Red Hat Security Advisory 2011-1334-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Multiple flaws were found in the way Spring Framework 3 deserialized certain Java objects. If an attacker were able to control the stream from which an application with the Spring Framework 3 AOP in its class-path was deserializing objects, they could use these flaws to execute arbitrary code with the privileges of the JBoss Application Server process via a specially-crafted, serialized Java object.
442edbde35d879e5f6ef8501cfa0f1ff6854082e839ec89ffac4cd267f0d8341Red Hat Security Advisory 2011-1333-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.
0e33bcedad49a5cc8888e9a734c3e94fcecb1fb3502bcd6135296876772943afHP Security Bulletin HPSBOV02497 SSRT090245 4 - Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS). Revision 4 of this advisory.
276161f9b5defba94587895476977046f39846e30ab23de7e9fcec0f7db3fd13Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
5649d72589cc6c97930d976d341ad0c29f94500381763825f20a088a4df9292eDesign flaws make it possible to find out hash of the secret used for URL generation in secureURL.php version 2.0. The problem enables malicious parties to calculate checksum over fabricated URL parameters. The design flaws render the system ineffective against attacks and gives a false sense of security.
2bac6017745b6a2c0260aed056b9e2dfa6f9642bd68c12696537a9e5fa1695a9Red Hat Security Advisory 2011-1330-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 as provided from the Red Hat Customer Portal are advised to apply this update.
4c4d52c5fd2a5c20616f3ebc71ce87be9cc1e7162d05e80b851e4a21b45fc3b8NGS Secure has discovered a high risk vulnerability in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).
7d6ce6c13a81311a3dab3d62c8f6f1fcd10802a5c27a2eec0d0c72aecd82d362Red Hat Security Advisory 2011-1329-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause the Apache HTTP Server to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All users of JBoss Enterprise Web Server 1.0.2 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, Red Hat Enterprise Linux 4 users must restart the httpd22 service, and Red Hat Enterprise Linux 5 and 6 users must restart the httpd service, for the update to take effect.
09a25924843b91f3f50dabe88e350b2457e7ea33b36285fc79174f374c87f60dRed Hat Security Advisory 2011-1327-01 - frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
f2ce352dc25eaf310d9bca25771cbd7c1b96df23f5bb9f0751705aae4632658cRed Hat Security Advisory 2011-1326-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.
702c85e7c9ccaf5dcb5dec68ba2238f7d983950a1752624f9190a5490c11e2f3Red Hat Security Advisory 2011-1325-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.
a1c24e64298830d8a2e338ef21d6a3d7fbe44b1bc20b76eb7693299bfb9d4913Red Hat Security Advisory 2011-1324-01 - Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting attack. A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
32bd8ac5fcc0b20ce8d3211423b8151ce158385ff712a0eb6ef6c742efb0c8beRed Hat Security Advisory 2011-1323-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
2b4e351ecf7b1e04b2a289d89c0a98e84a8bc39de3fd6f4dd885d4a0e30e59c4Ubuntu Security Notice 1212-1 - Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Various other issues were also addressed.
f2bd89a7fb4e075ddf3c443cc67ea905e50e3d359edda7464f4642e35cf7b84eUbuntu Security Notice 1211-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
c722fd7511a442653d720916be5133aeccaba801f39a3fdb017e7ee6b3699415Secunia Security Advisory -
c9a78e16dfad3b2f7fb266fe234bf9ad03b6ab9a28c88d2edb9044bcf97872f1Secunia Security Advisory - A vulnerability has been discovered in the Rent-A-Car plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
c9a78e16dfad3b2f7fb266fe234bf9ad03b6ab9a28c88d2edb9044bcf97872f1Secunia Security Advisory - A vulnerability has been discovered in the LISL Last-Image Slider plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
0774800dc79b6b2f55146f1814113c1f037161a78092943e8250399cf3e74277Secunia Security Advisory - A vulnerability has been discovered in the Auto Attachments plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
b074a51479b32f245d2644bfefbde15ca9ecf2755f9668a4dd70671bc5820aa4Secunia Security Advisory - A vulnerability has been discovered in the Category List Portfolio Page plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
b27bd25d37169b90a1d4f570280f942968f617246511389169321fafe7d60c08Secunia Security Advisory - A vulnerability has been discovered in JasperReports Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b643ff254f555f85f01149c60cb42060244dbf1ef5bb836c71370e669c439191Cisco Security Advisory - Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device. Cisco will release free software updates that address this vulnerability on September 30th, 2011. There is no workaround for this vulnerability.
f8b64349683d7496a8300593b934d118350bd667fccd7d4bba5b889e0720aff7Red Hat Security Advisory 2011-1321-01 - The kernel packages contain the Linux kernel. A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service.
94d31ed0387d6868b6e7adab496a79ec824e11127ad246421b8615a51ee105f6Ubuntu Security Notice 1209-2 - It was discovered that Libav incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Libav incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
9621f95272d1d1ce829f24f5c28f2c8817f6ad5df4167d0c0cb9336fa27f9d7fUbuntu Security Notice 1209-1 - It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. It was discovered that FFmpeg incorrectly handled certain malformed AMV files. If a user were tricked into opening a crafted AMV file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 10.10. Various other issues were also addressed.
9a25bee80cf1df7c81ece3ee62fc95b8e13a4030196ba5a3b6bf163c90a3cd58
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed