Red Hat Security Advisory 2011-1445-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-28, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.
703b8342e1287a8fd4f40c8d3c276f95d4e25e160e7706f6815d1780750ee624Infoblox NetMRI versions 6.2.1, 6.1.2 and 6.0.2.42 suffer from multiple cross site scripting vulnerabilities.
e7dbe67b433148622bbc5bf402329b20674f6ba97ce8e2277587c9b0d4651691DLGuard Shopping Cart suffers from a cross site scripting vulnerability.
ef6955d7c4b8aa9b1817b0abea8dad35bc317c32af6a45a17b3e5cf2e20b6491Plum CMS suffers from multiple remote blind SQL injection vulnerabilities.
c98de5a47ff11eb6f23841017b1c2b1017078198c4147b058517191e7e120ba4Secunia Security Advisory - A vulnerability has been discovered in the DP Thumbnail plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
5a11b9b40bb0731f872f2d341e6ed6790de493af1f2b00c33b08bbadb0a03894Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in osCSS2, which can be exploited by malicious people to disclose sensitive information.
a6d3061f40d9d1d0252267e9573a29b3c0b96abab8388b7058fdbab3e7931823Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
26cdaf10b79301c3dd2d593c7ee19563fa215f108dffa95d1ab7062553c2e1cdSecunia Security Advisory - A security issue has been reported in some Cisco TelePresence System products, which can be exploited by malicious people to compromise a vulnerable system.
e65f7fafdcb0a5639c0bf7c469804ae1fbb4125166782bd041db89dfc6b0fbc6Secunia Security Advisory - Stefan Schurtz has discovered two weaknesses and multiple vulnerabilities in AShop, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
8cf81863e42a0b5036538208a7c09284b47f80a63ceaa37485f8a19fb57e9fcaSecunia Security Advisory - Multiple vulnerabilities have been reported in the Quiz module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
8c6af1111ddef384f51ff2de2327b055e559999b0638b5fa93a1f2706344e602Secunia Security Advisory - A vulnerability has been reported in the CKEditor module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.
6cad4a8f5f260ac0be5ed62dae21a76767b94a4c2ea8f65e3f98b82fc4f8ffabSecunia Security Advisory - Apple has acknowledged a vulnerability in Apple AirPort and Time Capsule, which can be exploited by malicious people to compromise a vulnerable device.
d6e02626e1f6be82628561f36e503f2dbd9bafb6065508778f623ae7a6a67383Secunia Security Advisory - Justin Klein Keane has discovered two vulnerabilities in the String Overrides module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
2685ade96ba835c61328a0157016299ee7a5002209b7d1a5b879fc975deab448Secunia Security Advisory - Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose certain sensitive information, conduct spoofing attacks, and compromise a user's device.
9edc85367e06745ea05b7830c2426e8bacfedf7994261800fa31c4c4c402d0c7Secunia Security Advisory - halfdog has reported a vulnerability in Apache HTTP Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
bfafe64bc50a8de2c7c7668f78011f0999dd104438601dcdd7607c2704a892eaSecunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
4d715d17b3901a0ef428b643ef7f46b1e7f1d8ad5a8b3637276449fae85d0c3aSecunia Security Advisory - A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to cause a DoS (Denial of Service).
6896de19a7c2dc47cf7498f8ebc3a330877b75201e4e0de7a0ec5ae25b683114Core Security Technologies Advisory - Apple OS X suffered from a sandbox predefined profiles bypass vulnerability. Several of the default pre-defined sandbox profiles do not properly limit all the available mechanisms and therefore allow exercising part of the restricted functionality. Namely, sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). A compromised application hypothetically restricted by the use of the no-network profile may have access to network resources through the use of Apple events to invoke the execution of other applications not directly restricted by the sandbox.
a93c8053536e7abfedb811843ec4811b01921f6a36f6987012ab0bbdb0ab1c23Ubuntu Security Notice 1259-1 - It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Stefano Nichele discovered that the mod_proxy_ajp module in Apache when used with mod_proxy_balancer in certain configurations could allow remote attackers to cause a denial of service via a malformed HTTP request. Various other issues were also addressed.
7bef884df5589e1fd12588b714aa616b41b6f836aa2d49c1baa9c3029d8685d0Ubuntu Security Notice 1251-1 - It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. Various other issues were also addressed.
904393052c763c857c28523ce148e5d5f06843e53f3ab205080487b696333173Ubuntu Security Notice 1258-1 - Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service.
295b9f868a67ff1e5dcd4c2bd750e3710e012c5ef89f4caa1fd1db56d38f5170Ubuntu Security Notice 1257-1 - Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. A remote attacker could exploit this with a specially-crafted request and cause the radvd daemon to crash, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. Vasiliy Kulikov discovered that radvd incorrectly filtered interface names when creating certain files. A local attacker could exploit this to overwrite certain files on the system, bypassing intended permissions. Various other issues were also addressed.
f85fdf4320a4ee5b10b9c56c7af55eb36ae0df5e93f7d62ed84779a4bc1d8ceeHP Security Bulletin HPSBMU02708 SSRT100633 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in cross site scripting (XSS). Revision 1 of this advisory.
22ef68bde5096858ea3170c21e0966ec0b2275339719a9f608d93449f96c3d99Secunia Security Advisory - A vulnerability has been reported in Hancom Office, which can be exploited by malicious people to compromise a user's system.
d5450548e15115cbb3a32095abb4aab2afcad4c89938550439db2bd7f7071b74Secunia Security Advisory - A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system.
1097d4b14ed70d0577b30c181226431a6b5273b3c23a932c7f3a24851781b70a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed