Ubuntu Security Notice 1555-1 - Chen Haogang discovered an integer overflow that could result in memory corruption. A local unprivileged user could use this to crash the system. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.
c7f820ef558c291242f797a29db3c66ced673b347c670f76cf8d6550232264ddUbuntu Security Notice 1554-1 - A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service.
eb969b20b2fcb4058da23a1495727724e88c3ab922f264b252e4e45c0974121fDebian Linux Security Advisory 2538-1 - It was discovered that Moin, a Python clone of WikiWiki, incorrectly evaluates ACLs when virtual groups are involved. This may allow certain users to have additional permissions (privilege escalation) or lack expected permissions.
b49bdde2d2c3682af30f6bcd08ac545749987d366c9d780dfe603a1a686302efRed Hat Security Advisory 2012-1235-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.
2e72404216c3ee627824dd4a583eb5f74d5968989dd2fb3e58110197360a194dRed Hat Security Advisory 2012-1234-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of KVM.
6a384c1a9ccd0779f022edf973bed9cfca61a4984ea14e178600b74973b2f749Red Hat Security Advisory 2012-1236-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem only affected fully-virtualized guests that have a serial or parallel device that uses a virtual console back-end. By default, the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected.
5a437dc88e25e547dd5a7f8d93690e54170211af6651faf9d1b63726921ed829Red Hat Security Advisory 2012-1232-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.2 serves as a replacement for JBoss Enterprise Portal Platform 5.2.1, and includes bug fixes.
bfe1fd78f8e8200d810ee7a288e9dc1353758cb7ece9cd3e7b7a530ff76c782bRed Hat Security Advisory 2012-1233-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev packages form the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. When using qemu-kvm-rhev on a Red Hat Enterprise Linux 6 host not managed by Red Hat Enterprise Virtualization:
e3a4ad3b13850d26853b138ed415d5a6fb1f4177d92964ebb3a55a1b66817641Since its introduction in 2006, PyDbg has become an essential tool for security researchers and reverse engineers. It is mainly used to discover various software vulnerabilities and weaknesses, as well to analyze malware and perform computer forensics. The present publication is aimed to provide a reader with an introduction to the Python based debugger and deliver practical and real examples of this powerful security tool usage.
fe6ebddfdd8a95029596ddb6ff5ad30b306c35a3bb7552b5ec2d24ca4413b8b2Kiwicon Six Call For Papers - This year Kiwicon will be held from November 17th through 18th, 2012 in Wellington, New Zealand.
d5314c7019b219a28162f700d81f7d5014ec5bdbaf962ca08a5d746a47bd5e9f2xpress CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
25be48e62ff0dfc86f603f600e50c9b7615c015e14b17d0f622b567d1c8bd8caDrop CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
552194a462846d3db192d1445350565813e72cf8784fdf80e0179a8cea5712d7WEBSKINZ CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
75bae800d514224f82a832070bc74c18ec07aa12a50161b4b60e34a49d0c69acSyracuse CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
87e2b615adc6d0c503232a80105dd0bf9b51fef607da26b7a88067c604ca964dThoughtmedia CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
e02f8532feb88bdbb0109ca09317381e18ea7bfed14c3eae7e499f3ae5a5cfb2mws.ask.com suffers from a cross site scripting vulnerability.
4f06466ef9591b8fe9a3ffc5cdac48c0c2f753a65c155ffa02769712f2eadcecSymbion Productions CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
76853ac21cecd37206312b7c54d97ea8d5cace7541d04357303730d826f4d99cExtCalendar 2 suffers from remote SQL injection and cross site scripting vulnerabilities.
6b5f29099e2db9b381424196371bf2687a5a04c7ab036f78b8450aa121b8e0d7VMWare Tools is susceptible to binary planting / DLL hijacking.
a5afa2cae5897fae7262a3d6b11dc9f82588dd140249726ec6121a847aca0b9aGentoo Linux Security Advisory 201209-1 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which could result in execution of arbitrary code. Versions less than 11.2.202.238 are affected.
ab8afaa2bcaee1d350255c5850fdd15d753ba3d3c2bafa092addf1b1237d6d86This Metasploit module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The DeploymentFileRepository methods are only available on Jboss 4.x and 5.x.
c6b0010812e226801e4d081ec2319bf266148f85a99286b7a0ea268acccbcd45This Metasploit module exploits a vulnerability in MobileCartly. The savepage.php file does not do any permission checks before using file_put_contents(), which allows any user to have direct control of that function to create files under the 'pages' directory by default, or anywhere else as long as the user has WRITE permission.
d2b93bba6358674606a2931cdca65cfb7a3dc0f305c1159a3307f8e62152044eBarracuda Web Filter 910 version 5.0.015 suffers from multiple cross site scripting vulnerabilities.
7498fa1ce74bf395463fc3696964a9228f48aa70b038d30e5cb38864689ef937eFront Enterprise version 3.6.11 suffers from multiple cross site scripting vulnerabilities.
4a21ace72a5221d1b0ddb0fc174f1fbe3aaf1ef1e0ed063b8a30273446d7d3eb360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
a8af9a4806465b18cd3cb04ff8798af3257fd0cfdb61642e04c8cd8f73566b47
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed