Secunia Security Advisory - Some vulnerabilities have been discovered in the Video Embed & Thumbnail Generator plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
9b7d75c7a1f316d6c7ae909c02eb8642d3c93ae3f8d13298e971fa6a6ed6cd60
Secunia Security Advisory - A vulnerability has been reported in IP.Board, which can be exploited by malicious people to conduct script insertion attacks.
10e0628485fcbf604613633c5d65491125e2a81a2b9e72688cb9faf22f6b0870
Secunia Security Advisory - A security issue and a vulnerability have been reported in Puppet, which can be exploited by malicious, local users to gain escalated privileges.
37debc3639fbe3b6f5beabedf35e5bee56b0818e5292b4175e71a90560bb2ae5
Secunia Security Advisory - Debian has issued an update for notmuch. This fixes a vulnerability, which can be exploited by malicious people to potentially disclose sensitive information.
49e541b8c3015f26c18bed82606165c1ec7d06aaf27707143ca2a55a2dd59d2c
Secunia Security Advisory - A vulnerability has been reported in Samba, which can be exploited by malicious people to compromise a vulnerable system.
408e39e5d4587dec081fd2a270ce37ab4af54b4f6e0e9c38a8624697dd2641f3
Bugzilla Security Advisory - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered in Bugzilla versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2.
fe9aa9d5a2e0261931ccfa5c0cb9081fcee27f39f8a92d16f3b60fbcf5b9c472
HP Security Bulletin HPSBMU02739 SSRT100280 2 - A potential security vulnerability has been identified with HP Data Protector Storage Media Operations (SMO). This vulnerability could be remotely exploited to allow execution of arbitrary code. Revision 2 of this advisory.
2213eb6dbed6a4069e8b68c5b4ee0fa7345ab74c4c7000c299bfc528640ea31e
The Dropbear SSH server suffers from a use-after-free vulnerability that allows for arbitrary code execution.
64265ec1c523533339855204fdc6f2a60efec7010b11b476bb2709c5aaf7b16e
HP Security Bulletin HPSBUX02737 SSRT100747 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
19e6114da67ae376ce2cb7ed67e338b31708557b126fcebc375c1599c6fcaa2a
BlackBerry PlayBook suffers from a samba related code execution vulnerability. Tablet versions prior to 2.0.0.7971 are affected.
1afc8a7ff4c33e0b84d61b7fd3ad9ea453b1ab6f4c8645898025d843d0ecb99c
Ubuntu Security Notice 1374-1 - Andy Davis discovered that Samba incorrectly handled certain AndX offsets. A remote attacker could send a specially crafted request to the server and cause a denial of service, or possibly execute arbitrary code.
81d485c10b572461eea91dd42a3a6dd59c4c9ad6c3e1aa0157a31e42055bb3ab
Ubuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.
f5d1680ea07c3d083ccb24ffe7ffae199ba83aed9e742267a6ecfcda91111e3c
Debian Linux Security Advisory 2416-1 - It was discovered that Notmuch, an email indexer, did not sufficiently escape Emacs MML tags. When using the Emacs interface, a user could be tricked into replying to a maliciously formatted message which could lead to files from the local machine being attached to the outgoing message.
65bcdf42c527a426b64804a3384e6b2466fe1ff2c05aca4bdd06d8c34f037db4
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), then it would be possible to validate arbitrary (USER, ROLE, ENVIRONMENT) tuples, in order to detect valid ones.
bd2dcc460f9817265732bc0808e8543eaac886463c0594e24bd5fce15ec0bc80
Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely change the JDE.INI configuration file. This situation might help the attacker to perform complex attacks that would lead in a full compromise of the system.
828b3a567c457e25def81aed87d84c454dc26926bd2577c4e6994f3c298a3a9d
Onapsis Security Advisory - If a message containing packets of a specific size is sent to the JDENET service, a Denial of service condition is triggered, because the kernel in charge of dispatching those packets uses all the available CPU time.
e078711b599b4ca14519d9a0815063149df5877baf8bdefeb3da7bcb1a95522e
Onapsis Security Advisory - Several ways to gather information exist in the JDENET service. Sending specific types of messages, it is possible to access technical information about the system's configuration.
a6dfb3a6559dfc645d1303f9b5a6826e4fa6b4bbc4a75ebc31faef54217250c8
Onapsis Security Advisory - If a specially crafted message is sent to the JDENET service (specifically to the SAW Kernel), a user can remotely retrieve data from the JDE.INI configuration FILE. This information includes password for database connection and configuration of node password for authentication tokens.
90f2ce75b9c8f2dc58f994c02fbf3ab323d56248d40faf948d178fd4350492a4
Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.
31da0efcb3a1c6bfaf12e06688d0619522253f130e943a73a69af7e3f60d8eea
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the JDESAW Kernel is configured (it is by default), then it would be possible to read any file on the system.
8830e58431e4e54de8e064e5cd249e16908cd8f778228632a25fa840fdf16e20
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
ca8b740898e9808b2377e7e6e742f24a9adcdee6596d83dbff27ba20b10ae606
Onapsis Security Advisory - If a "Message packet" is sent to the JDENet port (6015 by default) containing a specially crafted "File Packet", the sent file is saved in the server where the JDENet service is running, in the arbitrary location specified by the "File Packet".
110da071d60499fa9e34debb38e6a7404f1d62c2405feaa405c2015812db0a2e
Ubuntu Security Notice 1372-1 - It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. Various other issues were also addressed.
5c8cc223024eb5757b6e35e27ea76c485d767109bb47ae4e336bf0859299e7ad
Debian Linux Security Advisory 2417-1 - It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead.
cf6eb06a9662d3cbb04a61d240b222ea745c263a73494063aa45b2362bc1dd87
Red Hat Security Advisory 2012-0333-01 - Updates have been made to the Linux kernel. SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to the underlying block device, allowing a privileged user to bypass restrictions and gain read and write access to the entire block device. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. A local, unprivileged user could use a flaw in the Performance Events implementation to cause a denial of service. Various other issues have also been addressed.
ab385ec0a710376d5bd1648fee2d56710fe8b5e7cf9b6e8931a4f3a897ec925a