Ubuntu Security Notice 1228-1 - Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Various other issues were also addressed.
7a796facfbdbd4810efed8d348e53d29c7acf6784437937e622860655741e4f6The Google App Engine SDK for Python suffers from a code execution vulnerability that can be leveraged by a CSRF vulnerability.
519d4382361dcafef4cd129e1fe1de30dc932146ee9e653e859c5c913ba55657Whitepaper called Hacking WebLogic. It gives a brief overview of how to hack a default WebLogic server using a web browser.
77477751376cbf1dd5937b193eca2afb67787fcb5a3e0c217ea0c52936c41806Secunia Security Advisory - Gentoo has issued an update for gnutls. This fixes multiple vulnerabilities, which can be exploited by malicious people to manipulate certain data and conduct spoofing attacks.
b9c9df4f2808f6fada9b0ed6384c7db055cb9c3c0dd08a211bb3c3c59b604804Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Advanced Forum Signatures plugin for MyBB, which can be exploited by malicious users to conduct SQL injection attacks.
dc6e7887dce3d26375fa7d5d45ad78ec1d6957ef499649c716ba338fe15ecad5Secunia Security Advisory - Gentoo has issued an update for php. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
de0f6990ba8780c63c3f66604687a3cec91eff1939cc4fd72a5be3d3c3634239Secunia Security Advisory - Gentoo has issued an update for php. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
de0f6990ba8780c63c3f66604687a3cec91eff1939cc4fd72a5be3d3c3634239Secunia Security Advisory - A vulnerability has been discovered in the MyStatus plugin for MyBB, which can be exploited by malicious people to conduct SQL injection attacks.
66c1fc1ca568c1b053557c0b5b8b4773763053b78ad83c97f4706090bf8d9601Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Contao, which can be exploited by malicious people to conduct cross-site scripting attacks.
acb4dc595eae8076305ac95bafb64b29577b53855a14273c7a568c5097997865Secunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
195b42dade2a6732c1bb59bc63deab3cc79046248d39055517332690c64d1eddSecunia Security Advisory - Two vulnerabilities have been discovered in POSH, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
f305d8f86481a11fd55a2f73c80055a1b4f272c1b102c5f20a4d3309f8c9b4fbSecunia Security Advisory - Apple has reported multiple vulnerabilities in Apple iTunes, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.
57358351a538cfbbce8838640f67e4d9acb6caafd4afcd29d3c40c8a4f33b2e8Secunia Security Advisory - A vulnerability has been reported in BlackBerry Enterprise Server, which can be exploited by malicious users to impersonate other users.
e25d61c6fb9a7ec9eb61a0d5bedb1213697b4b0a55d6564ea2698abdd52f7739Secunia Security Advisory - Some vulnerabilities have been reported in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
c5d850592389e8e01847904ed1b281f26cf41bec52245f715815c49984376104Secunia Security Advisory - A vulnerability has been reported in Google App Engine SDK for Python, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b32f73bda3521d1b39a813988a7dd99c60da72c09485d69e2526673e22a9f877Secunia Security Advisory - SUSE has issued an update for Qt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
a8e6fba3cada46f59fbed4538b09400fa06e3e9122ad6ab2432c09e23770fe6cSecunia Security Advisory - SUSE has issued an update for tomcat5. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
553024aa86462ef218719c53062391b53cc8eb6db2d05a828d5666f81278eeedSecunia Security Advisory - A vulnerability has been discovered in the Light Post plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
0d829ae8d362fe8ae23eb23d8d55ddcb919bcb83fa4b8619b08a98bb64179dabSecunia Security Advisory - Roberto Paleari has reported a vulnerability in ManageEngine ADSelfService Plus, which can be exploited by malicious users to bypass certain security restrictions.
a8162f141c0a2017b8aed54bbbb46d1b2d3f07e9df462a2b4755ca10169c57f3Secunia Security Advisory - A vulnerability has been discovered in SilverStripe, which can be exploited by malicious people to conduct cross-site scripting attacks.
f59de64a3a2df4bc1eef99ced566bb26137276d325cb724dd406e6ab42551c61Secunia Security Advisory - SUSE has issued an update for libqt4. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
7c0206d5dc6756c560d6348d1228d8eda595f1768db4e80b730e98c0195c44b4Technical Cyber Security Alert 2011-284A - There are multiple vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer, Forefront Unified Access Gateway, and Host Integration Server. Microsoft has released updates to address these vulnerabilities.
de59413da740d5efa1911fce8554c2d926b1a108171a00573c8a35b404224e95This bulletin summary lists 8 Microsoft security bulletins released for October, 2011.
9cad8acac48c2a754450433d568cce508dfa732934c2515e7ce2e800567f6910Apple Security Advisory 2011-10-11-1 - iTunes 10.5 has been released and addresses CoreFoundation, ColorSync, CoreAudio, CoreMedia, ImageIO, WebKit, and various other vulnerabilities.
d0a286d451ab2c0a3000ad357ce8ad5ae2a9909ab9c359f0f3163cd19b82dcb8Mandriva Linux Security Advisory 2011-148 - Multiple vulnerabilities has been discovered and corrected in samba/cifs-utils. smbfs in Samba 3.5.8 and earlier attempts to use mount.cifs to append to the /etc/mtab file and umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the mountpoint strings are composed of valid characters, which allows local users to cause a denial of service via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547. Additionally for Mandriva Linux 2010.2 the cifs-utils package has been upgraded to the 4.8.1 version that brings numerous additional fixes.
91640800ce2136b96dfd389b427321e0b3185f315f748dcc3abb4044c1b1d06c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed