Secunia Security Advisory - Red Hat has issued an update for vixie-cron. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
77bdb1f5c20cc84df9073cf9da9e159a4192434e9be95679b3cec69e9a6b6700Secunia Security Advisory - SUSE has issued an update for horde3-dimp. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
72fd9f71a0d50050454fd26cc2f53d5e3241e2ecb76902f4fd2aab5079a99e5aSecunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a weakness, which can be exploited by malicious, local users to disclose system and sensitive information.
ebe595c3269f2ab72642ce341926dc7679397e48616e6b95c914c0763d237e29Secunia Security Advisory - Ubuntu has issued an update for libvorbis. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
aad0395e3737c088a888b072b8af84cbadeecb81482fce6e2a57f6572b1e21d4strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
8ab2371ba0c70cd010f0736839a0737dec95b197325b98505c1c69dd55e6964fLiveHelpNow Chat suffers from a cross site scripting vulnerability.
c7da3d8a255a228bb5781872e2a24647b4693cab9c65d38e7ff8f7577d6f656eForkCMS version 3.2.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
f2cfea65c69290c2400796628d74f7f284984e06498860b68fdbae6498326ddeWordPress SB Uploader suffers from a shell upload vulnerability.
09540ead48d9b07bb24b81a82dcf0e7504f9c95e04a027b3e35a157f61d8b56dOxwall version 1.1.1 suffers from a cross site scripting vulnerability.
76126454b1f8af8d6ded66a2ae1b6dc820df8b16078413f29dbc4fa49814a965Mercurycom MR804 Router version 3.8.1 Build 101220 Rel.53006nB suffers from a denial of service vulnerability when fed multiple HTTP headers.
bcb466aefafb323238fa7776d12c39fca5da5fac0996900812c40f57e49cb5efSocialCMS suffers from cross site scripting and remote SQL injection vulnerabilities.
bc33218ae39f4007e8dc2ab90a274b5c00ac5ecdf7b09d8989f0a386cbd278bbCMS Wizard suffers from a cross site scripting vulnerability.
d5bf91300b372e2467fae5ee7025e46bef42f879c5ab0cf4afc9e514b56d62efThe Cisco Linksys WAG54GS ADSL router suffers from a cross site request forgery vulnerability.
bfb35b1a670f2df0c8e171cb6cac8009146ebfef18fbcd82c5a7420cf409e60fP-Chat version 0.9 suffers from a cross site scripting vulnerability.
e2f7ec196b46b488f6a7f3fb0e8fa423c504ca6ef2d19bf25cc64f1c992e5884DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
855bcceb07688d98414efd3e963cb6ddd7ed293ef28ec31ac1b5a96d5409d7a9Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
5523df1edf9b9bf00698149c5299eca8f8b5e0c4b4ab304f7d57cc4905cc9491Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
4e6fc0a992e66dc0e093b5bbb0e471ca71ba9957c66f52c0991686dc70659ccdRed Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
a47b8edfd1d4bed1bde89335a2a2494f395ff12d9652b721790b470340985519Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.
286bd54779b5c16c26d69ad0f13809a6a3ffda1eb265fbfeaf74bff12f263554Gentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.
b8876c9ae50f95f261a5d9e36d175f49669c64dc3f0cceabc82a13bd6ce2da34
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed