Pantech Link/P7040P browser SSL certificate parsing contains a flaw where it fails to check the Basic Constraints parameter of certificates in the chain.
05ac689c17d1d0ced452b3a748d9579a449b11a3cf9146257494b471ee8787a9Snippet CMS version 2.9 suffers from a cross site scripting vulnerability.
ce28103ed4c015dcfa61b7684505164a0f275baf87d3f73ee702361d91a0f0afDebian Linux Security Advisory 2310-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak.
0ade6375df4fb18e4bf4cc0f6541e056556cbe078ca3ef9db083dea13e260836IceWarp Mail Server versions 10.3.2 and below suffer from XML external entity injection and PHP information disclosure vulnerabilities.
177fcab56aba98987239362bc9964a8f77c924d6b9828e6ee3cf63ed1cfab71aSunway ForceControl versions 6.1 SP3 and below suffer from stack overflows, directory traversals, third party ActiveX code execution, and denial of service vulnerabilities.
89c4c166c8194c9585125b7a6737879dcfa4a5324859d50835a4df7c6271c943Mandriva Linux Security Advisory 2011-135 - It was discovered that the iproute2 package was not rebuilt against the latest iptables libraries. This may have security issues, as the current iproute2 should be calling an interface in the iptables libraries with incorrect arguments. The updated packages have been patched to correct this issue.
a4e60342d65555aecd95e0fb2248b88a7dbcd47532b94f39fccca26c1ac2df85AWStats versions 6.0 and 7.0 suffers from CRLF injection, cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities.
59557071b1987b2fde0f1594bff019d2392bfda8e3b64f00a2219e1a52209747Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.
ffcdd5bd50bb293ea8bfd41f16c5b291b1012994e0b0446df4dcd98cdd52ba28This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.
6d655b5582b4862af9ad5082596a3a125309795b934f84d6bc8af6fa078b4321Zyncro suffers from cross site scripting and remote SQL injection vulnerabilities.
3d090067f0f959e9cf97dd199f23e7744fb3ae52ab14a5636464e0885b0b80f1Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
5b052a7ad17040106cf59d16c4d5bc715cb92e50d84263e25ce9d3526181ada7TWiki versions prior to 5.1.0 suffer from cross site scripting vulnerabilities.
0b721e4d9676d5b60b610d1babe695c6509ba929ff94e78448e1a286678fbe4fPlesk Control Panel version 102 suffers from a cross site scripting vulnerability.
9ce94f018b6a159b2536c30e1849e01d5740c9bd9318fe2e6a86e92ad9d7fff7Red Hat Security Advisory 2011-1334-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Multiple flaws were found in the way Spring Framework 3 deserialized certain Java objects. If an attacker were able to control the stream from which an application with the Spring Framework 3 AOP in its class-path was deserializing objects, they could use these flaws to execute arbitrary code with the privileges of the JBoss Application Server process via a specially-crafted, serialized Java object.
442edbde35d879e5f6ef8501cfa0f1ff6854082e839ec89ffac4cd267f0d8341Red Hat Security Advisory 2011-1333-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-26, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.
0e33bcedad49a5cc8888e9a734c3e94fcecb1fb3502bcd6135296876772943afHP Security Bulletin HPSBOV02497 SSRT090245 4 - Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS). Revision 4 of this advisory.
276161f9b5defba94587895476977046f39846e30ab23de7e9fcec0f7db3fd13Sabadkharid suffers from a remote SQL injection vulnerability.
4f49591983f6123ecd6d0a423471b6d6ce31a8e01e579b66b2ab4aa56dbf2273Multi Threaded TCP Port Scanner allows you to scan 65535 TCP ports on an IP address. You can specify how many threads to run and the timeout. Furthermore, it will tell you the MAC address of the target and the services that are running. You can scan IP addresses on your network and find out which open ports you have.
f7a1988b7fa2031d76134d53841a1a59fe4268b7b7ee60f194d73c64614abf0a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed