HP Security Bulletin HPSBMU02692 SSRT100581 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and session fixation attacks. Revision 2 of this advisory.
508d1559d89320405239c5eb35a45affc1c33b2a551d9a884e70aa8152c778f1
Gopal Systems suffers from a remote SQL injection vulnerability.
c4c45321e921a3f9a6d7f459ed04131b5d68962b1b6a3b5ec4b64dda6e583ad9
MinaliC Webserver suffers from a cross site scripting vulnerability in the generated 404 page.
900ea491b5a59093ad12a47315ce52d24123e044ab6e62772d3b13759ddaa82d
Zero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.
271b74fa85acb6b77a0e3a8b90d17138c1ec8c1c86c7849005154a58cb31c6e6
Ubuntu Security Notice 1178-1 - Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties. This could allow a remote attacker to discover a user's name and home directory path. Omair Majid discovered that an unsigned Web Start application could manipulate the content of the security warning dialog message to show different file names in prompts. This could allow a remote attacker to confuse a user into granting access to a different file than they believe they are granting access to. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
5cb5e15a07f22e63f6d9edc10245fda02e4b60327dd01c9ab1b2dc2afcfb6e68
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
dc42956bfa5a0c4f703353ace2a36ddfec985f4431ab00c00ae0ac9ca6f672c0
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
dad3a6b6bc6fcbc1af079e26c0abf9e0e63fd12eb0119130416fa97ea1b90860
Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.
c77806e149b7ed7d8bb527e74ed4baeb5468785171b305a6292706dc8e3612ae
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site scripting vulnerability in metricDetail$type page.
087486ac60948e189899abff4dae7805c01b78640fe84839c801c1715472c761
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 suffer from a cross site scripting vulnerability in the sitemap page.
2d2e8a23b77a464daf4d66e9542bc1895e84d4678c78de23ce14000bbad606b1
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.
d989295721cf25dcaaf465c895ff883a1a87f32d52287e19579dc907b0d097ef
Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.
d4672741754f3365fd9a11174f8e639731c1141c66b463d714e1cd9022daa858
PHPJunkyard 1.3 suffers from an open redirection vulnerability.
d235ad3a7ba3f0c743348f449d622badf370df041465698bce0d3d51132d2012
GBook PHP Guestbook version 1.7 suffers from multiple cross site scripting vulnerabilities.
59588e417db809bf333435c7a8cabc9f2c8964839b18cfe2446d56abeb28c186
Cisco suffers from privilege escalation and remote SQL injection vulnerabilities.
25407353caf6aca542808b9d27be690ffb02e2d5aac3225f07064d6caa0b06dd
Secunia Security Advisory - NetBSD has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
9acc753f3d9c094fe177afe149eaaf640dccbc2b6f06ac2f37e609c9e5f9ec3e
A vulnerability exists in EMC Data Protection Advisor versions prior to 5.8.1 in which sensitive information may be exposed in clear text in the configuration file.
9294e4bb8f2203229a5181951b2da900fd93ca05828d5ac6955e058f59d54f4b
Secunia Security Advisory - Two security issues have been reported in SystemTap, which can be exploited by malicious, local users to gain escalated privileges.
c0dbb2112bed2d0dac79bb6c7197a498ec71efdb323b5e03dd479444d33d6de6
Secunia Security Advisory - A weakness has been reported in EMC Data Protection Advisor, which can be exploited by malicious, local users to disclose sensitive information.
c9a596d08a50673dd326cfcea98291b7975bcc4252e482d6626d64d68fa025e8
Secunia Security Advisory - Two vulnerabilities have been reported in EMC Captiva eInput, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
e72360fb0b7188620fb48bdc898138f989ad6b80c09debccc154f75c82671857
Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
92d8e44f7a5fad7a1d2b7898bceea635e0282d61c3ed12f62366cffde99dd1f6
Secunia Security Advisory - Two vulnerabilities have been reported in HP SiteScope, which can be exploited by malicious people to conduct cross-site scripting and session fixation attacks.
c5e9db1031c433dafbf0b769df2d4310c8574b1fb9a1b98751d57c4fa8fdb339
Secunia Security Advisory - SUSE has issued an update for opie. This fixes two vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
e7ae15bbac85536dc25729621a3561c489d6152ba4d534fe515eac56591a1269
Secunia Security Advisory - SUSE has issued an update for compat-openssl097g. This fixes multiple vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and cause a DoS (Denial of Service).
bf6054c712df78f3c8014d5f5bf1b09c2eab8c9eb918f64006bfa34f6716823c
Secunia Security Advisory - A vulnerability has been discovered in MinaliC, which can be exploited by malicious people to disclose sensitive information.
8f41dd9abece3a5d3401e86190413546c90ea8539df91dba2549249592cc10cd