The Joomla YJ Contact component suffers from a local file inclusion vulnerability.
14b63d4cd8536eb5a40ccc49a0ccbff854ddb4ce8b606664beda0c785752f6f3PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
af3d1d15aee34cb94384d7f4243732ec621858e184034b9f9d47e3d472356071haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
3c37f73250f76fc61da6936d0f5bff2ec4239282a879eda4a8fa56c380ee6436Red Hat Security Advisory 2011-1402-01 - FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
c7f037ddbca66c8170d8598d388997627e573c9e761a50b0b2ee169405cc1500Ubuntu Security Notice 1248-1 - Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name (CN) for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This issue only affected Ubuntu 10.04 LTS and Ubuntu 10.10. It was discovered that KIO in KDE-Libs did not properly perform input validation during proxy authentication. An attacker could exploit this to modify displaying of the realm and proxy URL. Various other issues were also addressed.
b72f099c8d8ac3650765e3fd99be619d5711842026d8fc594ef9d2cacd4f30d8Ubuntu Security Notice 1238-2 - USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
24f1ff0a4bf1e3e276009e4999f192df87a00a2098234c3807f2ffc5f471cff2Ubuntu Security Notice 1247-1 - An information leak was discovered in Nova. An attacker with access to a valid EC2_ACCESS_KEY could obtain the corresponding EC2_SECRET_KEY for that user.
9b707c8e51ca0ee5dee39844216701abe7fbf2311aaacbfa1dc3af5e0da96320Jara version 1.6 suffers from a cross site scripting vulnerability.
08036c096ed9ba555d987f0a515c9421a8e0f73c23a18cc498818681fbd8d29cHP Security Bulletin HPSBUX02700 SSRT100506 2 - Potential security vulnerabilities have been identified in HP-UX running the Veritas Enterprise Administrator (VEA), which comes bundled with VxVM. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or execute arbitrary code. Revision 2 of this advisory.
a3e0b0569f4cb0ca3cea2b7e8d6e6f4bd6aac78d3f8413c2a137ce0d3ef48f4eGentoo Linux Security Advisory 201110-23 - An input sanitation flaw in mod_authnz_external allows remote attacker to conduct SQL injection. Versions prior to 3.2.6 are affected.
199e8bf204b111a8bf85a0a7eabb27f27de06cfc4f46386df48331400a29dd26Ubuntu Security Notice 1246-1 - Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. Various other issues were also addressed.
cf11a06c88404689f3315bfbc23864bb0580bd1f90eb5d3cfcb5f38c2c2438a0Ubuntu Security Notice 1245-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
6c2fdc6fb88de2201319a3a2c820b9ee501477683f43a26fc633346bfd7e0794Ubuntu Security Notice 1244-1 - Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
e4754fa6724234d333d49b5c5ae6f7479b66f52067e7648702db16544a280bcdUbuntu Security Notice 1243-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
17f248b3931a988aad14812534c1789db9fb19d3669e1520b000fb81fd5b0df9Ubuntu Security Notice 1242-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
544731c1bb12667fa7a9b5b5b16ac0871a169440d284556042daf2acc1e9a8f4Ubuntu Security Notice 1241-1 - It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.
34637add57bb1c47bb725041cb1273223d64aa46133511754d889d306943b525Ubuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
7bb5696fdf28788ddf1a181d26c0746a318f35d21e90975dc7a17a6248fbbf34Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
a8d44e1d2d7d40338fc3f73c81b91d2690ae35010e30a9837bab689992f33bd1This Metasploit module exploits a vulnerability in the lib/functions.php that allows attackers input parsed directly to the create_function() php function. A patch was issued that uses a whitelist regex expression to check the user supplied input before being parsed to the create_function() call.
e1b54786a4e2d61486487555756f54e0b3b67f845210590ec4291fbcedf138f3Gentoo Linux Security Advisory 201110-22 - Multiple vulnerabilities in the PostgreSQL server and client allow remote attackers to conduct several attacks, including the execution of arbitrary code and denial of service. Versions less than or equal to 9 are affected.
82243da3aec06c210e0496833735c49ccf39afb961407ead00319a66417c0cd7Debian Linux Security Advisory 2327-1 - Ferdinand Smit discovered that libfcgi-perl, a Perl module for writing FastCGI applications, is incorrectly restoring environment variables of a prior request in subsequent requests. In some cases this may lead to authentication bypasses or worse.
db9444e23843ed2215138be06267ed7a6f1fc2b748d7e7c337b65e76da520d66The zFTP server suffers from a remote denial of service condition when handling multiple STAT and CWD command requests.
8407a8948f7a9148808d25756720686181651afab0fbe2eb264d023cb76c64bbSecunia Security Advisory - Tele-Consulting has reported multiple vulnerabilities in Alcatel-Lucent OmniTouch 8400 Instant Communication Suite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
35204efb933da6896b642b83b448218aa79eb180a35cde25d6feecc2f6815320Secunia Security Advisory - Alcatel-Lucent has acknowledged multiple vulnerabilities in Alcatel-Lucent Business integrated Communication Solution, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
8820f1f5815c0d5f0a89513a26f89261ced75459c29a113bdea873831ffb6ba4Secunia Security Advisory - Gentoo has issued an update for postgresql. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), gain escalated privileges, and compromise a vulnerable system and by malicious people to conduct spoofing attacks and bypass certain security restrictions.
5dc9ccefad891e1cb95cce20ba6d7ba16e1de567f8843dbabafec1c1d05eb06f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed