Ubuntu Security Notice 1178-1 - Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties. This could allow a remote attacker to discover a user's name and home directory path. Omair Majid discovered that an unsigned Web Start application could manipulate the content of the security warning dialog message to show different file names in prompts. This could allow a remote attacker to confuse a user into granting access to a different file than they believe they are granting access to. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
5cb5e15a07f22e63f6d9edc10245fda02e4b60327dd01c9ab1b2dc2afcfb6e68
Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.
c77806e149b7ed7d8bb527e74ed4baeb5468785171b305a6292706dc8e3612ae
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site scripting vulnerability in metricDetail$type page.
087486ac60948e189899abff4dae7805c01b78640fe84839c801c1715472c761
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 suffer from a cross site scripting vulnerability in the sitemap page.
2d2e8a23b77a464daf4d66e9542bc1895e84d4678c78de23ce14000bbad606b1
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.
d989295721cf25dcaaf465c895ff883a1a87f32d52287e19579dc907b0d097ef
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.
d4672741754f3365fd9a11174f8e639731c1141c66b463d714e1cd9022daa858
Cisco suffers from privilege escalation and remote SQL injection vulnerabilities.
25407353caf6aca542808b9d27be690ffb02e2d5aac3225f07064d6caa0b06dd
Secunia Security Advisory - NetBSD has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
9acc753f3d9c094fe177afe149eaaf640dccbc2b6f06ac2f37e609c9e5f9ec3e
A vulnerability exists in EMC Data Protection Advisor versions prior to 5.8.1 in which sensitive information may be exposed in clear text in the configuration file.
9294e4bb8f2203229a5181951b2da900fd93ca05828d5ac6955e058f59d54f4b
Secunia Security Advisory - Two security issues have been reported in SystemTap, which can be exploited by malicious, local users to gain escalated privileges.
c0dbb2112bed2d0dac79bb6c7197a498ec71efdb323b5e03dd479444d33d6de6
Secunia Security Advisory - A weakness has been reported in EMC Data Protection Advisor, which can be exploited by malicious, local users to disclose sensitive information.
c9a596d08a50673dd326cfcea98291b7975bcc4252e482d6626d64d68fa025e8
Secunia Security Advisory - Two vulnerabilities have been reported in EMC Captiva eInput, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
e72360fb0b7188620fb48bdc898138f989ad6b80c09debccc154f75c82671857
Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
92d8e44f7a5fad7a1d2b7898bceea635e0282d61c3ed12f62366cffde99dd1f6
Secunia Security Advisory - Two vulnerabilities have been reported in HP SiteScope, which can be exploited by malicious people to conduct cross-site scripting and session fixation attacks.
c5e9db1031c433dafbf0b769df2d4310c8574b1fb9a1b98751d57c4fa8fdb339
Secunia Security Advisory - SUSE has issued an update for opie. This fixes two vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
e7ae15bbac85536dc25729621a3561c489d6152ba4d534fe515eac56591a1269
Secunia Security Advisory - SUSE has issued an update for compat-openssl097g. This fixes multiple vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and cause a DoS (Denial of Service).
bf6054c712df78f3c8014d5f5bf1b09c2eab8c9eb918f64006bfa34f6716823c
Secunia Security Advisory - A vulnerability has been discovered in MinaliC, which can be exploited by malicious people to disclose sensitive information.
8f41dd9abece3a5d3401e86190413546c90ea8539df91dba2549249592cc10cd
Secunia Security Advisory - A vulnerability has been reported in CobraScripts Trading Marketplace Script, which can be exploited by malicious people to conduct SQL injection attacks.
68cff488e425f2303508d0175d5554de7ec85dce9227cbf328e19f1c0c050745
Secunia Security Advisory - Ubuntu has issued an update for qemu-kvm. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
7e14a984b7ef96599162f7a55269a8d278b22dcb2dae1c23d95277bef2d30dc7
Secunia Security Advisory - Red Hat has issued an update for icedtea-web. This fixes two security issues, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
b5fe1234ac2b1d9944842b6c79665c7f1f0b13df0fa867c20fe12de775310591
Secunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes a security issue, which can be exploited by malicious people to disclose sensitive information.
f27d98856a7cc54531ddc48d6aea0b5edafd54d589ccc2d0cbd2df6e47712cb4
Secunia Security Advisory - A vulnerability has been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions.
11f6a3e3455a62108c8799b9f26708528a31971b6b72850f40621a27c75c26c1
Secunia Security Advisory - A vulnerability has been reported in the Taxonomy Filter module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
7f687877a14dc91dc3ad78f5a0f758a2987077e26202238d36fe8600e0e67116
Secunia Security Advisory - Patrick Webster has reported multiple vulnerabilities in Cyberoam UTM, which can be exploited by malicious people to conduct cross-site scripting attacks.
32255f8e70373d5c954099c13ea5e70e03f3587a8c848a1dae4a1e7e9f175518
EMC Captiva eInput version 2.1.1 contains two vulnerabilities which can be exploited for conducting cross site scripting attacks, retrieving files on an affected system, or causing a denial of service.
bc92b2d9a013285c1928bead886ff5ec03c3d95c922ae8fad6f32a84f344df43