Debian Linux Security Advisory 2371-1 - Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code.
378ae0ceefe4816301fc1cbd5602b9554680c22218691bc93c90385f418234a7Mandriva Linux Security Advisory 2011-192 - Security issues were identified and fixed in mozilla firefox and thunderbird. The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving removal of SVG elements. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. Various other issues were also addressed.
74b1c50fa04b0741fdb76a94c0c90b30b2e95ec9554f1e5264d61525601acb44Secunia Security Advisory - A vulnerability has been discovered in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
2a8873fd498e4864aec167d8bf600d099f08566136857d5e4a2f66caca79f71eSecunia Security Advisory - Multiple vulnerabilities have been reported in HP Managed Printing Administration, which can be exploited by malicious people to compromise a vulnerable system.
9a68c26e6c8423e9131753236ea182eab70f56400c1c0677734986cd0affde57Secunia Security Advisory - Debian has issued an update for unbound. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
a5a00b15c00059d648cbd48c4ff05d6f977c75338250418f6a806ea9e05f5f03Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
635187466a9d994594e720ac93f94f792231827fad4311342c1ac4e7802bf083Secunia Security Advisory - A vulnerability has been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site request forgery attacks.
e09495fbd2214dc75e8da3a79c84401071d4d268c8ea782bfef8dab078f6929cSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system.
d29a97290ba10d51b169d16b55b77f9fc68ba8534935da3f161abb98a80cd652Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Phone, which can be exploited by malicious people to cause a DoS (Denial of Service).
d601ccb7ff992a42790dba8ecaa8246e8be0d11887d8ec7d2c601ebdbaab5794Secunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in Open Business Management, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.
58a9baff3abf620f79e6309791bac2fc3c40860fe2d454c21233b53076509394Secunia Security Advisory - Multiple vulnerabilities have been reported in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.
19e07477de40c94c6fbe93ecaa6643e97f28171f4060f91f308de2017aad553bSecunia Security Advisory - MustLive has discovered a vulnerability in Android, which can be exploited by malicious people to conduct spoofing attacks.
9f5ebed4a21407733324342aa69e54c3632ebae0d43bf4a1200a062e07fc22b2Secunia Security Advisory - Two vulnerabilities have been reported in cApexWEB, which can be exploited by malicious people to conduct SQL injection attacks.
00ea78aeaa5454257f302418a42b455f38c25511417848d7e1e092798aea77b7Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges.
9b8166808c22162036618de8808ece544c2774872189246d46e6a80da9b38bf9Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Rational Rhapsody, which can be exploited by malicious people to compromise a user's system.
896533ff6f22bfac84355a38087c350a7a4e991d1ad5e8951dd4a138d9ef1f84Secunia Security Advisory - A vulnerability has been reported in IBM DB2 and IBM DB2 Connect, which can be exploited by malicious, local users to gain escalated privileges.
fdc3e931c8a06884e63283cfa0a7548e713f2d10c38e14243adf5f71941d198fSecunia Security Advisory - A vulnerability has been discovered in Public Knowledge Project Open Journal Systems and Open Conference Systems, which can be exploited by malicious people to conduct cross-site request forgery attacks.
ecfe1cf82a2d8092decef4bd7da9d7895960d89e85f0f2252af1c49fc353f846Secunia Security Advisory - Multiple vulnerabilities have been reported in BB FlashBack SDK, which can be exploited by malicious people to compromise a user's system.
a8970ac1ba41cdb7d29f4062abf18bb71929b92f51df8751a9dc6222d27221faDebian Linux Security Advisory 2369-1 - It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.
e634802cfae069d5d50208bd0bc4815d5ddbbfd3098ea941bd70b031e1a7a505Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5dRed Hat Security Advisory 2011-1850-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.
22b74347f86b8270406e2b6e7d57aac603828a1c39676ba682aa4f68f794b50dDebian Linux Security Advisory 2370-1 - It was discovered that Unbound, a recursive DNS resolver, would crash when processing certain malformed DNS responses from authoritative DNS servers, leading to denial of service.
e000da874c7e25eebb25bcd0318bb4cd093a50d621919fe8f74cae1ca32435f3Ubuntu Security Notice 1254-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Thunderbird 3.1. An attacker could potentially exploit a user who had installed an add-on that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.
7380de76d3f7ae9d28ad3d7ebd18e2d1d0c2c421ee05e83463651e5d8cf20229Red Hat Security Advisory 2011-1849-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device.
59c592d94b44d37b278d4bf844f5506f5e4dd75ac7fedd8ac9b88a73109d048fZero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.
5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed