Secunia Security Advisory - Vulnerability-Lab has discovered a vulnerability in Dolibarr ERP/CRM, which can be exploited by malicious users to conduct SQL injection attacks.
140e2461dfc9fe15e375b5a5ffca2b63969d8c558447c5d1db00c9c0252effedSecunia Security Advisory - SUSE has issued an update for opera. This fixes a weakness and a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
3aea46f46c30eea9c483c048f5db5c63169a69a1175c23ac47299692af6b83f0Secunia Security Advisory - A vulnerability has been discovered in Pluck, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b4b5187044f01bd10fb9055158320d00e6b4b8df69aeac9c726916c1d2e1278dSecunia Security Advisory - SUSE has issued an update for apache2. This fixes two weaknesses and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions.
2693f55ec8d94c1c545ca5ee821b6e0b4d360a10a7f7410f1be881995149fddcSecunia Security Advisory - SUSE has issued an update for curl. This fixes a weakness and two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, hijack a user's session, and manipulate certain data.
a10cb67f4b56b24ecb1307720a223fb45c275972de16a33cbc022597c80c6a28Secunia Security Advisory - SUSE has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
05a7d48ab9749c07cf4205029eb63bdcf9ba129ab871cb52571cae49ac9b755fSecunia Security Advisory - Ubuntu has issued an update for openssl. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and potentially compromise an application using the library.
7fe75496fb4ec9c67c30f1129a934a509975710d4d85053feab30980d8efef3cSecunia Security Advisory - A vulnerability has been discovered in XRay CMS, which can be exploited by malicious people to conduct SQL injection attacks.
5f2b6ef784db835cc8e4781b4f8f1cadd46e35861aa9bcd5bfa7e88cd12503f4Secunia Security Advisory - Emilien Girault has discovered a vulnerability in GLPI, which can be exploited by malicious users to compromise a vulnerable system.
580d8bc682763e58f52b0b042a77839080d1ad3cba9e12a6de8990f6b991004aSecunia Security Advisory - Multiple vulnerabilities have been reported in MyBB, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
04f72376f4c841caead4fdf8673be840432a1e84618f3243f93379317cea6aebSecunia Security Advisory - A vulnerability has been discovered in Gazie, which can be exploited by malicious people to conduct cross-site request forgery attacks.
01b0f629f1fb3911ebc0279fe05ee3c7913542b78800ac09a6102b77996b89daSecunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in RabidHamster R2 Extreme, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.
deda558e727cf10929ad24f7297272dcc8a24c38c525e7ba9f28c7a9abb6cbdeSecunia Security Advisory - Ubuntu has issued an update for php5. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.
b73bf481979d1c4e85be7551b8114fc82facb67012f8653ecd3b408c35605d7aYoono Desktop add-on version 1.8.16 suffers from a cross site scripting vulnerability.
a8417c2a0833fd85e7aa35fa63e272e82bb16abb6d03a52d1c45f412dc36d3b1Yoono Firefox add-on version 7.7.0 suffers from a cross site scripting vulnerability.
457734c2085a327eb9139eddfc1fcfd7acb34333fb01e3e55e61f34a2dceec41Ubuntu Security Notice 1358-1 - It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Various other issues were also addressed.
4e7832bc4af2f7480c0583d5776cc3ff599367f5f6f7376c2832f74a7230342cRed Hat Security Advisory 2012-0108-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Application Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/lib/jbosscache-core.jar" file.
d227121dcf7f790e49aced4a493d3ca7c879925c5a0c967c8967022516509935Ubuntu Security Notice 1357-1 - It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
35a63a05c4a33b71a7bcfee436327107866cecc57861e8d07b69574145af5179Red Hat Security Advisory 2012-0107-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device. Refer to Red Hat Knowledgebase article DOC-67874, linked to in the References, for further details about this issue.
0f06f08a25a1cc6f395b307753e4762964477f1ec0e20c7adb0a86df4fce7422Debian Linux Security Advisory 2407-1 - It was discovered that a malicious CVS server could cause a heap overflow in the CVS client, potentially allowing the server to execute arbitrary code on the client.
1489ddea367ba0fd14946999e8941cbabe33fe51ca09e8d921dea8e46f7770dfDebian Linux Security Advisory 2406-1 - Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base.
8c380c84934737b4f02c7cf785dbda1b2cc651735d0eb54d87525fbaa5777161Secunia Security Advisory - Multiple vulnerabilities have been reported in the Finder module for Drupal, which can be exploited by malicious people to conduct script insertion attacks.
f4d066722c1c58dd949e71d012f978ac0ac9ca09f8923c4844c7241c8a349699Secunia Security Advisory - A vulnerability has been discovered in the Finder module for Drupal, which can be exploited by malicious users to compromise a vulnerable system.
5c601a29b4a90693bffd30ea0765a1eca8efe38532cf44e6780b118dc934bd17Secunia Security Advisory - Multiple vulnerabilities have been reported in the Finder module for Drupal, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks.
791906a03acbd29ebaf757f928215eeac33a23b5fe6597354066058e4b2b27b9Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to gain escalated privileges and by malicious, local users and malicious people to cause a DoS (Denial of Service).
8cbc53bac12119c016d93c72385e7a8b33da8846bedf7c40b28fa98424943200
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed