Red Hat Security Advisory 2012-0476-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting flaws were found in the MRG Management Console. An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users.
d5eab2769660140f969a19cdee386a27d329a8419ba67a06d682313ee33f4a95Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.
e046a9837a078cecc89818dd89c20058b986e8358ee2ed27ad3347a2b66377bcUbuntu Security Notice 1422-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
bf943afabe2b178efa14db2ffd2c372b54a5c09d7ebd314672fb98ad08653599Ubuntu Security Notice 1421-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
8f5ffc23204a00c78465f73eb061c75c15675500d33d72427c6adbb209274eefRed Hat Security Advisory 2012-0477-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. Several cross-site scripting flaws were found in the MRG Management Console. An authorized user on the local network could use these flaws to perform cross-site scripting attacks against MRG Management Console users.
1b63355a9663fd3e79548ef425ffe2f0d6d3bf3197cbe05d7d3ced9af12f8960Mandriva Linux Security Advisory 2012-057 - Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code. The updated packages have been patched to correct this issue.
c6dbaeb28d98f47816c5648a580b5ce1c3619cc46ce47dcb15e21c9ad4aa4612Debian Linux Security Advisory 2449-1 - It was discovered that sqlalchemy, an SQL toolkit and object relational mapper for python, is not sanitizing input passed to the limit/offset keywords to select() as well as the value passed to select.limit()/offset(). This allows an attacker to perform SQL injection attacks against applications using sqlalchemy that do not implement their own filtering.
3b634c4e6348ffb1a9b2e90c970e4768f1315994bf78cea4adf5af707077012bCrystal Office Suite version 1.43 suffers from a buffer overflow vulnerability.
00e9187291df1055fbc476956aad1c96f69a0d2299d6723bf0c988d16d578cdfMandriva Linux Security Advisory 2012-056 - Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code. The updated packages have been patched to correct this issue.
3cce8f594ce82a2d7bc2edb723cc43de307c29149602c95cb21180eb1ae8a462Various Oracle websites appear to suffer from blind SQL injection vulnerabilities. A cross site scripting issue also exists.
c84df9781055fd52a22321f022e6e8331e5acbf26ea03af8ba9a8d181cd80877Pastebin.mozilla.org suffers from a cross site scripting vulnerability.
bc8dbbd84e12fba1958623eb29cf7f1b17742a33fdcd9c7e96c98d30892c41d5Netjuke version 1.0 RC1 suffers from a remote SQL injection vulnerability.
1923b8ce9da9ce0da1df7694b68f18e64f65b651bf8bc5d94dcd1dc4ac512dd6DHTMLX Suite version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
368268eb4af1dc32228e81f52b2a59ea1e8e6861fad8de12bceb27019a86dc12Secunia Security Advisory - Ubuntu has issued an update for nvidia-graphics-drivers. This fixes a vulnerability, which can be exploited by malicious, local users to potentially gain escalated privileges.
ce6ecc1d1fef148d0b852fd7e04a9acc03a694ccadb1b31975bcca8966568e3dSecunia Security Advisory - SUSE has issued an update for phpPgAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
ca21619d87fe821a4d5c90fe44505795af13875ccc587e6cdc2aaaf4a4576c4fScrutinizer NetFlow and sFlow Analyzer version 8.6.2 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
86781806a8d76416882371c450d483f0f4d9a6334ea56d9463f55a227d424643The Drupal Autosave module versions 6.x and 7.x suffer from a cross site request forgery vulnerability.
a5010955517768867cfa38f156ec8127f1676c81935ed688afd452e6df38d04eThe Drupal Fivestar module version 6.x suffers from an input validation vulnerability that allows a malicious user to improperly modify voting averages.
5e603b28ddbe1a91965a76ce7952b5d0185b5857eec6494e0a37c3d54ff9dd84Team SHATTER Security Advisory - Microsoft SQL Server versions 2005, 2008, and 2008 R2 suffer from a SQL injection vulnerability in the RESTORE DATABASE command that can lead to privilege escalation.
b64d5300f1a7ad77731e4342eabd0820c75171ca63e4b9ccb158653ee331263eWordPress All-In-One Event Calendar plugin version 1.4 suffers from multiple cross site scripting vulnerabilities.
3b8eb9270c97fc28a5f090d8f058e8ba0ded6b47444c01a84d736f3dc2552b3eHP Security Bulletin HPSBPV02754 SSRT100803 - A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity. Revision 1 of this advisory.
aa894cef3a0c2ea1f2d4d52dda2a5961a24ed2dc9729d8ce131a84f0c7de1ae2SchoolCenter Web Tools version 11.0.27 suffers from a cross site scripting vulnerability. This is an old issue that was never fixed by the vendor in earlier releases.
9c557412d22448c819499d4a9671df660ca09aac0b5f82b040390b919fbe324cRed Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
c5af0b87c0d07cfe6780ed6a76d4bce133b1d1406b01562b9076a80e82021b72Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
dbddb067eea6285ae03840af13f5b96e3c76ac98669cc499d09536c755bea07dSecunia Security Advisory - SUSE has issued an update for postgresql. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks and manipulate certain data.
ab3ed411529e06370b8e1684e2b6e96cd425a3b96a46fe05460e7a252cb13209
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed