Ubuntu Security Notice 1079-2 - USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures. Multiple openjdk-6 vulnerabilities have been addressed. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. Various other issues were also addressed.
c5c18368e20b050d150d2c53891f0010937af3d0d826c64263852fc25e700d30Ubuntu Security Notice 1085-2 - USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files. This update fixes the problem. Multiple vulnerabilities related to tiff have been discovered and addressed. Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. It was discovered that the TIFF library incorrectly validated certain data types. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. Various other issues were also addressed.
55b184ba540a99b97525111479f1fba5ff77334bf3690f72abffaa068a8706f7Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (credentials not stored locally including domain credentials from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks.
d5947a1b05bc5936dec425b3b826c1e9cea6c3295335bf93a05f071088349b99Secunia Security Advisory - Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data.
94427441774f8e8c621ff598b3958f7b5622b90a1a4901a6453dd1e535bfb65bSecunia Security Advisory - A vulnerability has been discovered in Nucleus CMS, which can be exploited by malicious people to conduct script insertion attacks.
2f831c54bc22e3fc20edd1133b4e7c42c91e2b7ef4ba6e41fc2387ddb09e1e62Secunia Security Advisory - A vulnerability has been discovered in Foxit Phantom PDF Suite, which can be exploited by malicious people to compromise a user's system.
ab0878477d249fd8d0cda1c0fc56c2c6e56b762cec5a795ff7aed003bfe025f0Secunia Security Advisory - Fedora has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
6ba4a1a43a4848f53d0a86d4c9bca525e8f0061da45c92bcbc9e2e8b6fd06dfcSecunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system.
4fa457728bc98e95f6eb93c6fcf93cec6f14afe823e2404cdbc40cf36d9eb80fSecunia Security Advisory - A vulnerability has been discovered in ABBS Audio Media Player, which can be exploited by malicious people to compromise a user's system.
79c0ae37907bdab437282d4423a127f91f9b06e2459b78f3339dafefe8e8ea43Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.
82065ae73a35bb5a06d6df49a4559778f4d969cb77fb4314c09e4468b14145a7Secunia Security Advisory - A vulnerability has been reported in Unik Scripts Cover Vision, which can be exploited by malicious people to conduct SQL injection attacks.
4f401c63a98c3e266a4f56f1926cb6ed1085d1cc278d4023e9cb35f7b845b24aSecunia Security Advisory - Debian has issued an update for wordpress. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
0c56ed571d56f132145418f2ec84f8fcce94586e604dcb95dc943eb119ab73baSecunia Security Advisory - Two weaknesses have been reported in Ibid, which can be exploited by malicious, local users and malicious users to disclose potentially sensitive information.
a776044095d8d0a6dacabd13fe7802ccd42f537c78bc195bd04a1455694918adSecunia Security Advisory - ITSecTeam has reported a vulnerability in Qualitynet CMS, which can be exploited by malicious people to conduct SQL injection attacks.
237e7b88d4b903f5a1c3daf1eedd4ffecd6eb2a137cb87410d5036b47f889d7dSecunia Security Advisory - Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
28759cd6d82272a2a2b53efc24e198c9c129bc6c2671a20de2cc77c2c34a6828Qualitynet CMS remote change administrative password exploit.
5e99a5005c3d73c54869a97a49773e97f86129efcdb8ce82354df53ed67ffec4RealPlayer version 11.0 local crash exploit that creates a malicious .avi file.
5fcde7902ae0fea8b5af642406c4a824b35e8289ad7a375e4aad8a3f184a024bSecunia Security Advisory - A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system.
df66275207c738d2f12c12599f66db6bb8a92677733d88957f881cee9e84bc1fSecunia Security Advisory - A vulnerability has been reported in SAP GUI, which can be exploited by malicious people to compromise a user's system.
d30fedecb1b9c34388d15c7f68e07333d3d17160919ad08876904dc22d34747aSecunia Security Advisory - Two vulnerabilities have been reported in the Direct Mail extension for TYPO3, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
5838775ff11a08d81065458227cc6c752d57d3bd0028c939cffe7b45aa3e36fbSecunia Security Advisory - A vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.
415cbe29cf9c58ed818448e767cd8937d2da2701fd7ecdd8ccb50515ebeed25fSecunia Security Advisory - A vulnerability has been discovered in ABBS Electronic Flash Cards, which can be exploited by malicious people to compromise a user's system.
f0ab884c8b39fb472996a26189b67af8ad11056c2e02fe07763efaefe7ecd84cSecunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
80f8f8af78e8484f2493a310f3407721eee5043a7d4d65fb18e2a113718f547bSecunia Security Advisory - A weakness and multiple vulnerabilities have been discovered in LotusCMS, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system and by malicious people to conduct cross-site scripting and request forgery attacks, disclose sensitive information, and compromise a vulnerable system.
54d618bb2cdf94c9499d51739075584986322d04f62c330cab56e5f7f800c8b4Secunia Security Advisory - Some vulnerabilities have been reported in feedparser, which can be exploited by malicious people to cause a DoS (Denial of Service) and conduct script insertion attacks.
a3762c6fc35faac1300249a27f282eac09e7457d7704ea3ccfed4e61cdda97d5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed