Secunia Security Advisory - A vulnerability has been reported in the Xmap component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
4ad827d7506e3fc9d3e1ea56f21dcab4ecb74d2d7e0c363357b7c0ad42f06384Secunia Security Advisory - A vulnerability has been discovered in PG Newsletter, which can be exploited by malicious people to conduct cross-site request forgery attacks.
bff7b9250d632d13d086411613b6593b56532d4531b9625bc3c75eedeac1ca53Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
a0b9e0ca95eec52b9bbf0c29529435da64af9b3dfa943dbeca0cd77bf223edf2Ubuntu Security Notice 1167-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the CAN protocol on 64bit systems did not correctly calculate the size of certain buffers. A local attacker could exploit this to crash the system or possibly execute arbitrary code as the root user. Various other issues were also addressed.
8526a398ece12352476245b529d050abf1036c6d1dbd6b2e79564438cb5f197cArachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application's cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
df5eb52282bc9cda9dccf0b49d00bc607b71300cc080cc1a667823a19d6f4889TCExam versions 11.2.011 and below suffer from multiple remote SQL injection vulnerabilities.
914e1468f043c743fbcb3539d34a062ed28fec35ba1be0ed6dab33cd0deb9e05Torque Server versions prior to 2.4.1.4 and 3.0.[0,1] suffer from a buffer overflow vulnerability.
d42dea2627d928ed2511106108e44d93bc90572f0feebc4a43a5e9fbfbcc8c7bUbuntu Security Notice 1161-1 - Vasiliy Kulikov discovered that kvm did not correctly clear memory. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. Timo Warns discovered that the LDM disk partition handling code did not correctly handle certain values. By inserting a specially crafted disk device, a local attacker could exploit this to gain root privileges. Various other issues were also addressed.
7fa90836e44442172cf8b1b95f7fecc0dda61b8fd76a598bf22b7b31c19adb0bOpenslaed version 1.2 remote shell upload exploit.
f958405e55ca4fd70ead2309add9fa2c4402678aaee4dae8a0db1c250d66e191TCExam versions 11.2.011 and below suffer from multiple pre and post auth cross site scripting vulnerabilities when parsing user input to multiple parameters via GET and POST method in multiple scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.
124989b21ffded644a3bd7fb5253e0bf4a9f3a0f8cf17bb80608ab44fd14748fUbuntu Security Notice 1169-1 - William Grant discovered that APT incorrectly validated inline GPG signatures. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
150a4d5e8373a702f1e498d0038f36ca9c06e6efaa0ad13e86d4ab73f648a48dUbuntu Security Notice 1159-1 - Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. Alexander Duyck discovered that the Intel Gigabit Ethernet driver did not correctly handle certain configurations. If such a device was configured without VLANs, a remote attacker could crash the system, leading to a denial of service. Various other issues were also addressed.
b846a972a635d2f4929093c13ed01b597ac9a45ad66ad9a96e3d4bd83abe9d31
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed