Oracle Workflow is part of the database or application server installation. The parameter response form is vulnerable against XSS/CSS attacks.
2eb6c4ef458b17429b16b1a95e05c214585b85fc4637ec1a482c95d69ecf2c6fUbuntu Security Notice USN-211-1 - Hadmut Danish discovered an information disclosure vulnerability in the key selection dialog of the Mozilla/Thunderbird enigmail plugin. If a user's keyring contained a key with an empty user id (i. e. a key without a name and email address), this key was selected by default when the user attempted to send an encrypted email. Unless this empty key was manually deselected, the message got encrypted for that empty key, whose owner could then decrypt it.
15251a7898ac8f26d9970d075f01be3625c63059e6609f41c62dcd1dd6737e59Gentoo Linux Security Advisory GLSA 200510-18 - RedHat reported that pnmtopng is vulnerable to a buffer overflow. Versions less than 10.29 are affected.
b6fcea74d0ed679c88e40d8e959391fc05cd6ec9dfc18d7c30fc0d65a7099de0Gentoo Linux Security Advisory GLSA 200510-17 - Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Versions less than 2.2.11 are affected.
e7e66e422db95c30c79aa3f04099d0c57b9306bd7186e3754307131367a27ed6Mandriva Linux Security Update Advisory - Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code.
ab8941b3a540e289eb42a82f483c7ffbd67af77efba8be26cecb24ffb9d35617Mandriva Linux Security Update Advisory - Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.
df8d7dc5bef1b8661acb2ae9fd7ad34493349baa3daba6e152d7f4fa96136577Mandriva Linux Security Update Advisory - A bug was found in the way the pam_ldap module processed certain failure messages. If the server includes supplemental data in an authentication failure result message, but the data does not include any specific error code, the pam_ldap module would proceed as if the authentication request had succeeded, and authentication would succeed. This affects versions 169 through 179 of pam_ldap.
1c8c93daaa5f913213407f6a73ad9ff723b3821b0c481e4640796f19fd334bd6Mandriva Linux Security Update Advisory - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.
2d5b26da4c2651904587f7e2e1c4a615c6750ac7d289224abbbeb27829f09aeeMandriva Linux Security Update Advisory - Javier Fern
1e8cee6ff1485779117b7c9f67f24678d6f076377f7903083aa290c52eb891f7Mandriva Linux Security Update Advisory - Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitize data read from an SVG file and is hence vulnerable to execute arbitrary Python code.
f000475a6708305f86349410e4b1108f015d991817e44392ae088316b69a934bSecunia Security Advisory - Gentoo has issued an update for phpmyadmin. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
f7604f37c4fee38c638e4dee70d2cfbd5f3822ecaeb8d1aed90f2eda9360c472Secunia Security Advisory - IBM has acknowledged a vulnerability in IBM HTTP server, which can be exploited by malicious people to conduct HTTP request smuggling attacks.
379b56c8a3e1aa42f93738f96d18ea8e359fd6ce40f80650a9736b3a6442e30aSecunia Security Advisory - Thomas H. Ptacek has reported a vulnerability in Network Appliance Data ONTAP, which can be exploited by malicious people to bypass certain security restrictions.
8dbd4b266ae1477f111ab6cf3bfcdd5b401b02d907fccf2f8cee27a93912ce2e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed