Gentoo Linux Security Advisory 201206-32 - An error in the verification of SSL certificates in Links might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 2.6 are affected.
4f587c1208ab63e68b65d261c9b42767
Gentoo Linux Security Advisory 201206-31 - Multiple vulnerabilities have been found in Linux-PAM, allowing local attackers to possibly gain escalated privileges, cause a Denial of Service, corrupt data, or obtain sensitive information. Versions less than 1.1.5 are affected.
e6620ba56b503fdc619693864274ef3b
Gentoo Linux Security Advisory 201206-30 - An error in the hostname matching in sendmail might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 8.14.4 are affected.
0825f570770528b4248fd45b3743b9fb
Gentoo Linux Security Advisory 201206-29 - Multiple vulnerabilities were found in mount-cifs, the worst of which leading to privilege escalation. Versions less than 3.4.6 are affected.
65d6f4c8120afb7c7f3c1ce0c03c6071
Gentoo Linux Security Advisory 201206-28 - Multiple vulnerabilities were found in texlive-core, allowing attackers to execute arbitrary code. Versions less than 2009-r2 are affected.
28dae74e315c9d1eae43c90dfdd8c983
Gentoo Linux Security Advisory 201206-36 - Multiple vulnerabilities were found in logrotate, which could lead to arbitrary system command execution. Versions less than 3.8.0 are affected.
8862f7a63eacbcf72eb569bd4b08d1fd
Gentoo Linux Security Advisory 201206-35 - Multiple vulnerabilities were found in nbd, which could lead to remote execution of arbitrary code. Versions less than 2.9.22 are affected.
fd9326481b90078ff816a43b6d432c4d
Gentoo Linux Security Advisory 201206-34 - An error in the hostname matching in msmtp might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 1.4.19 are affected.
ef5bd1ce2d222e9d3082bbf5f214bfaa
Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.
747c3d1ceb77eac7ea28b8d7ce15ee48
The Asus iKVM/IPMI implementation stores credentials in the clear, in a text file, and readable by the anonymous user which has a hardcoded password of "anonymous" with no way to change it.
b30bf635fe2aaab78a2fc2a690b9c68f
Security Explorations does not agree with Apple's evaluation of a vulnerability they reported. They have decided to release proof of concept code to demonstrate a bypass vulnerability in Apple QuickTime Java extensions.
b455e16bcd79c5388b8972a887d86fc8
Apache Roller versions 4.0.0 through 4.0.1 and 5.0 suffer from a cross site request forgery vulnerability.
96f6190baa631ef508f5afd8d09c46e7
Apache Roller versions 4.0.0 through 4.0.1 and 5.0 suffer from a cross site scripting vulnerability.
72d9f1813de4754d252e6afa88793e38
Kingview Touchview version 6.53 suffers from an EIP direct control vulnerability.
baeb6e39abe481565a5dbd7a7b401487
Kingview Touchview version 6.53 suffers from multiple heap overflow vulnerabilities.
13b5fa51547273873ea1c36fdc30c174
Mandriva Linux Security Advisory 2012-100 - An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the imfile rsyslog module was enabled, a local attacker could use this flaw to cause denial of service via specially-crafted message, to be logged. The updated packages have been patched to correct this issue.
9cbfeaf506f42ed876fdb65df961206e
This whitepaper discusses the insecurity of poorly designed remote file inclusion payloads. This is part two.
db334ed835af32fbdea7852b6b5cba1e
Slim PDF Reader version 1.0 suffers from a denial of service vulnerability.
fa867045b7572deef3a191844fad57e5
Hashdays 2012 Call For Papers - Hashdays is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks. The event features many international IT security experts sharing their deep technical knowledge in an open environment and takes place October 31st to November 3rd, 2012 in Lucerne.
0d9b06173bf8b27af376f4e5f7fec032
The WD TV Live Streaming Media Player suffers from two implementation flaws that together allow for remote command execution as root.
268a44dbddc2d9b6b4f15fc418eed118
Drupal Drag and Drop third party module version 6.x-1.5 suffers from a remote shell upload vulnerability.
d231d5209233b10f581920ad6e54c2cc
Autopagina CMS version 2.8 suffers from a remote SQL injection vulnerability.
a8b341071924160ea47bd8aa7ed81d2d
Umapresence version 2.6.0 suffers from remote shell upload and file deletion vulnerabilities.
938b6ee03d3db9422bacc1892c2b964c
Able2Extract and Able2Extract server version 6.0 suffers from a denial of service vulnerability.
70d0cff4629a029b21d8d0a8d50aee4c
Able2Doc and Able2Doc Professional version 6.0 suffers from a denial of service vulnerability.
a9ff9cc2ecadb17fb000f40f10113244