Red Hat Security Advisory 2012-0680-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133.
db2cede27257c0c7eb5afeeba0d2abaa2a7c74f2786187c29b2569f1202cc6a1Red Hat Security Advisory 2012-0676-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host.
5ec712624114bd7a62ded7e3e13e0b431d5a90f25d887258c19bd6583197a38eRed Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.
a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077eGentoo Linux Security Advisory 201205-3 - Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 19.0.1084.46 are affected.
10f3269225ee2b5121cb81d892a449b1a3c5f6359d02d9d6c253465d3cf99d98Debian Linux Security Advisory 2477-1 - Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users.
37cb6256cfe6274a5cb1a1b9b1e0069e644afac7767a82dbb30bc47bf7edababPlogger Photo Gallery suffers from a URL encoded SQL injection vulnerability.
1d809b3e47f9bc73a1cdb2626975f37ede3807ab5c5a5139362dded3b11e4574PHP versions 5.4.3 and below com_event_sink denial of service exploit.
f9e58d76235326111668e7a07024e4373c09a94c235cdd96324ef0f57eeebd16phAlbum PHP Gallery Script suffers from a cross site scripting vulnerability.
723c6ef6661ac7169ced0e8dd7d0c1a433062a8a9b5a6efd4ad00d031c7e04c4This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain.
a751245239f622e54ca2416bab2aef9e2485eae6f6c4782fd8b7a36a98c54142This whitepaper touches on various scanning tools and how to use them. It gives an overview of hping, scapy, unicornscan, nmap, and nessus.
b9b96dce3e65312296a5f09fbf2af8bba0ae3fa3b7a663daab2a541d4ede75d1Zone-H posting utility that is multi-threaded.
b66e0936308863c1f7d366e259b553da4eb8876a94121e392bd577f7c622e4b7ClubHACK Magazine Issue 28 - Topics covered include Steganography over covert channels, Kautilya, HTTPS, and more.
fa4e562c6088f8d7bac3bc27c440e7a9209a7ddcc897ce31f3cf1c2cfacc218fSecunia Security Advisory - Debian has issued an update for pidgin-otr. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
206d43ebfdf0b584b8d36d4f724417825aec751080708b3dff1bf9664434cda7Secunia Security Advisory - Debian has issued an update for sympa. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.
74f8ed8986c0ab6c9b2dba44ff713dd9b1e72b15e08f6f05ae3fe3a3929b7713Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service).
bdb3adcf8e5d1c6a270ed8e4c34ba4b6760609af6f7ef8eaf8f6623562ede9b7Secunia Security Advisory - Gentoo has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
e6747b0e7f57f3f9926c44820daf559f6c943d337383c0a678ffd10d56d3f198Secunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
61889c99252a9766b2a5d9a6b05e58bf82ad91479b7ef4f5518391489b346cf3Secunia Security Advisory - Walied Assar has discovered a vulnerability in Resource Hacker, which can be exploited by malicious people to compromise a user's system.
05f3d0d2f4afd2a52625b30580d0b46bd45c44fc5bff96f106a36957460dbb7eSecunia Security Advisory - A security issue has been reported in iLunascape for Android, which can be exploited by malicious people to bypass certain security restrictions.
3d982947ccd530967d72e8709da18e0c4a242698a739698220be334a6d6179ceSecunia Security Advisory - Henry Hoggard has discovered a vulnerability in the LatestComment plugin for Vanilla Forums, which can be exploited by malicious users to conduct script insertion attacks.
91a4d3b5f22949aa86e71240f66963feccb61728608bd04c5f98c860240ae7abSecunia Security Advisory - A security issue and two vulnerabilities have been reported in Elgg, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
a69945335feebec74112e8c5ff4b618945a21307bf4b14c8fced80c79ca1ef47Secunia Security Advisory - High-Tech Bridge SA has reported a vulnerability in Serendipity, which can be exploited by malicious people to conduct SQL injection attacks.
9fe416e97a95b640789d5b3aca16d4e40de0211c0b90d2c00ea50ed377631295Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in the JCE component for Joomla!, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
f78f7ebdc4e00d7222b5ce8dc0bfd8954efeb6dfd0ffdb18cd8d4b3759a851eaSecunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
877125ae668f8de6d84f77a1d26ac683f5ba10b809e614ea8341c2a446d115e2Secunia Security Advisory - Henry Hoggard has discovered multiple vulnerabilities in the AboutMe plugin for Vanilla Forums, which can be exploited by malicious users to conduct script insertion attacks.
47a889d353f0e584e1e7d03b0ba03e99c47be878c82be8d5001fa212f1dc289c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed