Ubuntu Security Notice 1210-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
f6a9c46e28c67f6f744d937892e1a600
Mandriva Linux Security Advisory 2011-138 - This advisory updates wireshark to the latest version (1.6.2), fixing several security issues. Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service via a malformed packet. Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service via a malformed packet. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.
5e24d9230a5e85e93c1e688990e0713c
Mandriva Linux Security Advisory 2011-137 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service via out-of-order messages that violate the TLS protocol.
d4cdd08b16fe165439352bfa6ccaf846
Mandriva Linux Security Advisory 2011-136 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.
aad8354635e0daa4188bb666e77c1b6a
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
b37c25b14136941416b0a1e33f2d7d58
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
478617bafb33189462d68b2d0098051c
iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
915c525f385f16148dfaf4b6acefe3dd
FreeBSD Security Advisory - When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. A local user can cause the FreeBSD kernel to panic. It may also be possible to execute code with elevated privileges ("gain root"), escape from a jail, or to bypass security mechanisms in other ways.
76df34e8660b58d174df2b314c648f44
FreeBSD Security Advisory - The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.
2da0f0fb844d408727730142ea5b6caa
A whitepaper on the basics of Android and reverse engineering of Android applications.
059517ac4338b22e446d41daf88849d8
Cisco Security Advisory - The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability.
044174eb1aecc7710d3a887fa7fb3c85
Cisco Security Advisory - A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.
9a046cad44847b96a1e1ac47f472bcef
Cisco Security Advisory - Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features.
66f438d4a26109026168d18f7cbd958f
Cisco Security Advisory - A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability.
d1dabfb914740f5fe569a012811187a8
Cisco Security Advisory - Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability.
92d32bec8f7057cebc21076875e2fb9b
Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
bc0662c54a51abc3c5b7b913522a0f91
PcVue versions 10.0 and below suffer from code execution, file corruption, and an array overflow.
e65b828fd2fcfe44c426d595e3ab3f9d
Traq version 2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.
f02069a43b7211f89aeffbeeeeaa47c4
VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "ICalProcessYearlyRule()" function within the "gwwww1.dll" component when processing a malformed "BYWEEKNO" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
bc4052bb5ae1cf1a84f7ebdc7fcb277b
VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurParam::integerList()" function within the "gwwww1.dll" component when processing a malformed "RRULE" integer list in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.
33b267c7db1590960d4b74c343d82c5b
FreeBSD Security Advisory - A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash.
f3338b9c63df2659206ed7b58b7a0da9
Redmind Online Shop / E-Commerce System suffers from a remote SQL injection vulnerability.
f698bf91d31d1ee6f830392d26c08501
Jarida version 1.0 suffers from a remote SQL injection vulnerability.
842e38650fda5654150d8e2aea9c6a37
WordPress Mingle Forum plugin versions 1.0.31 and below suffer from a remote SQL injection vulnerability.
05e930b7612a845bf67e8dc01b14616a
Cisco Security Advisory - The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of multiple protocols. Cisco has released free software updates that address these vulnerabilities.
6ba80e0795d381365f8e77de9b6e0a05