what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 564 RSS Feed

Files

Secunia Security Advisory 38279
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Discuz!, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 45147727edb737972c04223710c147593473d2f08e34864ac63c730511bd7a50
Secunia Security Advisory 38373
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has acknowledged a vulnerability in HP-UX, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | hpux
SHA-256 | 1fd8ae201f01601776f609400b5628d75277bfc210207ecb3c6368912ed90649
Secunia Security Advisory 38310
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in F2L 3000, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | b1e461935c43b6ef7a7e3ea142c84ba5291c4fe8c6bcabe0698b32978d0ed4cf
Secunia Security Advisory 38291
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for python-xml. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, python
systems | linux, ubuntu
SHA-256 | f688a19de55081af738641af52e77a7f585f8dc0e1b7cd3c4b6920e0afce6e8a
Secunia Security Advisory 38330
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in e107, which can potentially be exploited to compromise a vulnerable system.

tags | advisory
SHA-256 | 785a98a49cb5484331a7f0eecadf8992fba8a0a28fad233b7c2ea10ac1e2fc37
Secunia Security Advisory 38336
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Status2k, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | f2eac820cb3abefe91bda00f5274d9d5363d540c79bf1005a76031fb705b0682
Secunia Security Advisory 38297
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for phpgroupware. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, or conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
systems | linux, debian
SHA-256 | a61c4bb2490ecd3f1b69a787f492a6341a65cf097f9781d7697c1365a132af59
Secunia Security Advisory 38301
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Web Proxy Server, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.

tags | advisory, java, web, vulnerability
SHA-256 | 3caff4f311ba1ee5fd6b8144da6ff7c14c7f8883e03e144c4591de09204698bb
Secunia Security Advisory 38305
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Piwigo, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 372a2a8ec9c02c4798130e8c7d940826f4e65b2942786aaf0bf652228dbd89bf
Secunia Security Advisory 38304
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious people to conduct cross-site request forgery attacks and by malicious users to conduct SQL injection attacks or bypass certain security restrictions.

tags | advisory, vulnerability, sql injection, csrf
SHA-256 | 597e279a83f4947a3dce5f574a463ad120e35e708ac96c42a9cad078476d58fc
Secunia Security Advisory 38256
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in WebSphere DataPower, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 5d1f1b6ca8eaa25e6e94e42eebf511cdbea960b45652ad39d87908d97574af71
Secunia Security Advisory 38295
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.

tags | advisory, vulnerability, xss
systems | linux, suse
SHA-256 | 83b0204a0e519c0f12b6b441cb0d61a18280a6bc1eb0221461e4ac827c1305c4
Secunia Security Advisory 38289
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Event Horizon, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | f2e22eaa99f7bfda7ea8747d5592f33294c2e7eaf82ff43fc48043b7e734ad81
Secunia Security Advisory 38349
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in sudosh2, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 6f535930e3b22bc649d358160838220ea3fc5693d4a497b6128514f7e9eac7b1
Secunia Security Advisory 38292
Posted Jan 29, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in sudosh3, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
SHA-256 | 621ee184db3e05aecf62dffa3166a25f2624f52009f9402c32f8edd26c1c961f
Debian Linux Security Advisory 1979-1
Posted Jan 27, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1979-1 - Multiple vulnerabilities have been discovered in lintian, a Debian package checker.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-4013, CVE-2009-4014, CVE-2009-4015
SHA-256 | 66bdce5efc2c4f89600880114fde96c74c17bd93a0f636d2f784a32d116812e2
Ubuntu Security Notice 803-2
Posted Jan 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 803-2 - USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. Original advisory details: It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0692
SHA-256 | c90a7824d2bd0d7a5899ee65553262f2b5893da989fde41ccb00958d6d18c356
Cisco Security Advisory 20100127-mp
Posted Jan 27, 2010
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities exist in Cisco Unified MeetingPlace. These range from insufficient validation of SQL commands to privilege escalation.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2010-0139, CVE-2010-0140, CVE-2010-0141, CVE-2010-0142
SHA-256 | 4aa2bb0a2d41ca620ec9b7fb3d6cde2d020c75b3fc9ea78f77febad00c3de1b2
Geo++(R) GNCASTER HTTP Digest Authentication Faulty Implementation
Posted Jan 27, 2010
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered that the GNCaster software has multiple bugs in its implementation of HTTP Digest Authentication. Versions 1.4.0.7 and below are affected.

tags | advisory, web
SHA-256 | 9d79b054da7caa24e58f55b14bf0e509c7751dadf932bbd3cc895783315d6c75
Mandriva Linux Security Advisory 2010-028
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof
systems | linux, netbsd, freebsd, openbsd, mandriva
advisories | CVE-2009-2702, CVE-2009-2537, CVE-2009-0689
SHA-256 | bcbed668507255178c552af90eaf168b462be20aa49012dc6e3325cff54e5b26
HP Security Bulletin HPSBMA02502 SSRT090171
Posted Jan 27, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be exploited to gain unauthorized access.

tags | advisory
advisories | CVE-2009-4183
SHA-256 | f005f9cfa047a6194fc3cee0b7cdb059b9ebba599306ba8cfe92220af2f03747
Mandriva Linux Security Advisory 2010-027
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, overflow, arbitrary, spoof, javascript
systems | linux, netbsd, windows, freebsd, openbsd, apple, osx, mandriva, iphone
advisories | CVE-2009-2702, CVE-2009-1687, CVE-2009-1725, CVE-2009-1690, CVE-2009-1698, CVE-2009-2537, CVE-2009-0689, CVE-2009-0945
SHA-256 | 701ad2e7099f449e19e82471a31b95691ff8ff843d3d5029da766636d5585359
Debian Linux Security Advisory 1978-1
Posted Jan 27, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1978-1 - Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP.

tags | advisory, remote, web, php, vulnerability
systems | linux, debian
advisories | CVE-2009-4414, CVE-2009-4415, CVE-2009-4416
SHA-256 | 69f85bade634aaa80b3a1ffe6f5ddcafd82e697ba944c468ffbf9fa38537dbdd
Mandriva Linux Security Advisory 2010-026
Posted Jan 27, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\0\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-3767
SHA-256 | d24aa6b26a33a379ee5a3aeb6a16a1856818804de3fa37eae392f97c6825290a
Ubuntu Security Notice 890-4
Posted Jan 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
SHA-256 | 42a2daccd8cc1406010126b963ee66d202639413a9de1bb48654443115f644d7
Page 3 of 23
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Life Imitates xkcd Comic As Florida Gang Beats Crypto Password From Retiree
Posted Sep 20, 2024

tags | headline, cybercrime, data loss, cryptography
1 In 10 Orgs Dumping Their Security Vendors After CrowdStrike Outage
Posted Sep 20, 2024

tags | headline, denial of service
Cyber Crooks Strut Away With Haute Couture Harvey Nichols Data
Posted Sep 20, 2024

tags | headline, hacker, privacy, britain, cybercrime, data loss, fraud
Noise Storms: Massive Amounts Of Spoofed Web Traffic Linked To China
Posted Sep 20, 2024

tags | headline, china
Tor Network Denies Report That Anonymity Is Completely Canceled
Posted Sep 20, 2024

tags | headline, government, privacy, cryptography
Marko Polo Hackers Found To Be Running Dozens Of Scams
Posted Sep 20, 2024

tags | headline, hacker, cybercrime, fraud, phish, cryptography
Re-Opened Three Mile Island Will Power AI Datacenters Under New Deal
Posted Sep 20, 2024

tags | headline, microsoft, botnet
Social Media Users Lack Control Over Data Used By AI, US FTC Says
Posted Sep 19, 2024

tags | headline, government, privacy, usa, data loss, botnet
Hackers Demand $6 Million From Seattle Airport Operators
Posted Sep 19, 2024

tags | headline, hacker, cybercrime, data loss, fraud, cryptography
Recent WhatsUp Gold Vulnerabilities Possibly Exploited In Ransomware Attacks
Posted Sep 19, 2024

tags | headline, malware, cybercrime, flaw, cryptography
View More News →
packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close