Debian Linux Security Advisory 2311-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform.
bf0335319498382c5ef979918243d2656fd101679f7698e3f2dd3467affb3a9f
iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed time zone description field (TZNAME). A heap based buffer overflow can be triggered by supplying an excessively long string when copying the time zone name. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
e41ab71e11203562d3548c254ffc04693eed7151c500e97d4f2b72313daa62d2
Secunia Security Advisory - A vulnerability has been reported in the jQuery Colorbox extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.
73dd7f7c4d46d21bf8f54aaebf21a338f964c91a82fdb3704336ca5b36a4342c
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
f13f2b71c3fb25ecead5c46274485b0b4d30fdd12b412a2d43a99b645f47e84e
Secunia Security Advisory - Multiple weaknesses and vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
933e744195dab522a0edb13c4b03aace0f333b09b9182502c664c4d33f2f4555
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
19d931cc43e84972168072890e46b1632ee941781b9adc3006e7ff504a37b75b
Secunia Security Advisory - Miroslav Stampar has discovered a vulnerability in the Mingle Forum plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
d8f81a0789e4ca28b7cd79d6bf66a15eff867809ecb5546d86584fd666878f47
Secunia Security Advisory - A vulnerability has been reported in the dev/null robots.txt extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.
55bc71641d76016718fe5bdbf198cee1694cadab35ae8f8cd0a16200044c851d
Secunia Security Advisory - A vulnerability has been reported in the RTG Files extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.
70b45ba3dc9b892c6a4bdf93bdbfb9314d270e4e4c6ddaf9f0a06907b5d2b186
Secunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges.
f8f06b97f280ca51f59c4b7dea136f9417a6272ce19073709791ca6a659df316
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.
0a0e3b9755408f3ac4d24cfc5ddaa02db84cde579ed5eb0e2b98699b9e5ace5f
Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.
098e587acb10c0083b88ba844ed01cfbf1ec6d61bdeb69e7e6a4f2b9e4413126
Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
632b7c41843d8b08abd09aa566debae12f62d2202a245defc954e205b756668d
Red Hat Security Advisory 2011-1338-01 - NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files. An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially-crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections.
be9493f6e2a725ca503b1c5b73120f328fb6b45e04abacae69d233701bd2021a
Apache Tomcat suffers from multiple weaknesses in HTTP Digest authentication. It suffers from replay attacks, lack of value checking, and more. Tomcat versions 7.0.0 to 7.0.11, 6.0.0 to 6.0.32, and 5.5.0 to 5.5.33 are affected.
ef0d4c069ff5eff4da4c340335c5058fa7ef92b1e2389cb6c9849ef1c1a08c00
The International Atomic Energy Agency suffers from a remote blind SQL injection vulnerability.
b682a04d056b3f0b4059853bb47744f6ded57b0a938587061c550b96213f5e62
Upek Protector Suite QL 2011 suffers from a buffer overflow vulnerability.
5fd2711b16f9c81a32df525f78c4af05ceb574f6c7eda8a677092af0627cf75b
Plesk Parallels Panel version psa 10.2.0_build1011110331.18 suffers from cross site scripting, denial of service, and remote SQL injection vulnerabilities.
f8a05ab963a17008a7c169a3468ed60df81d6029eee3e497be0b082eda8537e5
Pantech Link/P7040P browser SSL certificate parsing contains a flaw where it fails to check the Basic Constraints parameter of certificates in the chain.
05ac689c17d1d0ced452b3a748d9579a449b11a3cf9146257494b471ee8787a9
Debian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
0ade6375df4fb18e4bf4cc0f6541e056556cbe078ca3ef9db083dea13e260836
Mandriva Linux Security Advisory 2011-135 - It was discovered that the iproute2 package was not rebuilt against the latest iptables libraries. This may have security issues, as the current iproute2 should be calling an interface in the iptables libraries with incorrect arguments. The updated packages have been patched to correct this issue.
a4e60342d65555aecd95e0fb2248b88a7dbcd47532b94f39fccca26c1ac2df85
Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.
ffcdd5bd50bb293ea8bfd41f16c5b291b1012994e0b0446df4dcd98cdd52ba28
This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.
6d655b5582b4862af9ad5082596a3a125309795b934f84d6bc8af6fa078b4321
Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
5b052a7ad17040106cf59d16c4d5bc715cb92e50d84263e25ce9d3526181ada7
Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.
9ce94f018b6a159b2536c30e1849e01d5740c9bd9318fe2e6a86e92ad9d7fff7