Secunia Security Advisory - A vulnerability has been reported in Discuz!, which can be exploited by malicious people to conduct cross-site scripting attacks.
45147727edb737972c04223710c147593473d2f08e34864ac63c730511bd7a50Secunia Security Advisory - HP has acknowledged a vulnerability in HP-UX, which can be exploited by malicious users to bypass certain security restrictions.
1fd8ae201f01601776f609400b5628d75277bfc210207ecb3c6368912ed90649Secunia Security Advisory - A vulnerability has been reported in F2L 3000, which can be exploited by malicious people to conduct SQL injection attacks.
b1e461935c43b6ef7a7e3ea142c84ba5291c4fe8c6bcabe0698b32978d0ed4cfSecunia Security Advisory - Ubuntu has issued an update for python-xml. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
f688a19de55081af738641af52e77a7f585f8dc0e1b7cd3c4b6920e0afce6e8aSecunia Security Advisory - A vulnerability has been reported in e107, which can potentially be exploited to compromise a vulnerable system.
785a98a49cb5484331a7f0eecadf8992fba8a0a28fad233b7c2ea10ac1e2fc37Secunia Security Advisory - A vulnerability has been reported in Status2k, which can be exploited by malicious people to conduct cross-site request forgery attacks.
f2eac820cb3abefe91bda00f5274d9d5363d540c79bf1005a76031fb705b0682Secunia Security Advisory - Debian has issued an update for phpgroupware. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information, or conduct cross-site scripting and SQL injection attacks.
a61c4bb2490ecd3f1b69a787f492a6341a65cf097f9781d7697c1365a132af59Secunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Web Proxy Server, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system.
3caff4f311ba1ee5fd6b8144da6ff7c14c7f8883e03e144c4591de09204698bbSecunia Security Advisory - A vulnerability has been reported in Piwigo, which can be exploited by malicious people to conduct SQL injection attacks.
372a2a8ec9c02c4798130e8c7d940826f4e65b2942786aaf0bf652228dbd89bfSecunia Security Advisory - Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious people to conduct cross-site request forgery attacks and by malicious users to conduct SQL injection attacks or bypass certain security restrictions.
597e279a83f4947a3dce5f574a463ad120e35e708ac96c42a9cad078476d58fcSecunia Security Advisory - A vulnerability has been reported in WebSphere DataPower, which can be exploited by malicious people to cause a DoS (Denial of Service).
5d1f1b6ca8eaa25e6e94e42eebf511cdbea960b45652ad39d87908d97574af71Secunia Security Advisory - SUSE has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
83b0204a0e519c0f12b6b441cb0d61a18280a6bc1eb0221461e4ac827c1305c4Secunia Security Advisory - Multiple vulnerabilities have been reported in Event Horizon, which can be exploited by malicious people to conduct SQL injection attacks.
f2e22eaa99f7bfda7ea8747d5592f33294c2e7eaf82ff43fc48043b7e734ad81Secunia Security Advisory - A vulnerability has been discovered in sudosh2, which can be exploited by malicious, local users to gain escalated privileges.
6f535930e3b22bc649d358160838220ea3fc5693d4a497b6128514f7e9eac7b1Secunia Security Advisory - A vulnerability has been discovered in sudosh3, which can be exploited by malicious, local users to gain escalated privileges.
621ee184db3e05aecf62dffa3166a25f2624f52009f9402c32f8edd26c1c961fDebian Linux Security Advisory 1979-1 - Multiple vulnerabilities have been discovered in lintian, a Debian package checker.
66bdce5efc2c4f89600880114fde96c74c17bd93a0f636d2f784a32d116812e2Ubuntu Security Notice 803-2 - USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. Original advisory details: It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.
c90a7824d2bd0d7a5899ee65553262f2b5893da989fde41ccb00958d6d18c356Cisco Security Advisory - Multiple vulnerabilities exist in Cisco Unified MeetingPlace. These range from insufficient validation of SQL commands to privilege escalation.
4aa2bb0a2d41ca620ec9b7fb3d6cde2d020c75b3fc9ea78f77febad00c3de1b2During a penetration test, RedTeam Pentesting discovered that the GNCaster software has multiple bugs in its implementation of HTTP Digest Authentication. Versions 1.4.0.7 and below are affected.
9d79b054da7caa24e58f55b14bf0e509c7751dadf932bbd3cc895783315d6c75Mandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.
bcbed668507255178c552af90eaf168b462be20aa49012dc6e3325cff54e5b26HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be exploited to gain unauthorized access.
f005f9cfa047a6194fc3cee0b7cdb059b9ebba599306ba8cfe92220af2f03747Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.
701ad2e7099f449e19e82471a31b95691ff8ff843d3d5029da766636d5585359Debian Linux Security Advisory 1978-1 - Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP.
69f85bade634aaa80b3a1ffe6f5ddcafd82e697ba944c468ffbf9fa38537dbddMandriva Linux Security Advisory 2010-026 - libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a \\'\\0\\' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
d24aa6b26a33a379ee5a3aeb6a16a1856818804de3fa37eae392f97c6825290aUbuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
42a2daccd8cc1406010126b963ee66d202639413a9de1bb48654443115f644d7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed