Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in Siemens SIMATIC WinCC Flexible, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
ef0bd80742863d9390beef99101a5572bc1fc990288fb26bc0ed7904418615b0Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges.
24a22655ce6e480ba4e5f4b1078f4a1b7638debece589f2ce18d11d9e451d1caSecunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in OrangeHRM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
eb219852c3aefcdc5db063c355fbff898ceda0e80deb44275b83bd4b359a5b34Secunia Security Advisory - Two vulnerabilities have been reported in ExpressionEngine, which can be exploited by malicious people to conduct cross-site scripting attacks.
056ede08de3dc44886959e15aeceabba7608b018483061de3952f26855693840Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Netcool/Reporter, which can be exploited by malicious people to compromise a vulnerable system.
31759ac076e7a3be02e0d8c383713947484c5cd21714307f93a72b1f93a2d608Secunia Security Advisory - A vulnerability has been reported in Hastymail2, which can be exploited by malicious people to conduct cross-site scripting attacks.
3598771b86a5881e30b50640c13c044e6ae7f0cff36a61f1de4fe01c0b5de4c6Secunia Security Advisory - Multiple vulnerabilities have been discovered in Manx, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks and compromise a vulnerable system.
3773ddd68a60a69e018cd4f8b0d76bdea3eeef9749a015d0c89f4f41650526a9Secunia Security Advisory - Multiple vulnerabilities have been discovered in HP Network Node Manager i, which can be exploited by malicious people to conduct cross-site scripting attacks.
97b559a67b9599709c41548f98ae43ac3f1b9cb9c76ac015050604c9eccfd864Ubuntu Security Notice 1285-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
6758df4905be75681d391dbdf0a22a6c0d585b02d7ae0b95ce6c9f405177ab7dRed Hat Security Advisory 2011-1496-01 - A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon will be restarted automatically.
01c14c945ffcae4533481835e75743d048c84069db1e3acf5a44f0949b46b159Red Hat Security Advisory 2011-1479-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Various other issues were also addressed.
ed68520a6ee2920e3e52edf771936c03f68718a31b6a9055d5cb9d1c38a033e1Secunia Security Advisory - Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
8e5a8e74a96541896fa78a68ef3cc3fa651c747d2b5f76030f7e2433eaec784eSecunia Security Advisory - Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
8e5a8e74a96541896fa78a68ef3cc3fa651c747d2b5f76030f7e2433eaec784eSecunia Security Advisory - Ubuntu has issued an update for update-manager. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to conduct spoofing attacks.
e4dc9af3fe5c72d4722b82acc23959106ef498e6a2331aeef4270a4d6a5842a3Secunia Security Advisory - Multiple vulnerabilities have been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system.
64e2a6465ab538fc85b4381988e12eb27c0b07dbcf50a249dae619e1dcdf841bSecunia Security Advisory - Fedora has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
c83dfcfb92517d0b3d862240ad6c02a4045b679336853a30f4dfdd9b120309b6Secunia Security Advisory - Nick Freeman has discovered a vulnerability in Avid Media Composer, which can be exploited by malicious people to compromise a vulnerable system.
6720a9faa2b2f70e6d75b244f6c3f2199ed7ce4f802aaf5d9a2cef9c4882235eSecunia Security Advisory - Nick Freeman has discovered a vulnerability in Virtual Vertex Muster, which can be exploited by malicious people to disclose sensitive information.
9242be56b40c0941763e6df1d40439bf5ee980be5a2f0ee49340352fc1dd3d50Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).
ea528160a92f6bd1dd06afe54de92e80c8bb39c2cf8f1e3ec55585233e8d989bSecunia Security Advisory - A vulnerability has been reported in Apache MyFaces, which can be exploited by malicious people to bypass certain security restrictions.
d94cddc9c385be6f5847c331299f0d77b40dc2c16d527748405dbea81262b095Secunia Security Advisory - A vulnerability has been reported in Oracle Mojarra, which can be exploited by malicious people to bypass certain security restrictions.
7c92512b918988d40fe7bd03dc6c0961c0cb0fd0376432232195ae48b0035a42Secunia Security Advisory - A weakness has been discovered in MediaWiki, which can be exploited by malicious people to disclose potentially sensitive information.
eab1460e815df3c81f3c05efeb5772a907419c9eebc789c0167750eafd35051dSecunia Security Advisory - A vulnerability has been reported in Gitblit, which can be exploited by malicious people to bypass certain security restrictions.
bb6e8393528aca77b479e5e85462f19cb34197dabf544e3687a40628e391c559Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
7129ccdc2761d3f713c8cf916640b6b2a51f9e44da365dadf0f24413f7d3bb79Zero Day Initiative Advisory 11-337 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. During decoding of the sample data, the application will explicitly trust an index from the partially filled buffer and then use that to calculate an address to write to. This can lead to memory corruption which can be converted into code execution under the context of the application.
43ea133c3751d512a5256dd601734f9ceeb84ca0b66f64408082a10e1f8a7aff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed