libprngwrap is a preload-library (so that it doesn't require any changes to the software it alters) which replaces the libc rand() random() and *rand48() calls by code that gets data from /dev/urandom. This might be a little bit more secure.
bd7181b8ddfe0b52535c4df2b68e7a9ec4ab1a76ae6db8aada616d8f081e09fbMandriva Linux Security Advisory 2011-143 - Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. Additionally for Mandriva Linux 2009.0 and Mandriva Linux Enterprise Server 5 updated perl-URPM and lzma packages are being provided to support upgrading to Mandriva Linux 2011. The updated packages have been patched to correct these issues.
9afe9111ff11f1fe617d84ce97c27e7f82377af4c75082382f765bcd773acb62WordPress Redirection plugin versions 2.2.9 and below suffer from a persistent cross site scripting vulnerability.
ab2d18144287f46585dad95c8c266dff06ece77b1a0fd6c6ca81e764c06595a0Debian Linux Security Advisory 2317-1 - Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. Ian Graham discovered that multiple Location headers might lead to CRLF injection.
1a4df24469eb25808167402b1be7d9843f78f3a3727327cd85ba4fb79fbb297aDebian Linux Security Advisory 2316-1 - Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several vulnerabilities in Quagga, an Internet routing daemon.
226eeb090aa5146956e6b044b5a8e27c4ae8962d7002eb3d05759fccd255ed83vTiger CRM version 5.2.1 suffers from a remote blind SQL injection vulnerability.
3547ffd282cb4924816d21c9d1ae936d1867e9dc0d5116605d781c387fe03604Debian Linux Security Advisory 2315-1 - Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office.
7e12e472d04dd6a6d14e0ca41b6ada38d2f210a8a678b5e04950aec0a8c3778fSecunia Research has discovered a vulnerability in Cyrus IMAPd, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused by an error in the authentication mechanism of the NNTP server. This can be exploited to bypass the authentication process and execute commands intended for authenticated users only by sending an "AUTHINFO USER" command without a following "AUTHINFO PASS" command. Versions 2.4.10 and 2.4.11 are affected.
a527d453cfb32475e8deb8f919bc978fc3f901cd5b277252506bccdd46d12b1fVMware Security Advisory 2011-0011 - Hosted product updates address a remote code execution vulnerability in the way UDF file systems are handled.
68eb691ab38b6528cdbe2b5c9662b237090ae11982c24494de06d740bd8e8d6bUbuntu Security Notice 1222-2 - USN-1222-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 7. Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
75a889f925846faaadd677cbb2c20dcd1e773bbcb1f56b408c02f338adcac064DivX Plus Web Player versions 2.1.2.265 and below file:// buffer overflow proof of concept exploit.
3f62fbde7f5a2fffb02fd76f35f14af77b6699cf9619e1f8924c9bc37ac7af91PolicyKit versions 0.101 and below local privilege escalation exploit.
8e1577823139cfa501ce0535ad03ba8172e54feaed9443aab35fb42423be384bWhitepaper called Gaming Security By Obscurity. This paper attempts to claim that obscuring information can actually improve security.
85ebf7cdd1837591d397da7aac2ad98c0b1f4ee658364bb7fc4fdcbb32a254d1Secunia Security Advisory - Two vulnerabilities have been reported in ezCourses, which can be exploited by malicious people to bypass certain security restrictions.
36c66fd3a12794754a983130428778dad8221040d0d39d454263290b2f8c8d97Secunia Security Advisory - Sitewatch has discovered a vulnerability in the RedLine theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
bea26139c279515d644961826975a98c78fb9ad812f672dc9f1ab7835debf66fSecunia Security Advisory - Red Hat has issued an update for rpm. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
43b13805375315fb678c96f570f49573ec4f00e2ccf70f575cff7a5a5db12117Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Phorum, which can be exploited by malicious people to conduct cross-site scripting attacks.
413e6900b454d676456ed24fb21fcb00f67948396c5d1a3c85d8d900d7f6554bSecunia Security Advisory - Sitewatch has discovered a vulnerability in the Black-LetterHead theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
80b72e05e913c5b157b7a7d8ff135484aa496ddf4e9f8acf6f57f5d6fad3ce1cSecunia Security Advisory - A security issue has been reported in the Crypt-DSA module for Perl, which can be exploited by malicious people to bypass certain security restrictions.
1dfa195ce22d52e735ac3fbb43a352a67bf140a400c0f695d2ee2d76fa94bd9cSecunia Security Advisory - A security issue has been reported in OpenStack Compute (Nova), which can be exploited by malicious users to bypass certain security restrictions.
895eb1a6fec42ec9592025b073530ee8d280bd051859e4e1e9ec4c0e4b469b49Secunia Security Advisory - A vulnerability has been reported in the Google Website Optimizer component for Joomla!, which can be exploited by malicious users to conduct script insertion attacks.
e550df9003f8dec2fbdbf456552f5e7f1ecd9df712c6457ce5250f71a47e6545Secunia Security Advisory - Sitewatch has discovered a vulnerability in the ZenLite theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
4cb106d0193aad27764bcbaf1d61664abdf0d08c9bd101522d635d6bb940b055Secunia Security Advisory - Multiple weaknesses have been discovered in conceptcms, which can be exploited by malicious people to disclose certain system information.
3a921e9b118b512e92e2bc40eb7b50081b237dc60dd206ecb6b2fdf5e649eaa8Secunia Security Advisory - A vulnerability has been reported in the SmoothGallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
eeebfc3e7dd0cc34b0b65c95b936ad3c13d36cfcb70dc78ce20fbfc437798ff0Secunia Security Advisory - Sitewatch has discovered a vulnerability in the Atahualpa theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
2d7fd4047492f5306b3b2d362dac1f140d2fd3c2251dec58356e4307ef84a592
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed