Ubuntu Security Notice 1178-1 - Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties. This could allow a remote attacker to discover a user's name and home directory path. Omair Majid discovered that an unsigned Web Start application could manipulate the content of the security warning dialog message to show different file names in prompts. This could allow a remote attacker to confuse a user into granting access to a different file than they believe they are granting access to. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
5cb5e15a07f22e63f6d9edc10245fda02e4b60327dd01c9ab1b2dc2afcfb6e68Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.
c77806e149b7ed7d8bb527e74ed4baeb5468785171b305a6292706dc8e3612aeTeam SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site scripting vulnerability in metricDetail$type page.
087486ac60948e189899abff4dae7805c01b78640fe84839c801c1715472c761Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 suffer from a cross site scripting vulnerability in the sitemap page.
2d2e8a23b77a464daf4d66e9542bc1895e84d4678c78de23ce14000bbad606b1Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.
d989295721cf25dcaaf465c895ff883a1a87f32d52287e19579dc907b0d097efTeam SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.
d4672741754f3365fd9a11174f8e639731c1141c66b463d714e1cd9022daa858Cisco suffers from privilege escalation and remote SQL injection vulnerabilities.
25407353caf6aca542808b9d27be690ffb02e2d5aac3225f07064d6caa0b06ddSecunia Security Advisory - NetBSD has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
9acc753f3d9c094fe177afe149eaaf640dccbc2b6f06ac2f37e609c9e5f9ec3eA vulnerability exists in EMC Data Protection Advisor versions prior to 5.8.1 in which sensitive information may be exposed in clear text in the configuration file.
9294e4bb8f2203229a5181951b2da900fd93ca05828d5ac6955e058f59d54f4bSecunia Security Advisory - Two security issues have been reported in SystemTap, which can be exploited by malicious, local users to gain escalated privileges.
c0dbb2112bed2d0dac79bb6c7197a498ec71efdb323b5e03dd479444d33d6de6Secunia Security Advisory - A weakness has been reported in EMC Data Protection Advisor, which can be exploited by malicious, local users to disclose sensitive information.
c9a596d08a50673dd326cfcea98291b7975bcc4252e482d6626d64d68fa025e8Secunia Security Advisory - Two vulnerabilities have been reported in EMC Captiva eInput, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
e72360fb0b7188620fb48bdc898138f989ad6b80c09debccc154f75c82671857Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
92d8e44f7a5fad7a1d2b7898bceea635e0282d61c3ed12f62366cffde99dd1f6Secunia Security Advisory - Two vulnerabilities have been reported in HP SiteScope, which can be exploited by malicious people to conduct cross-site scripting and session fixation attacks.
c5e9db1031c433dafbf0b769df2d4310c8574b1fb9a1b98751d57c4fa8fdb339Secunia Security Advisory - SUSE has issued an update for opie. This fixes two vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
e7ae15bbac85536dc25729621a3561c489d6152ba4d534fe515eac56591a1269Secunia Security Advisory - SUSE has issued an update for compat-openssl097g. This fixes multiple vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and cause a DoS (Denial of Service).
bf6054c712df78f3c8014d5f5bf1b09c2eab8c9eb918f64006bfa34f6716823cSecunia Security Advisory - A vulnerability has been discovered in MinaliC, which can be exploited by malicious people to disclose sensitive information.
8f41dd9abece3a5d3401e86190413546c90ea8539df91dba2549249592cc10cdSecunia Security Advisory - A vulnerability has been reported in CobraScripts Trading Marketplace Script, which can be exploited by malicious people to conduct SQL injection attacks.
68cff488e425f2303508d0175d5554de7ec85dce9227cbf328e19f1c0c050745Secunia Security Advisory - Ubuntu has issued an update for qemu-kvm. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
7e14a984b7ef96599162f7a55269a8d278b22dcb2dae1c23d95277bef2d30dc7Secunia Security Advisory - Red Hat has issued an update for icedtea-web. This fixes two security issues, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
b5fe1234ac2b1d9944842b6c79665c7f1f0b13df0fa867c20fe12de775310591Secunia Security Advisory - Ubuntu has issued an update for openjdk-6. This fixes a security issue, which can be exploited by malicious people to disclose sensitive information.
f27d98856a7cc54531ddc48d6aea0b5edafd54d589ccc2d0cbd2df6e47712cb4Secunia Security Advisory - A vulnerability has been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions.
11f6a3e3455a62108c8799b9f26708528a31971b6b72850f40621a27c75c26c1Secunia Security Advisory - A vulnerability has been reported in the Taxonomy Filter module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
7f687877a14dc91dc3ad78f5a0f758a2987077e26202238d36fe8600e0e67116Secunia Security Advisory - Patrick Webster has reported multiple vulnerabilities in Cyberoam UTM, which can be exploited by malicious people to conduct cross-site scripting attacks.
32255f8e70373d5c954099c13ea5e70e03f3587a8c848a1dae4a1e7e9f175518EMC Captiva eInput version 2.1.1 contains two vulnerabilities which can be exploited for conducting cross site scripting attacks, retrieving files on an affected system, or causing a denial of service.
bc92b2d9a013285c1928bead886ff5ec03c3d95c922ae8fad6f32a84f344df43
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed