Secunia Security Advisory - High-Tech Bridge SA has discovered two vulnerabilities in Support Incident Tracker, which can be exploited by malicious people to conduct cross-site scripting attacks.
703eeea2098a3b559476f109f186019a4191ceb0cda709e5ccfa2e2e750764db
Secunia Security Advisory - A weakness has been reported in Evolution, which can be exploited by malicious people to disclose potentially sensitive information.
6b798230fbd636cface99fbbb12cc1a65b1a0f0793600d4814874a3c577730b1
Secunia Security Advisory - A vulnerability has been reported in the s2Member plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
b8d8bef45cba76f5fb9f99685d1eef5ebfe8832dcad88eb095e972cecf9f12c6
Devilzc0de E-Zine Volume #3 - Topics include Hacktivism and Generation X, Cyberpunk or Mercenaries, WebDAV Vulnerability Exploitation, and more. Written in Indonesian.
9adf7063abb50280f393b167258e6cc3ba1406211cdf116d4907e9165fc07270
Ubuntu Security Notice 1206-1 - Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges.
5008b275a2294bfe9630389810dda315425a2457a6ed2c70cf79c358c19fb002
Red Hat Security Advisory 2011-1289-01 - The librsvg2 packages provide an SVG library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 to crash or, potentially, execute arbitrary code.
525c59d01cece717e4a2e159f6e44adb2abe9aea54c1572dd39515392783a5f1
Technical Cyber Security Alert 2011-256A - There are multiple vulnerabilities in Microsoft Windows, Microsoft Server Software, and Microsoft Office. Microsoft has released updates to address these vulnerabilities.
04b9a7840c265139a735af76daf2ac1704371fe287fd5d67f4b6e543a9f3a805
Ubuntu Security Notice 1205-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
e901cc91b033169b3dfc85934ff4ac4f1d05b966694731a50e4441e8edea0d07
Beckhoff TwinCAT versions 2.11.0.2004 and below suffer from a denial of service vulnerability.
9ae5fa0332f0210ce3e53d42906d8106eabd9512e4c02fcbfec8ff8f35aafb88
Measuresoft ScadaPro versions 4.0.0 and below suffer from directory traversal, denial of service, and stack overflow vulnerabilities.
6639f15d908f337b59c6e233d17567a8e75300c3d7445e8916701a7b3a05d9d5
Rockwell RSLogix versions 19 and below suffer from a denial of service vulnerability. Proof of concept included.
c9770b73bffdf1e561ce9b9d72d5919869a906d5d974c2c7a7559369770ee038
Carel PlantVisor versions 2.4.4 and below suffer from a directory traversal vulnerability. Proof of concept included.
0db85f30f0a2817ff4d7b01422999cb7780a4d95bea77d105d433dc8693906b9
WordPress WP e-Commerce plugin versions 3.8.6 and below suffer from a remote SQL injection vulnerability.
c4c2c9fd3539e37e396a6dd367c331b3dc2180f788082589258dcfc95456ba65
Ubuntu Security Notice 1204-1 - Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
d65a3d265010dcc757cc58fad050e2727d47806e2609d736043b0ff3e79a9e82
Minmax suffers from a remote SQL injection vulnerability.
3c5fba7a81330121225fa2f5c04e7c1bc9567e05fa83a5ecc9fe5fa5348703e5
Ubuntu Security Notice 1203-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
286bb941d7141b756b5c455e3e57f8e085d01c33d50b9139d9d2c90312850771
Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed.
b470551b1de773c77d363adf5b0cb1910cc8654d0405c8a191ad8f00fd5d2535
Ubuntu Security Notice 1201-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. Various other issues were also addressed.
594e6301fd8adfd138461fd891793167bc75a8565f367e0d80fc7bc3941f4ea0
Microsoft SharePoint 2007 suffers from a cross site scripting vulnerability.
058df080bfcc5f51014f1812c8ed85e68f7f65b3a8eb3199b836b15e4734c8f1
HP Security Bulletin HPSBMU02703 SSRT100242 - Potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS), unauthorized disclosure of information, and unauthorized modification. Revision 1 of this advisory.
75de751a4287f32386dabc6d179d2a4b302417bdde21ca7428eb0ee5193be5dd
Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
15775dc3f5bfa268b960b52de96bb01e64c87d9edf2097efa8ca6c9f34693580
Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a heap overflow vulnerability.
1a18eb34d2ac8c1bfd2abb31f68a4a81b7ee2b9c873dea6e6ae7fcb46c47fe97
Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
a0fbee0dcee72f289887ea9255884ea07f7063636fa36519fec2e0f35fcc35ca
DAQFactory versions 5.95 build 1853 and below suffer from a stack overflow vulnerability. Proof of concept included.
2aa39c968d5c45275fa5dbe8c0c9813e0c35a6707e64062ce8ccdf0f1411b7f3
Secunia Security Advisory - Two vulnerabilities have been reported in multiple TIBCO Managed File Transfer products, which can be exploited by malicious people to conduct cross-site scripting and session fixation attacks.
ff90d4c0e0499ae4d46347f73f1afecb90989f247813681fb9aa10d6e729dc96