Secunia Security Advisory - High-Tech Bridge SA has discovered two vulnerabilities in Support Incident Tracker, which can be exploited by malicious people to conduct cross-site scripting attacks.
703eeea2098a3b559476f109f186019a4191ceb0cda709e5ccfa2e2e750764dbSecunia Security Advisory - A weakness has been reported in Evolution, which can be exploited by malicious people to disclose potentially sensitive information.
6b798230fbd636cface99fbbb12cc1a65b1a0f0793600d4814874a3c577730b1Secunia Security Advisory - A vulnerability has been reported in the s2Member plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
b8d8bef45cba76f5fb9f99685d1eef5ebfe8832dcad88eb095e972cecf9f12c6Devilzc0de E-Zine Volume #3 - Topics include Hacktivism and Generation X, Cyberpunk or Mercenaries, WebDAV Vulnerability Exploitation, and more. Written in Indonesian.
9adf7063abb50280f393b167258e6cc3ba1406211cdf116d4907e9165fc07270Ubuntu Security Notice 1206-1 - Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges.
5008b275a2294bfe9630389810dda315425a2457a6ed2c70cf79c358c19fb002Red Hat Security Advisory 2011-1289-01 - The librsvg2 packages provide an SVG library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 to crash or, potentially, execute arbitrary code.
525c59d01cece717e4a2e159f6e44adb2abe9aea54c1572dd39515392783a5f1Technical Cyber Security Alert 2011-256A - There are multiple vulnerabilities in Microsoft Windows, Microsoft Server Software, and Microsoft Office. Microsoft has released updates to address these vulnerabilities.
04b9a7840c265139a735af76daf2ac1704371fe287fd5d67f4b6e543a9f3a805Ubuntu Security Notice 1205-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
e901cc91b033169b3dfc85934ff4ac4f1d05b966694731a50e4441e8edea0d07Beckhoff TwinCAT versions 2.11.0.2004 and below suffer from a denial of service vulnerability.
9ae5fa0332f0210ce3e53d42906d8106eabd9512e4c02fcbfec8ff8f35aafb88Measuresoft ScadaPro versions 4.0.0 and below suffer from directory traversal, denial of service, and stack overflow vulnerabilities.
6639f15d908f337b59c6e233d17567a8e75300c3d7445e8916701a7b3a05d9d5Rockwell RSLogix versions 19 and below suffer from a denial of service vulnerability. Proof of concept included.
c9770b73bffdf1e561ce9b9d72d5919869a906d5d974c2c7a7559369770ee038Carel PlantVisor versions 2.4.4 and below suffer from a directory traversal vulnerability. Proof of concept included.
0db85f30f0a2817ff4d7b01422999cb7780a4d95bea77d105d433dc8693906b9WordPress WP e-Commerce plugin versions 3.8.6 and below suffer from a remote SQL injection vulnerability.
c4c2c9fd3539e37e396a6dd367c331b3dc2180f788082589258dcfc95456ba65Ubuntu Security Notice 1204-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
d65a3d265010dcc757cc58fad050e2727d47806e2609d736043b0ff3e79a9e82Minmax suffers from a remote SQL injection vulnerability.
3c5fba7a81330121225fa2f5c04e7c1bc9567e05fa83a5ecc9fe5fa5348703e5Ubuntu Security Notice 1203-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
286bb941d7141b756b5c455e3e57f8e085d01c33d50b9139d9d2c90312850771Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed.
b470551b1de773c77d363adf5b0cb1910cc8654d0405c8a191ad8f00fd5d2535Ubuntu Security Notice 1201-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
594e6301fd8adfd138461fd891793167bc75a8565f367e0d80fc7bc3941f4ea0Microsoft SharePoint 2007 suffers from a cross site scripting vulnerability.
058df080bfcc5f51014f1812c8ed85e68f7f65b3a8eb3199b836b15e4734c8f1HP Security Bulletin HPSBMU02703 SSRT100242 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS), unauthorized disclosure of information, and unauthorized modification. Revision 1 of this advisory.
75de751a4287f32386dabc6d179d2a4b302417bdde21ca7428eb0ee5193be5ddPragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
15775dc3f5bfa268b960b52de96bb01e64c87d9edf2097efa8ca6c9f34693580Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a heap overflow vulnerability.
1a18eb34d2ac8c1bfd2abb31f68a4a81b7ee2b9c873dea6e6ae7fcb46c47fe97Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
a0fbee0dcee72f289887ea9255884ea07f7063636fa36519fec2e0f35fcc35caDAQFactory versions 5.95 build 1853 and below suffer from a stack overflow vulnerability. Proof of concept included.
2aa39c968d5c45275fa5dbe8c0c9813e0c35a6707e64062ce8ccdf0f1411b7f3Secunia Security Advisory - Two vulnerabilities have been reported in multiple TIBCO Managed File Transfer products, which can be exploited by malicious people to conduct cross-site scripting and session fixation attacks.
ff90d4c0e0499ae4d46347f73f1afecb90989f247813681fb9aa10d6e729dc96
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed