Debian Linux Security Advisory 2227-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
cd32b5302d6b4adfe7810b2d9e4975f20501c8da8a4d10b526805c5c18636305Mandriva Linux Security Advisory 2011-079 - Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system. Various other issues were also addressed.
1c95ea9cdefc67e8ee438446205a5ef410e3cfc12f3fd1aea55221701e09723dUbuntu Security Notice 1121-1 - Boris Zbarsky, Gary Kwong, Jesse Ruderman, Michael Wu, and Ted Mielczarek discovered multiple memory vulnerabilities. An attacker could exploit these to possibly run arbitrary code as the user running Firefox. It was discovered that there was a vulnerability in the memory handling of certain types of content. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. It was discovered that Firefox incorrectly handled certain JavaScript requests. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. An attacker could exploit this to possibly run arbitrary code as the user running Firefox. Chris Evans discovered a vulnerability in Firefox's XSLT generate-id() function. An attacker could possibly use this vulnerability to make other attacks more reliable.
0b43ad1f134723fd278888daf7e615fb85bcf6536d2409c43251b5e82195fe61Ubuntu Security Notice 1123-1 - A large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
107e7026a0d71242cee52a86cd3fd92ca9fb2ae7bce238e4916c6c3fc152ee22Ubuntu Security Notice 1112-1 - Multiple vulnerabilities have been identified and fixed in Firefox. It was discovered that there was a vulnerability in the memory handling of certain types of content. It was discovered that Firefox incorrectly handled certain JavaScript requests. Ian Beer discovered a vulnerability in the memory handling of a certain types of documents. Various other issues were also addressed.
11059296a4b90b8dea1f0da2aba7f9a9c45481614b445a52cac0efc190a17503Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
b3f80711fd8d773d8d458c5e7d5b0be6023b61c3887c3afa635a5409f43336feSecunia Security Advisory - James Burton has discovered a vulnerability in Up.Time Monitoring Station, which can be exploited by malicious people to bypass certain security restrictions.
8c801b13a918da8f5e0d92e2786f5b5da6b097a796fd71617478df767d461b5aSecunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to cause a DoS and potentially compromise a vulnerable system.
fe5afcb2df307160178b89cf8cbdcc1a725bde51eebf685816cf487aa31fdcafSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox and Mozilla SeaMonkey, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information and compromise a user's system.
8fd8b3c13170677f87ef0bdd4bfe1392007a6b36eba43993d613caf1b447f4cfSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
2e257dca135b3b33e2385b7594f5e3c01061116ccb9b8309835796b96b64df73Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information and compromise a user's system.
1f4502317faeb01567639a1777f053f74d43d4cf67f5d7c6e8f9dfbb9e71b2b7Secunia Security Advisory - Insomnia Security has reported a vulnerability in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to compromise a vulnerable system.
7083a0ec78588fad991fb51a632aa10454d3252b0c4809f91b05e45a4354f921Secunia Security Advisory - SUSE has issued an update for polkit. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
56e0de7cf2b13f53e6652df648ad809ac14f33593b44f324e0be6c1d2a5c52b8Secunia Security Advisory - SUSE has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
1bd35cf3c30c2fa838d73712bbebc4f94c7bc92f162128db884d7b1c04f79db3Secunia Security Advisory - SUSE has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.
546632baecced22fb1917e225547541ddbd1fd2d3f4f7ebda664a754aaeb0d5eSecunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESX Server and ESXi, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, malicious users and malicious people to conduct spoofing attacks and bypass certain security restrictions, and by malicious people to cause a DoS.
ba668e5a9a0a3bfa9d1d193fdb91b60ae97f21bbdfc40198d45f002365b2b97cSecunia Security Advisory - SUSE has issued an update for udisks. This fixes a weakness, which can be exploited by malicious, local users to bypass certain security restrictions.
0f9154eae2d3e8a6ebc1cb408809d365da34fbaaf655b7f6b83481b020d6e3c0Secunia Security Advisory - Multiple vulnerabilities have been discovered in IBM Rational System Architect, which can be exploited by malicious people to compromise a user's system.
a39bd48fa7d80911c03f85ef1bc6600a5caa4aae19ba1bfe4dd7d3c6e501edbfSecunia Security Advisory - A vulnerability has been reported in Likewise Open and Likewise Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service).
dcc076c0e9797b87e4fbdd96d39c5130501859f0042d995941bd4164c87e3e97Secunia Security Advisory - Multiple vulnerabilities have been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
ff69b9d0dc4801d79378f6276b2b9bcddc7bb9767e1906fc92996de87544f344Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
4177ab47270c5c18a37121bf452fe497a4ea7ec1d343affa33d4fbcbc0d46534Ubuntu Security Notice 1126-1 - Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file. Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. Various other issues with PHP 5 were also identified and resolved.
0d1f20dac678d851bff44d385515866f5fb9db107a028a3a3bb2ee850d32fc53Zero Day Initiative Advisory 11-153 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the database service, ibserver.exe, which binds to TCP port 3050. When a specially crafted "connect" (opcode 0x01) message is sent a stack-based buffer overflow can occur. If properly exploited this can lead to remote compromise of the system with SYSTEM credentials.
6998af38db39a41c7fb4bfb3c7941487043533cc3ecff125324c154c472a424eZero Day Initiative Advisory 11-152 - This vulnerability allows remote attackers directory traversal on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient sanitization on user-supplied data when handling certain messages. Remote, unauthenticated attackers can exploit this vulnerability by sending crafted filename strings to the target, which would allow attackers to view or download arbitrary files on the target system.
2514d40e784d9e3504ea151179d5fc7573ad319a0d55d5878f2ec662b6ced711Zero Day Initiative Advisory 11-151 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed bm message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.
6d31a098164340ae2f97a5602f4d924769cb97e286999b4cd725cb195a75bc0e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed