Apple Security Advisory 2013-09-18-1 - iTunes 11.1 is now available. A memory corruption issue existed in the iTunes ActiveX control. This issue was addressed through additional bounds checking.
46fc7b5eb3fefe13a291247cae855e3a91a0a0bd612ea62733b12ce2dc1e80a2HP Security Bulletin HPSBMU02917 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in command execution and privilege gain. Revision 1 of this advisory.
0d1a08baa3a0a6ee30bc3c3edfb10cec8e27f810dae426c8b9cb3637abbbf8a5vtiger CRM version 5.4.0 suffers from a remote SQL injection vulnerability.
6f1a57864ebc9db55967154960396a0a758db0008927420ffac97caba1e1093cCode Sector TeraCopy versions 2.3 beta 2 and 2.27 integer overflow proof of concept exploit. TeraCopy is prone to an integer overflow vulnerability because it fails to perform adequate boundary checks when reading language files. Successfully exploiting this issue may allow local attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
5c11b78589f464552b6f86071b9f9b527b496eaedc2860065b7a0292d9c201b8Cisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco Prime DCNM is affected by the following vulnerabilities: Cisco Prime DCNM Information Disclosure Vulnerability Cisco Prime DCNM Remote Command Execution Vulnerabilities Cisco Prime DCNM XML External Entity Injection Vulnerability Cisco has released free software updates that address these vulnerabilities. There are currently no workarounds that mitigate these vulnerabilities.
59abee34c5117c85ecf0f7c23a0c36170f53170f33c1427314bb3d0f036af886Cisco Security Advisory - A vulnerability in the web framework of Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance could allow an unauthenticated, remote attacker to access sensitive information on the system. The vulnerability is due to improper user authentication and inadequate session management. An unauthenticated, remote attacker could exploit this vulnerability by submitting a crafted HTTP request to the web user interface. Successful exploitation of this vulnerability may reveal sensitive information, including user credentials. Cisco has released a free software update that addresses this vulnerability. There are currently no workarounds that mitigate this vulnerability.
5f1ed2310f169ed38cbf916780a21a340c395530c7ad52f4ed3be2377ffb974dSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
bd6e4cbf70e2a1d96e177697fd092044a95f075cd9a544217084c854917569d2Debian Linux Security Advisory 2759-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows may lead to the execution of arbitrary code.
55d32055347d4af467fc566b4dc7bd9c67e7e74ad6cd48811322cf8611719708Ubuntu Security Notice 1963-1 - It was discovered that usb-creator was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
fa737444935a8672adeb6a4d6cfbc77b12ae1800c75f2892ca8f18019d684949Ubuntu Security Notice 1952-1 - Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. If a user had scripting enabled, in some circumstances an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
f9eb20686e01bfdc98a78a1cffeea878934e6b7bae8b6f26916712440670244eUbuntu Security Notice 1957-1 - It was discovered that Jockey was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
a0d0e90223af97092ca91dba76ea9d87cdd7d49b4398bdb86894ed3ba7bd719dUbuntu Security Notice 1962-1 - It was discovered that ubuntu-system-service was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
ab04e0bc3bf6ced2a3d77cb39eaf73489e6fdd6a3630c1a1bbd1c32ab8471cecUbuntu Security Notice 1961-1 - It was discovered that systemd was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
8d3f12f496aefbcf0ee96e07388171506a6f132ca36d598b2ad413d8cf4b4c4eUbuntu Security Notice 1960-1 - It was discovered that Software Properties was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
9f102e925fca8275a7633ec18f013c9a2579e16ca7a318ba5fbe7449d41bb4f2Ubuntu Security Notice 1955-1 - It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
5078344d8f0c337690f27f89cdf04501956fac823f9ca2927a7ca2ee9273d027Ubuntu Security Notice 1959-1 - It was discovered that RealtimeKit was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
8451920a39790b95476dece7cb3f02ad21d25f9d915f1b408cc768c05e5a3a8eUbuntu Security Notice 1954-1 - It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04. Various other issues were also addressed.
59ff3bfce1b5160cbf39adc5e7dbd353a7a26360a5e79205fa96bcdf56cace17Ubuntu Security Notice 1956-1 - It was discovered that HPLIP was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
71e03f17753583dab5bfb5951604d6afb1f873179ad5a70e5586190649331a95Ubuntu Security Notice 1958-1 - It was discovered that language-selector was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
58028b017f1117eeec196c3ed1b1912a44828f3b1dbf9810531a1dcbd68729ecUbuntu Security Notice 1953-1 - It was discovered that polkit didn't allow applications to use the pkcheck tool in a way which prevented a race condition in the UID lookup. A local attacker could use this flaw to possibly escalate privileges.
528785d61b42c1f01b4bfaa52b123f7ee07cc62e133897d8fdc089aa6ad23405Debian Linux Security Advisory 2760-1 - Florian Weimer discovered two security problems in the Chrony time synchronization software (buffer overflows and use of uninitialized data in command replies).
4a636149305d24d77a8f8ac8d4a99383a8fb9b7b850ae3a3e96a487f69a984bbMandriva Linux Security Advisory 2013-237 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash. Various other issues were also addressed.
4df6d780c957375d37c25593963fc5e1842fc80c3ddda22c77a645e6dd88d036Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
e23c9a111ea6463e49234dcda90c14a9047eb8129aaf82df92218b7ccbd7a00bCryptHook is a modular implementation for securing and layering cryptography for existing applications with symmetrical block cipher encryption. It works by hooking the base system calls for network communication send/sendto and recv/recvfrom. Crypthook will work with any existing application that relies on these system calls. Full example at their homepage includes tunneling SSH through the encrypted wrapper.
fc13d7556b46c8a8c4a1900b3b5fe6de507d49964efdbcce7f930cb720a1523bGerman ERP system "Sage Office Line" suffers from a database user privilege escalation vulnerability.
6b2c5fa4f2bb2555c4ee0b0a396286b2dffd144b07959e79d7e2769d73efab17
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed