Debian Linux Security Advisory 2311-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform.
bf0335319498382c5ef979918243d2656fd101679f7698e3f2dd3467affb3a9fiDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed time zone description field (TZNAME). A heap based buffer overflow can be triggered by supplying an excessively long string when copying the time zone name. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
e41ab71e11203562d3548c254ffc04693eed7151c500e97d4f2b72313daa62d2Secunia Security Advisory - A vulnerability has been reported in the jQuery Colorbox extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.
73dd7f7c4d46d21bf8f54aaebf21a338f964c91a82fdb3704336ca5b36a4342cSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
f13f2b71c3fb25ecead5c46274485b0b4d30fdd12b412a2d43a99b645f47e84eSecunia Security Advisory - Multiple weaknesses and vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
933e744195dab522a0edb13c4b03aace0f333b09b9182502c664c4d33f2f4555Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
19d931cc43e84972168072890e46b1632ee941781b9adc3006e7ff504a37b75bSecunia Security Advisory - Miroslav Stampar has discovered a vulnerability in the Mingle Forum plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
d8f81a0789e4ca28b7cd79d6bf66a15eff867809ecb5546d86584fd666878f47Secunia Security Advisory - A vulnerability has been reported in the dev/null robots.txt extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.
55bc71641d76016718fe5bdbf198cee1694cadab35ae8f8cd0a16200044c851dSecunia Security Advisory - A vulnerability has been reported in the RTG Files extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.
70b45ba3dc9b892c6a4bdf93bdbfb9314d270e4e4c6ddaf9f0a06907b5d2b186Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges.
f8f06b97f280ca51f59c4b7dea136f9417a6272ce19073709791ca6a659df316Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.
0a0e3b9755408f3ac4d24cfc5ddaa02db84cde579ed5eb0e2b98699b9e5ace5fSecunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.
098e587acb10c0083b88ba844ed01cfbf1ec6d61bdeb69e7e6a4f2b9e4413126Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
632b7c41843d8b08abd09aa566debae12f62d2202a245defc954e205b756668dRed Hat Security Advisory 2011-1338-01 - NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files. An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially-crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections.
be9493f6e2a725ca503b1c5b73120f328fb6b45e04abacae69d233701bd2021aApache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.
ef0d4c069ff5eff4da4c340335c5058fa7ef92b1e2389cb6c9849ef1c1a08c00The International Atomic Energy Agency suffers from a remote blind SQL injection vulnerability.
b682a04d056b3f0b4059853bb47744f6ded57b0a938587061c550b96213f5e62Upek Protector Suite QL 2011 suffers from a buffer overflow vulnerability.
5fd2711b16f9c81a32df525f78c4af05ceb574f6c7eda8a677092af0627cf75bPlesk Parallels Panel version psa 10.2.0_build1011110331.18 suffers from cross site scripting, denial of service, and remote SQL injection vulnerabilities.
f8a05ab963a17008a7c169a3468ed60df81d6029eee3e497be0b082eda8537e5Pantech Link/P7040P browser SSL certificate parsing contains a flaw where it fails to check the Basic Constraints parameter of certificates in the chain.
05ac689c17d1d0ced452b3a748d9579a449b11a3cf9146257494b471ee8787a9Debian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
0ade6375df4fb18e4bf4cc0f6541e056556cbe078ca3ef9db083dea13e260836Mandriva Linux Security Advisory 2011-135 - It was discovered that the iproute2 package was not rebuilt against the latest iptables libraries. This may have security issues, as the current iproute2 should be calling an interface in the iptables libraries with incorrect arguments. The updated packages have been patched to correct this issue.
a4e60342d65555aecd95e0fb2248b88a7dbcd47532b94f39fccca26c1ac2df85Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.
ffcdd5bd50bb293ea8bfd41f16c5b291b1012994e0b0446df4dcd98cdd52ba28This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.
6d655b5582b4862af9ad5082596a3a125309795b934f84d6bc8af6fa078b4321Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
5b052a7ad17040106cf59d16c4d5bc715cb92e50d84263e25ce9d3526181ada7Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.
9ce94f018b6a159b2536c30e1849e01d5740c9bd9318fe2e6a86e92ad9d7fff7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed