Secunia Security Advisory - Some vulnerabilities have been discovered in SourceBans, which can be exploited by malicious people to conduct cross-site scripting attacks.
debcbb85992d6d7b29bc413ad4b0b230b2d7d6c2d8843cd5dd57f5684f837750Secunia Security Advisory - AutoSec Tools has discovered a vulnerability in Dolphin, which can be exploited by malicious people to conduct cross-site scripting attacks.
71a2edbc6b1bf96209f4ef080eb9087ae3c62aeea096a6e2e7dc14fc11bb3c7aSecunia Security Advisory - Some vulnerabilities have been discovered in Smarty, which can be exploited malicious people to bypass certain security restrictions.
6934a2faea3c315ed7dc91a57b3a7f4ef8b639f7c6472d844439603d2076da41Secunia Security Advisory - Cupidon-3005 has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
a32fcf7f9eeecb3a1a133755e3516ee44651e91b5bed61da80dedbd76542b271Secunia Security Advisory - A security issue has reported in F-Secure Internet Gatekeeper, which can be exploited by malicious people to bypass certain security restrictions.
cf4a186ac4eb28ea8053a7c7f2ef4abfbbf742cea33d44facd4a9fa7f0b5d198Secunia Security Advisory - Slackware has issued an update for expat. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
50e8cf4aa1243c5559bfd1c142789944f968e36833d3ae60a9d30f44d4d8aa23Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware vCenter Server / Update Manager, which can be exploited by malicious users to gain escalated privileges.
b0c8d48c971a8110bae80d2b7f1e01780d7d0d87326a09c6697614e447ff41e1Secunia Security Advisory - VMware has acknowledged some vulnerabilities in VMware vCenter Server, Update Manager, and ESX Server, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system.
28c5ab14bbe7b740d1bb05df7c71645b53bf54e1be5895e2e30976f22d7fa9c5Secunia Security Advisory - VMware has acknowledged a security issue in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
6284ac2e983520717bded19f993e66786baf054b1230f3a9e453dbc3f6e10ec8Secunia Security Advisory - Some vulnerabilities have been reported in VMware vCenter / ESX Server, which can be exploited by malicious users and malicious people to manipulate certain data, and by malicious people to disclose system information, gain access to potentially sensitive information, and cause a DoS (Denial of Service).
91e80ad07c4e3da676faa503c26b75e62edf711f3d68549577daa957af96a185Secunia Security Advisory - Multiple vulnerabilities have been reported in WebAsyst Shop-Script, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
6310e5807f337d28b2033e1b7cf3599301f91577f5c5ae1e14252c13e7bd287eSecunia Security Advisory - Neil Kettle has discovered a vulnerability in DESlock+, which can be exploited by malicious, local users to gain escalated privileges.
587ba7b285c4cf5cafef84ba512fb215e49af486d9225102bcbcf232e7def04cSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.
3b89937c485a126c617f9e01e639969a0a1a7eaea69497de23b2a6102ae81fc2Mandriva Linux Security Advisory 2011-033 - awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a WebDAV server or NFS server. Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. The updated packages have been upgraded to the latest version to address these vulnerabilities.
9e4e32cce97beecc5b78553696c4f168221c75fb1d97782e6b9b984727fb3ed4Mandriva Linux Security Advisory 2011-032 - Multiple cross-site scripting vulnerabilities in the Help Contents web application in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to help/advanced/content.jsp.
8dc057b57d9b2a5ebdab8a0f9109e29794b18eca7d194f2bce07e2a5a4c983e0Mandriva Linux Security Advisory 2011-034 - The muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
0e0448c4dc79cf12f21b404cb86c345195250fa43fb7acde3e837c7b56676625Debian Linux Security Advisory 2171-1 - Matthew Nicholson discovered a buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, which could lead to the execution of arbitrary code.
cd9c888ee04cf444b1453b6f8a8c7026fe34cf45928b3562f9e922139f6b7111Debian Linux Security Advisory 2170-1 - Two cross site scripting vulnerabilities were been discovered in Mailman, a web-based mailing list manager. These allowed an attacker to retrieve session cookies via inserting crafted JavaScript into confirmation messages (CVE-2011-0707) and in the list admin interface (CVE-2010-3089; oldstable only).
bf4c1ab6425684582dd00c580956547795a061ac12e8a962764fb21a775b50eeHP Security Bulletin HPSBUX02628 SSRT090183 - A potential security vulnerability has been identified with HP-UX running CDE Calendar Manager. The vulnerability could be exploited remotely to execute arbitrary code. Revision 1 of this advisory.
e23524d75371622d94a1139c07279983bcab41ccf37c863bcb305725889a81f5Mandriva Linux Security Advisory 2011-031 - Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447. Cross-site scripting vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / character in a key in a session cookie, related to session replays. The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues.
35b66525c38b4cc2dbc7f00656d49770e63010bc4caa8000a032054d2a571b32Mandriva Linux Security Advisory 2011-030 - Multiple vulnerabilities has been found and corrected in tomcat5. When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the intermediate files generated when compiling JSPs to Servlets. The location of the work directory is specified by a ServletContect attribute that is meant to be read-only to web applications. However, due to a coding error, the read-only setting was not applied. Therefore, a malicious web application may modify the attribute before Tomcat applies the file permissions. This can be used to grant read/write permissions to any area on the file system which a malicious web application may then take advantage of. This vulnerability is only applicable when hosting web applications from untrusted sources such as shared hosting environments. The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages.
050a770d28cff5d52b04cda5bec92927819bf2986938b64d3f0e874bd76b8b05Mandriva Linux Security Advisory 2011-029 - Multiple vulnerabilities have been discovered and fixed in the Linux 2.6 kernel. The X.25 implementation does not properly parse facilities, which allows remote attackers to cause a denial of service (heap memory corruption and panic) or possibly have unspecified other impact via malformed data, a different vulnerability than CVE-2010-4164. The bcm_connect function Broadcast Manager in the Controller Area Network implementation in the Linux creates a publicly accessible file with a filename containing a kernel memory address, which allows local users to obtain potentially sensitive information about kernel memory use by listing this filename. The install_special_mapping function in mm/mmap.c does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. Various other issues have also been addressed.
65f216d797172b0ef5fb798cc0c6bfad2e1a9bea20f92874be16068901dbc644Zero Day Initiative Advisory 11-089 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Configuration Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the ZenWorks user.
55ece0d6e6a2aa1abfba68f1a2fe3d382ac7ce1560c3ee6a79c681db1997c8a0Ubuntu Security Notice 1067-1 - It was discovered that Gabble did not verify the from field of google jingleinfo updates. This could allow a remote attacker to perform man in the middle attacks (MITM) on streamed media.
5768e5cb1d617582d62051f4634eb09b6343083e1a7a2a28e896aa3257fef5cfUbuntu Security Notice 1066-1 - It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery (CSRF) attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
36104c4235322ded05ccaa17185d640b3a46aa379d05468d669681ba9cf4de86
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed