Secunia Security Advisory - Ubuntu has issued an update for bzip2. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
379fbc95af26b57520564c9208459619465f920bb363c3facf7e97ba1d0ddbb4Secunia Security Advisory - A vulnerability has been reported in the Meta tags quick module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
96290a417815a7cf20fa993671c432b1b219868a4ccf11326694cf17d334eb7eSecunia Security Advisory - A vulnerability has been reported in Hitachi JP1/ServerConductor/DeploymentManager, which can be exploited by malicious people to disclose sensitive information.
bddc44c2ed63c63c97595f76516d530df4755621beb0aaa44fd818d08da1307bSecunia Security Advisory - Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
44d02d87e755909f6f571361e446ec1d6e38ecb153ffcf649c59ee1cd2ee0eb7Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Seotoaster, which can be exploited by malicious people to conduct SQL injection attacks.
cc9ffb396b15eb8036306f99d00f1ee8087814843346e82e8c4917a95ae1d90dSecunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in BrowserCRM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
c57af2e777d4aadb77475cc2dcbe6dfc3ed1936e5ce14cd7dc6d43036e1e95fefwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
125d5d1970d4ec04aabdd90dbc6c7f44e001a9608b9e4e267079f6bcd47b5370GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
811c2fb46dd1d162a18cfd4f8e8352de65199ff66c44e73b15a18b924fc53857Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
846561d877766e7e29bf06fd9be1bd660ba921384522822426f87615925976ffSecunia Security Advisory - A weakness and multiple vulnerabilities have been reported in JBoss Enterprise Portal Platform, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
2af956be913fb35efbd45da5404508c6cd297401bbb76e3efdf39d544a4ce862Secunia Security Advisory - Stefan Schurtz has discovered a vulnerability in Seotoaster, which can be exploited by malicious people to conduct SQL injection attacks.
cc9ffb396b15eb8036306f99d00f1ee8087814843346e82e8c4917a95ae1d90dSecunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in BrowserCRM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
c57af2e777d4aadb77475cc2dcbe6dfc3ed1936e5ce14cd7dc6d43036e1e95feWhitepaper called Active Directory Offline Hash Dump and Forensic Analysis. The author participated in a project where it was required to extract the password hashes from an offline NTDS.DIT file. After searching the Internet for an available tool, the author found that there was no open source tool. Because of that the author decided to research the internals of password encryption and storage of Active Directory and create a tool for the forensic community.
7c27ab31e6a03839ed661d3fb678d3b2d06e9a0aa037df4e3967246d0c184a28Red Hat Security Advisory 2011-1822-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.0 serves as a replacement for JBoss Enterprise Portal Platform 5.1.1, and includes bug fixes and enhancements.
82ea083ba0199172dd69274928ff1dcc5d9cb1f40e65fb4772f8d34ce98bdf81Whitepaper called Overview to HTML5 web security. This article is an extract of the master thesis written by Michael Schmidt. It needs to be considered that the content of this document was released in May 2011.
80db6816d328e2047d44c3b598a2a9756e6a4f2de1f01ef7af19901983063af3Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
4a8012363905770b4fb451c70e1c7dcb0c5389c1b75c79707921defd538ff18bBrowser CRM version 5.100.01 suffers from cross site scripting and remote SQL injection vulnerabilities.
bae97a2f001f9e5a7e7f686512d05a5386310e22c1fd7651534103e0c0799133Red Hat Security Advisory 2011-1821-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message.
8898c9e665950277a124090594f6f201ce5f2d533466d4f40f014414cdf3c633Citrix XenDesktop, XenServer, Receiver version 5.6 SP2 suffer from a pass-the-hash attack vulnerability due to not using SSL.
1cdc447222c2b4047d47fb0a65039267225b922c70e82b599759e03fa6d8207bPHP-SCMS version 1.6.8 suffers from a lang parameter cross site scripting vulnerability.
8af2e21c899f1dbe3d291696e18143a62b665b81a4f1fd151f55371e03968046RSA, The Security Division of EMC, announces security fixes and improvements for RSA SecurID Software Token 4.1 for Microsoft Windows. This release addresses an Insecure Library Loading vulnerability within RSA SecurID Software Token for Windows. This release also provides an alternate installation package for customers who do not require the software token automation API features of the product.
173128391433f9f53094b5c9d41cdbcabc710ca350ef8bec7635e2bac54b927aRed Hat Security Advisory 2011-1820-01 - Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters in channel messages. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message.
46920b2be0ad0a71dc0f6800ddcb5927c42aa93032c295654bdee52801a20d3fRed Hat Security Advisory 2011-1819-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in "/etc/dhcp/dhcpd.conf". A remote attacker could use this flaw to crash dhcpd. Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically.
e97821ea827880f1b5fa9dfb703ef8018156b4aa8bf23eb225b15deb0c8307c2Nagios XI versions prior to 2011R1.9 suffer from privilege escalation vulnerabilities.
643fef59b27e303e0e2fa119f2e8b592b6fe5c23465d56ba6cf208e2b0d73e94Nagios XI versions prior to 2011R1.9 suffer from multiple cross site scripting vulnerabilities.
5640334d1067d67c36be2d867c6ee9221a65d4d25ea44ef78f66a49b6bc9bc5a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed