Mandriva Linux Security Advisory 2012-139 - Multiple vulnerabilities has been discovered and corrected in postgresql. libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
b626ecf629cea63c6722a9394e10f6f5f9a0c83303712b7e5640c33051aebdb6Mandriva Linux Security Advisory 2012-140 - Cross-site scripting vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. The updated packages have been patched to correct this issue.
3d141ef4c46f1abdd3beec20f1fca302eb29ec58c0221662a9b904124bf1f03fSysAid Helpdesk Pro version 8.5.04 suffers from a stored cross site scripting vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
03c43058e177e3b91020c6e39d3d4b8fef0a48ac9173faa8dfc4180f12dd8a08SysAid Helpdesk Pro version 8.5.04 suffers from a remote blind SQL injection vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
fa0cc50d3a2adf2a8ddb3859e8fb079052be312b93323a5634d101115b058456Moodle CMS version 2.2.1 suffers from a stored cross site scripting vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
4a0870cfddbf39fd62f02df0db57dd921f34ce9e7f9ed2934dac0a28128680f8Squiz CMS version 11654 suffers from a directory traversal vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
bd1d48dd97d7de5029f3cb53576f8191116e49f18e456dc5eea6446e09176111Apple Security Advisory 2012-08-20-1 - Apple Remote Desktop 3.6.1 is now available and addresses a failed encrypted connection that may result in an information disclosure vulnerability.
f27f103fee4eeb50dc396bf4a3750d2154a0a596681618a2c6f7ad7d0c9defb8This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. In order to trigger the vulnerability valid credentials with the create folder permission must be provided. The HTTP option must be enabled on Sysax too. This Metasploit module will log into the server, get a SID token, find the root folder, and then proceed to exploit the server. Successful exploits result in SYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.
422ebcc0706927fdc0d3540364b547ee04c57ddb23038a64dcb8dc6be41b6f88Divx version 6.8.2 suffers from a denial of service vulnerability.
9e4f3b9ce274360447887becad17d4617d27a3dc9c999659e4bc9cd7e48a92c4Debian Linux Security Advisory 2531-1 - Several denial-of-service vulnerabilities have been discovered in Xen, the popular virtualization software.
9f9933a091cc52467042db0785c8656fdbed09ca5667d0981881de73077fc6a8Red Hat Security Advisory 2012-1180-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
5fe242f87bec9fe61d0273ef28381208c2155f5a6a03b6ffdb51a02ab7105d57Red Hat Security Advisory 2012-1181-01 - The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.
d07a668d4092b975d010a7e8cabb42339fa978256fe5994567236ee4a082550aSecunia Security Advisory - Two vulnerabilities have been reported in Hastymail2, which can be exploited by malicious people to conduct script insertion attacks.
8e3d34f8b3f2077438fd0c8a557651e36c9cf694a0edcf67e0c37f6d5030004cSecunia Security Advisory - Debian has issued an update for xen. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
68b38fae0c6aa70ed26b895fbf026dc28737dc7c1529b01bf9d30c4d4a9145bcSecunia Security Advisory - Ibrahim El-Sayed has reported some vulnerabilities in ManageEngine OpStor, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
f738a9ba321caf81a4f45ebcb103ab7d5c8ecd11dd8a6a7c83d07fcbf9f03503Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
229a3c51a45ec5b3514b491e049d9cbf4c265ad0d7cbb30e35e5a5e2cd21635dSecunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
e62c278c5ea96f73fba7ba3fa411c328bad60e75103573d520ed2e8eca66ef74ICAL version 1.0 suffers from a remote SQL injection vulnerability.
365d857493ea945924644e4a436ab74b9d8e2d57980d365cd33cab7dc0464be3Secunia Security Advisory - A vulnerability has been reported in HP ServiceGuard, which can be exploited by malicious people to cause a DoS (Denial of Service).
4e9f81968284b34089675eab253ad392e6a3685821db10c63654deb311892dbcSecunia Security Advisory - A vulnerability has been reported in OTRS, which can be exploited by malicious people to conduct script insertion attacks.
62662fb0917e56027fd346d0685a1f127aa3fffe675245cea30d38ddab762afdSecunia Security Advisory - Some vulnerabilities have been reported in GIMP, which can be exploited by malicious people to compromise a user's system.
1f1316645df5df97210bf9e034d33467b589eb48f5f02f67b1c02dc2bd26ca62Secunia Security Advisory - Multiple vulnerabilities have been reported in McAfee Security for Microsoft SharePoint and McAfee Security for Microsoft Exchange, which can be exploited by malicious people to compromise a user's system.
1b96f725cd09e98614ef2fed1a60e7ca3ccba63efe4b7157ef2246e75849b23dSecunia Security Advisory - A vulnerability has been reported in McAfee SmartFilter Administration, which can be exploited by malicious people to compromise a vulnerable system.
a703b1a95357d6c56e78153fecfe2423f047d759e2a36648b9be443b22464153Secunia Security Advisory - Some vulnerabilities have been reported in MDaemon, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
edf4f6b05952076f79f675f6b73d19de37f806e58b45ff40ce877f5d1bc14d5cSecunia Security Advisory - Ubuntu has issued an update for nss. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
a22ea235370e731b0b3d70da6236fbddeeb7d1c26ee36b8ee1fb96de0c26e4b5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed