HP Security Bulletin HPSBMU02692 SSRT100581 2 - Potential security vulnerabilities have been identified with HP SiteScope. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and session fixation attacks. Revision 2 of this advisory.
508d1559d89320405239c5eb35a45affc1c33b2a551d9a884e70aa8152c778f1Gopal Systems suffers from a remote SQL injection vulnerability.
c4c45321e921a3f9a6d7f459ed04131b5d68962b1b6a3b5ec4b64dda6e583ad9MinaliC Webserver suffers from a cross site scripting vulnerability in the generated 404 page.
900ea491b5a59093ad12a47315ce52d24123e044ab6e62772d3b13759ddaa82dZero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.
271b74fa85acb6b77a0e3a8b90d17138c1ec8c1c86c7849005154a58cb31c6e6Ubuntu Security Notice 1178-1 - Omair Majid discovered that an unsigned Web Start application or applet could determine the path to the cache directory used to store downloaded class and jar files by querying class loader properties. This could allow a remote attacker to discover a user's name and home directory path. Omair Majid discovered that an unsigned Web Start application could manipulate the content of the security warning dialog message to show different file names in prompts. This could allow a remote attacker to confuse a user into granting access to a different file than they believe they are granting access to. This issue only affected Ubuntu 11.04. Various other issues were also addressed.
5cb5e15a07f22e63f6d9edc10245fda02e4b60327dd01c9ab1b2dc2afcfb6e68Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
dc42956bfa5a0c4f703353ace2a36ddfec985f4431ab00c00ae0ac9ca6f672c0The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
dad3a6b6bc6fcbc1af079e26c0abf9e0e63fd12eb0119130416fa97ea1b90860Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.
c77806e149b7ed7d8bb527e74ed4baeb5468785171b305a6292706dc8e3612aeTeam SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site scripting vulnerability in metricDetail$type page.
087486ac60948e189899abff4dae7805c01b78640fe84839c801c1715472c761Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7 suffer from a cross site scripting vulnerability in the sitemap page.
2d2e8a23b77a464daf4d66e9542bc1895e84d4678c78de23ce14000bbad606b1Team SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, and 10.2.0.4 suffer from a cross site scripting vulnerability in the notifRuleInfo$mode page.
d989295721cf25dcaaf465c895ff883a1a87f32d52287e19579dc907b0d097efTeam SHATTER Security Advisory - Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5, 11.1.0.1 and Oracle Enterprise Manager control included in Oracle Database versions 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 suffer from a cross site request forgery.
d4672741754f3365fd9a11174f8e639731c1141c66b463d714e1cd9022daa858PHPJunkyard 1.3 suffers from an open redirection vulnerability.
d235ad3a7ba3f0c743348f449d622badf370df041465698bce0d3d51132d2012GBook PHP Guestbook version 1.7 suffers from multiple cross site scripting vulnerabilities.
59588e417db809bf333435c7a8cabc9f2c8964839b18cfe2446d56abeb28c186Cisco suffers from privilege escalation and remote SQL injection vulnerabilities.
25407353caf6aca542808b9d27be690ffb02e2d5aac3225f07064d6caa0b06ddSecunia Security Advisory - NetBSD has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
9acc753f3d9c094fe177afe149eaaf640dccbc2b6f06ac2f37e609c9e5f9ec3eA vulnerability exists in EMC Data Protection Advisor versions prior to 5.8.1 in which sensitive information may be exposed in clear text in the configuration file.
9294e4bb8f2203229a5181951b2da900fd93ca05828d5ac6955e058f59d54f4bSecunia Security Advisory - Two security issues have been reported in SystemTap, which can be exploited by malicious, local users to gain escalated privileges.
c0dbb2112bed2d0dac79bb6c7197a498ec71efdb323b5e03dd479444d33d6de6Secunia Security Advisory - A weakness has been reported in EMC Data Protection Advisor, which can be exploited by malicious, local users to disclose sensitive information.
c9a596d08a50673dd326cfcea98291b7975bcc4252e482d6626d64d68fa025e8Secunia Security Advisory - Two vulnerabilities have been reported in EMC Captiva eInput, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
e72360fb0b7188620fb48bdc898138f989ad6b80c09debccc154f75c82671857Secunia Security Advisory - SUSE has issued an update for freetype2. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
92d8e44f7a5fad7a1d2b7898bceea635e0282d61c3ed12f62366cffde99dd1f6Secunia Security Advisory - Two vulnerabilities have been reported in HP SiteScope, which can be exploited by malicious people to conduct cross-site scripting and session fixation attacks.
c5e9db1031c433dafbf0b769df2d4310c8574b1fb9a1b98751d57c4fa8fdb339Secunia Security Advisory - SUSE has issued an update for opie. This fixes two vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
e7ae15bbac85536dc25729621a3561c489d6152ba4d534fe515eac56591a1269Secunia Security Advisory - SUSE has issued an update for compat-openssl097g. This fixes multiple vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and cause a DoS (Denial of Service).
bf6054c712df78f3c8014d5f5bf1b09c2eab8c9eb918f64006bfa34f6716823cSecunia Security Advisory - A vulnerability has been discovered in MinaliC, which can be exploited by malicious people to disclose sensitive information.
8f41dd9abece3a5d3401e86190413546c90ea8539df91dba2549249592cc10cd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed