Zend Framework versions 1.11.11, 1.12.0 RC1, and 2.0.0 beta4 suffer from remote file disclosure via an XXE injection vulnerability.
c3bbf3eadcb973470c3821625d1d343feeac92ba6e51810c867cb80422569cacIMCE Mkdir suffers from a shell upload vulnerability.
e4862ad1c8229486e151ffef5d58a420b118ab778afbcf8bf5ccae86186955b0DigPHP, the web based file browser, suffers from a remote file disclosure vulnerability.
137ed2183213444ec50bf2684d013c77e6db58c57e7fbdb23e6d44bacd5f9f38WordPress Website FAQ plugin version 1.0 suffers from a remote SQL injection vulnerability.
194080a9c6d560ac3dd0cf6014d77cc563bfbf371d95c99fbee6c22e24ceed4eDove Forums version 1.0.3 suffers from a cross site request forgery vulnerability.
03a69411efa7ea797c72c3c1d9d50aec88ce945f381905f67ca1dae3d0077606HP Security Bulletin HPSBMU02792 SSRT100820 2 - A potential security vulnerability has been identified with HP Business Service Management (BSM) . The vulnerability could be remotely exploited to allow unauthorized disclosure of information, unauthorized modification, and Denial of Service (DoS) Revision 2 of this advisory.
02ada30c5b2b25138587bce2855554d1cb43092030ae3f9bb9451f0ed3b6029cOpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.
4cc2e247a5f3aaa21b4f53170afeda08847ab6f3934f5cbbdf9af600f6da8c02Slackware Security Advisory - New freetype packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
41cb6e0675fc04dd566d6c6376f8c6fa71e90af8d43606c5430c148c6702b020Red Hat Security Advisory 2012-1041-01 - Red Hat Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server handled password changes. If an LDAP user had changed their password, and the directory server had not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. It was found that when the password for an LDAP user was changed, and audit logging was enabled, the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on", prevents Red Hat Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif".
02001d1e71ee84e1ac827dd563294cf7f71f0d1e542e4d2379a601515d3d2c88Red Hat Security Advisory 2012-1043-01 - libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents. An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect.
e23252ae448c1a44a7f03eeeafc940ab7c8d750681fe5a9dbffb9731f0bfe7c1Red Hat Security Advisory 2012-1042-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.
40cee47ca38fd36212e40e2fc4e2a93d9ca6eec1d81c1a7cbc0f4200899d8b20Secunia Security Advisory - SEC Consult has reported a vulnerability in Zend Framework, which can be exploited by malicious people to disclose sensitive information.
f4599f9fbc1c8138c26b70bb8b8f2a39bee051ef689b31973dd31abcdb907d75Secunia Security Advisory - Red Hat has issued an update for postgresql and postgresql84. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.
de8d3cad81f77cdaa5b68ba7f61935e32af28f8771201960e2a4790449adbe53Secunia Security Advisory - Sense of Security has reported multiple vulnerabilities in Squiz Matrix, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
f7464bd473216b5acea9d5fc7715ef19e6de04eb18ffa6e7aed4f19a3e0d2effSecunia Security Advisory - A vulnerability has been reported in Support Tickets MyTickets, which can be exploited by malicious people to conduct SQL injection attacks.
edb65b1bfb040891e601d335ffe29552ae2aa23ae6031499d53fd544ef9ff755Secunia Security Advisory - Gitsnik has discovered a vulnerability in SoftPerfect Bandwidth Manager, which can be exploited by malicious people to disclose potentially sensitive information.
b37fea7757d55b4644158b61b201ed2a45b2ac680e329f4b0ab07affdbf64f8eSecunia Security Advisory - A vulnerability has been reported in WaveMaker, which can be exploited by malicious people to bypass certain security restrictions.
bd8c21e8722676aee7a75f88abd5e3588a2eba7231b60d82adffec3412b17207Secunia Security Advisory - A vulnerability has been reported in IMP Webmail Client, which can be exploited by malicious people to conduct script insertion attacks.
d6b422fac87fe944fbc538345e9ab3bb1bca256c4c1d0536404c375c0847fac0Secunia Security Advisory - Red Hat has issued an update for postgresql. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.
99cf12afeff86c25c43717ed1dc99a25f6d8aec46965cfff9585431fc34abec2Secunia Security Advisory - Gentoo has issued an update for sendmail. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
f454376bff4abe4b3ac28fc0704c0d88d4fb3261ddb8276fd49a82e789abd5e8Secunia Security Advisory - Gentoo has issued an update for mount-cifs. This fixes a weakness and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and potentially gain escalated privileges.
403952ee0a7472ecf3e7a3a4b33b7519891d865239f22825b18b282c5adc8129Secunia Security Advisory - Gentoo has issued an update for texlive-core. This fixes multiple vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system.
d3088ac468e5810ed3cee612f44196ea8800cded805cc3226be9a42f2778928bSecunia Security Advisory - Gentoo has issued an update for logrotate. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges.
023ec0b3f6fdf86937c131c61d66d400e5bb9cbcabb45a387f66dfcdab1da98fSecunia Security Advisory - A vulnerability has been reported in Apache Roller, which can be exploited by malicious people to conduct cross-site request forgery attacks.
01856174b1dcf04423c8e4deaf524aed773ff87a20f9779011b6cdccad323169Secunia Security Advisory - Gentoo has issued an update for rpm. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to bypass certain access restrictions and gain escalated privileges and by malicious people to manipulate certain data and compromise a user's system.
fcace556e6484d062355dc826185233a8203995cf7f1467961e00ce7c98a059f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed