execute arbitrary
code as root.
Linux splice_write Kernel Panic
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. This is proof of concept code that triggers the kernel panic.
OrangeHRM Blind SQL Injection & XSS Vulnerabilities
Posted by Rehan Ahmed on Apr 11
I. Overview
========================================================
OrangeHRM (Opensource 3.2.1, Professional & Enterprise 4.11) are prone to a multiple Blind SQL injection & XSS
vulnerabilities. These vulnerabilities allows an attacker to inject SQL commands to compromise the affected database
management system in HRM, perform operations on behalf of affected victim, redirect them to malicious sites, steal
their credentials, and…
WTK Network Shopping CMS 1.6.5 SQL Injection
WTK Network Shopping CMS version 1.6.5 suffers from a remote blind SQL injection vulnerability.
Internet Download Manager 6.xx DLL Hijacking
Internet Download Manager version 6.xx suffers from a dll hijacking vulnerability.
Fedora 20 Security Update: python-2.7.5-16.fc20
Resolved Bugs
1046174 – CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib
1159200 – CVE-2013-1752 python: multiple unbound readline() DoS flaws in python stdlib [fedora-all]<br
Security fix for CVE-2013-1752
multiple unbound readline() DoS flaws in python stdlib
following fixes (which all relates to this CVE) are in this patch:
* ftplib: Limit amount of data read by limiting the call to readline(). #16038
* imaplib: limit line length in imaplib readline calls. #16039
* nntplib: Limit maximum line lengths to 2048 to prevent readline() calls from consuming too much memory. #16040
* poplib: limit maximum line length that we read from the network #16041
* smtplib: limit amount read from the network #16042
Fedora 21 Security Update: gnupg2-2.0.27-1.fc21
Fedora 20 Security Update: openstack-neutron-2013.2.4-8.fc20
Resolved Bugs
1165887 – CVE-2014-7821 openstack-neutron: DoS via maliciously crafted dns_nameservers [fedora-all]<br
2013.2.4 rebase; CVE-2014-7821 fixed.