Secunia Security Advisory - A vulnerability has been reported in Python trytond Module, which can be exploited by malicious users to bypass certain security restrictions.
8914f9d195aa3b56f39dad3b91c1e07f74eb4c32230122ad4773647b28eb2d5dSecunia Security Advisory - A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
e1fb465127bd893925acfae926a890d193414cf7c9bd80a93d1236ac6ba5e1e5Mandriva Linux Security Advisory 2012-044 - A vulnerability has been found and corrected in cvs. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. The updated packages have been patched to correct this issue.
891ba05686fa17391e069c49ba48e6a0ad5b0eba8fc97db8070e0ddf441eeff7Mandriva Linux Security Advisory 2012-043 - A vulnerability has been found and corrected in nginx. A specially crafted backend response could result in sensitive information leak. The updated packages have been patched to correct this issue.
b4f7d90d2aef1b63ae089280c523e080571f3292b4ca66f949631feb3f253176Register Plus Redux version 3.7.2 for WordPress appears to suffer from additional cross site scripting vulnerabilities.
db3fb962011dd8d10dc7bbbb09fa3e33e1b8850fab7bbad4805726fff8226418McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a file download vulnerability.
541d487c0fd9f602725c99856fa3e3627cd412b773bb200ff86822d291aee585McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a password cracking vulnerability.
83b1fca33c08846e197daa065fc717ff51f5a94766c6b9b25ceeac7ca984be29McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a token disclosure vulnerability.
5e6128752681e8d4144799b7dd87140151481f96ddb6ba769da110dd68f46272McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from an access bypass vulnerability.
38b9c98ba1910b6ae86c52cbb72d534f1960caf1fa1e8484b1a424503d4d3a2bMcAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a session hijacking vulnerability.
ea917b03e7a1554b15684bdf3c879c93ffadab2739f8cdd41c0e98cfd264ec09McAfee Email and Web Security Appliance versions prior to 5.5 Patch 6, Email and Web Security 5.6 Patch 3, and McAfee Email Gateway 7.0 Patch 1 suffer from a cross site scripting vulnerability.
0c1840f7a89acaf990fbe44ab43b5a65bc48fca9f572401830ddd523cc72dcdeGentoo Linux Security Advisory 201203-23 - Multiple vulnerabilities have been found in libzip, the worst of which might allow execution of arbitrary code. Versions less than 0.10.1 are affected.
3dc6ec677cef70e1de94b2d06ab3401e1e55afa0cbebc37c8c0cb6bceef728e8Red Hat Security Advisory 2012-0434-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the specially-crafted SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 10.3.183.18.
214097b723d5e1016a9378358b8884c8afd2d66057492714e906754204d059ddRed Hat Security Advisory 2012-0436-01 - Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that a remote attacker could upload packages to an RHN Satellite server's NULL organization without any authorization or authentication. Although an attacker cannot put packages into an arbitrary channel and have client systems download them, they could use the flaw to consume all the free space in the partition used to store synced packages. With no free space, Satellite would be unable to download updates and new packages, preventing client systems from obtaining them.
45234674ce4a82856e27d9dd7d625e6bdb84280955a4e87847c7e1313febcba4Ubuntu Security Notice 1197-8 - USN-1197-7 fixed a vulnerability in ca-certificates-java. The new package broke upgrades from Ubuntu 11.04 to Ubuntu 11.10. This update fixes the problem. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
d65d4721c97ea8c2b04ae4bf5108126edba21737d791da66ab764bc731edc55dUbuntu Security Notice 1413-1 - Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file.
fa24d61a1e2ebc2f10bb016c59b802b5caa5ee81f5cd0d430c76d972c159a045Ubuntu Security Notice 1412-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service.
ffa26fc4d4f2107fa0a64ed1c7e866f5a1c4fef22ea503843dc7738efdabb04eDebian Linux Security Advisory 2444-1 - It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field.
1bf8166f452ce37b8119e22989896e1361e2b04b9065dbab3659079991b8e62cCisco Security Advisory - A vulnerability exists in the Cisco IOS Software that may allow a remote application or device to exceed its authorization level when authentication, authorization, and accounting (AAA) authorization is used. This vulnerability requires that the HTTP or HTTPS server is enabled on the Cisco IOS device. Products that are not running Cisco IOS Software are not vulnerable. Cisco has released free software updates that address these vulnerabilities. The HTTP server may be disabled as a workaround for the vulnerability described in this advisory.
d0a54650e8efd4c39e79421b011fe738bf7decc8c31ed82b1aed3488ad1654e3Cisco Security Advisory - The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
69dfd771334c9008e86b1f53b96091fcd37892da4c55275494bc282c59b6d36aHP Security Bulletin HPSBMU02756 SSRT100596 - A potential security vulnerability has been identified with HP Performance Manager running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to execute arbitrary code and to create a Denial of Service (DoS). Revision 1 of this advisory.
efc98ae21b7578cdda64deb5dc05500c54b69e6f2036619387554bc0530e3ad6Cisco Security Advisory - The Cisco IOS Software Network Address Translation (NAT) feature contains a denial of service (DoS) vulnerability in the translation of Session Initiation Protocol (SIP) packets. The vulnerability is caused when packets in transit on the vulnerable device require translation on the SIP payload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates the vulnerability is available.
621d511df36164003264ce4995e8cc2dd26b288bbfe0e1518a4cf0d7dddeebc1The Drupal Fusion module version 6.x suffers from a cross site scripting vulnerability.
8311447d5c5e9a519065e8708e1a06e2ea1f83db30ea859607056582c4f49fb0The Drupal Chaos Tool Suite module version 7.x suffers from a cross site scripting vulnerability.
80d66e0a5170005cb66e1988ba20428a8cdff88a472053008c696562e43d5e13The Drupal Organic Groups module version 6.x suffers from an access bypass vulnerability.
dbb190a4af2ae746e702f203bad02665c8856d9855a61e43a4847ccb615818d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed