Secunia Security Advisory - Two vulnerabilities have been reported in the PMK Shadowbox extension for TYPO3, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks.
caf0b59f121434a7496b53ef60ad14a198026206157acc33ccb928b7530de46eSecunia Security Advisory - Gentoo has issued an update for clamav. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
89d8dbe7b0d82fc5b9d2d631bbe409c2af576ef73d9ed5014a97552dfcacd80cSecunia Security Advisory - A vulnerability has been reported in the Freestyle FAQs and Freestyle Testimonials components for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
8ffab1b45de25e6717a031c1d3cff2410c39ca7bab397d61033f723752e6f71eSecunia Security Advisory - Mr.PaPaRoSSe has discovered a vulnerability in the Chennai theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
35d761c02bad4000723df72f9d32a8fe7d9b40dd7dead32fa3b3f178eb4ef6f6Secunia Security Advisory - Multiple vulnerabilities have been discovered in OpenEMR, which can be exploited by malicious users to conduct SQL injection attacks.
c3eef5933a033046423c6787224818e60e8311cbb7c7f0857a18ef9b1632e550Secunia Security Advisory - A vulnerability has been discovered in Jara, which can be exploited by malicious people to conduct SQL injection attacks.
3e2119201b6d7e1a28e2b321ea23eaca10183d82217d85869c564b7124bc87fcSecunia Security Advisory - Multiple vulnerabilities have been reported in PacketFence, which can be exploited by malicious people to conduct cross-site scripting attacks.
043fb2894f4b7261177a5ca44bbad369c6de86ba647a211db07b7d9276936671Secunia Security Advisory - A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious users to disclose potentially sensitive information.
59501c8513bc280573d8ba6ca28d621feca4814ca8f191d0d4f3ae06e4e973b1Secunia Security Advisory - Ubuntu has issued an update for pam. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
e6ca93c2fb3e1ebd46a2cebd4e5faa34c77d5913b80a8032ed05544e6a28cfffSecunia Security Advisory - SUSE has issued an update for fail2ban. This fixes some weaknesses, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
a6b466de3c925a551c6fe0d81f51532d62dcc5afa4b819e2aa01c4b6637515f3Secunia Security Advisory - A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious users to disclose potentially sensitive information.
30da24f381dc2a67a78bcaca7d629b6360fc9e24d7cfa5c36c4df64b03e7ff2cSecunia Security Advisory - A vulnerability with an unknown impact has been reported in Zope.
c609791f3b03f08e437a5ee9baf757c49fff113a56b3a66e15af0c84394d5298Secunia Security Advisory - A vulnerability has been reported in zFTPServer, which can be exploited by malicious users to cause a DoS (Denial of Service).
beabab91b0aba61c5c5b61e9d802550fc6f51fe54505658aff744e668b8489e8Secunia Security Advisory - SUSE has issued an update for etherape. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b6140af31ffca03375d74c266a3d628932cf116c5c520ff9fb3a94e267771092Secunia Security Advisory - Ubuntu has issued an update for puppet. This fixes a vulnerability, which can be exploited by malicious users to conduct spoofing attacks.
b219f7d8c7400caec0a334c40ffe96d7302af6775244cbbb4d21f78fa65ffd39Secunia Security Advisory - Novell has acknowledged a vulnerability in Novell Netware, which can be exploited by malicious people to cause a DoS (Denial of Service).
b1d8591e6a3574ea22743a9be21ab83fb967dde6c9e66ce0443a49dc0fbd3fcaSecunia Security Advisory - A vulnerability has been reported in McAfee Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.
7d773cb87a5ec40c1785cf076a141be828b02b69f5693cb2f9de410bf84fd1eaUbuntu Security Notice 1238-1 - It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
ae7ab9a381c1ba9bfec6b237a0e254fca36b4e9df829004852518239d8c13d45Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
cbce8279c1ba7a07bfefeb2e477f682bfd326519f8a7ed296e35210599898a2dUbuntu Security Notice 1237-1 - Kees Cook discovered that the PAM pam_env module incorrectly handled certain malformed environment files. A local attacker could use this flaw to cause a denial of service, or possibly gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Kees Cook discovered that the PAM pam_env module incorrectly handled variable expansion. A local attacker could use this flaw to cause a denial of service. Various other issues were also addressed.
803f5b8970a7e47d147397dbdf0c4bf081856862a7c224379f56106c8b403192Debian Linux Security Advisory 2328-1 - It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code.
b1413231f598db1d72f7c2b56edb09c25552b5cbc1fc955dfd5627c937efee10Mandriva Linux Security Advisory 2011-161 - contrib/pg_crypto's blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be. Additionally corrected ossp-uuid packages as well as corrected support in postgresql 9.0.x are being provided for Mandriva Linux 2011. This update provides a solution to this vulnerability.
400fc5f61d589d4975d38d6e7dda4d4c162f7bbc69e48221709c8200f445926bGentoo Linux Security Advisory 201110-21 - Multiple vulnerabilities in Asterisk might allow unauthenticated remote attackers to execute arbitrary code. Versions less than 1.8.7.1 are affected.
ae5d5c2b8906b69d1e116e6371311677f87ac873f436e84744aa53590ae850cdRed Hat Security Advisory 2011-1401-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of bytes that are used to zero out a fixed-sized buffer via a SAI READ CAPACITY SCSI command, overwriting memory and causing the guest to crash. Other bugs were also addressed.
2f2b78e70a47ae7e65cf72559444cdbe6211ab9f782098b9d29e2d9c98b25151OmniTouch Instant Communication Suite suffers from cross site request forgery and cross site scripting vulnerabilities.
07892a2e4751df91fbe28681577a37dca30715e6cc870860ee5c81e2769086a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed