Ubuntu Security Notice 1228-1 - Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Various other issues were also addressed.
342cc180d5cecac8d3b0c419772eaabfThe Google App Engine SDK for Python suffers from a code execution vulnerability that can be leveraged by a CSRF vulnerability.
2f49ace147850096d3eb60a1efc6592eWhitepaper called Hacking WebLogic. It gives a brief overview of how to hack a default WebLogic server using a web browser.
deff8f50fc6a94e7a1f2a21faafd1708Secunia Security Advisory - Gentoo has issued an update for gnutls. This fixes multiple vulnerabilities, which can be exploited by malicious people to manipulate certain data and conduct spoofing attacks.
06518a0fee037de2aed040c2b844476fSecunia Security Advisory - Multiple vulnerabilities have been discovered in the Advanced Forum Signatures plugin for MyBB, which can be exploited by malicious users to conduct SQL injection attacks.
b7f414b4a3b23603fc8618fe09d0850cSecunia Security Advisory - Gentoo has issued an update for php. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
17040e3f7f5279d63c6016ada3ac7fbfSecunia Security Advisory - Gentoo has issued an update for php. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
17040e3f7f5279d63c6016ada3ac7fbfSecunia Security Advisory - A vulnerability has been discovered in the MyStatus plugin for MyBB, which can be exploited by malicious people to conduct SQL injection attacks.
c0264604de7684495b67e8849bc82469Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Contao, which can be exploited by malicious people to conduct cross-site scripting attacks.
5e98912ae09088ee55bbd715032e4fb5Secunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
6b40afefb1110028781f2d6ce04ea2b9Secunia Security Advisory - Two vulnerabilities have been discovered in POSH, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
8ec059bbe55023b7ccc90b9574716337Secunia Security Advisory - Apple has reported multiple vulnerabilities in Apple iTunes, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.
3d885628294960606c2b9f4978c06d04Secunia Security Advisory - A vulnerability has been reported in BlackBerry Enterprise Server, which can be exploited by malicious users to impersonate other users.
379cc03749fe48c0431b623546070214Secunia Security Advisory - Some vulnerabilities have been reported in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
f3849facb241475537377444ceed0533Secunia Security Advisory - A vulnerability has been reported in Google App Engine SDK for Python, which can be exploited by malicious people to conduct cross-site request forgery attacks.
15387b4621c585a8081d35b151831d89Secunia Security Advisory - SUSE has issued an update for Qt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
ebcf4416ba402ffd1fb4c6a1bc68a16cSecunia Security Advisory - SUSE has issued an update for tomcat5. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
e415a3f969c2b6749918a6ff6edda90cSecunia Security Advisory - A vulnerability has been discovered in the Light Post plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
64f8ccc36262902d69900217dafc1522Secunia Security Advisory - Roberto Paleari has reported a vulnerability in ManageEngine ADSelfService Plus, which can be exploited by malicious users to bypass certain security restrictions.
c3e21b4bc96c671dca9fe4b8e5619c6cSecunia Security Advisory - A vulnerability has been discovered in SilverStripe, which can be exploited by malicious people to conduct cross-site scripting attacks.
35380e08eedb0106e1759f92d6d24136Secunia Security Advisory - SUSE has issued an update for libqt4. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
0b73993fa16d44690a65ebfc17fbffe8Technical Cyber Security Alert 2011-284A - There are multiple vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer, Forefront Unified Access Gateway, and Host Integration Server. Microsoft has released updates to address these vulnerabilities.
010ceeb53645cf3fbb10ab96404d8721This bulletin summary lists 8 Microsoft security bulletins released for October, 2011.
0eafa1bcb701d88133e2f4849b50363aApple Security Advisory 2011-10-11-1 - iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.
f412afeac9ef3ebef2f9d5757132d08dMandriva Linux Security Advisory 2011-148 - Multiple vulnerabilities has been discovered and corrected in samba/cifs-utils. smbfs in Samba 3.5.8 and earlier attempts to use mount.cifs to append to the /etc/mtab file and umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. Additionally for Mandriva Linux 2010.2 the cifs-utils package has been upgraded to the 4.8.1 version that brings numerous additional fixes.
f663d6b0ff69a77f77548072eb9d3b7d
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed