Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Hupsis Media Gallery plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.
0f534606c652b216373d194d699760fa24a172649e214b3231608827d0479546Secunia Security Advisory - Red Hat has issued an update for qt. This fixes two vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks and compromise an application using the library.
5466d014ebd8586b4a7c56bc73879ad89a4a0cbbc367166b50d1a46585142114Secunia Security Advisory - Red Hat has issued an update for 389-ds-base. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
cb9ce8d9ac43fef9886b83bc16144c876313bbcef27dd01b8a0e2024bbb474ccSecunia Security Advisory - Red Hat has issued an update for rsyslog. This fixes a vulnerability, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
f7f3839fd290059e79cd770e9dfc1b4dc348b05d7a15d30ecd65e75e10b45c71Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).
4f134ec321429f0a29ebc0375e9a786b143ecc2a05fbcc159c360fb3189a8d5bSecunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform, JBoss Enterprise Web Platform, and JBoss Enterprise Web Server. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
277bc58fafe3b7ff9a1e9a47ee844974ad4e0b2b13d2686e135b5f4763ecaf8cSecunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a weakness and a security issue, which can be exploited by malicious, local users to disclose system and sensitive information and cause a DoS (Denial of Service).
e911b801fad74c9a98560eb9c963ad85f2a74a0237eeaedaee01cbf00812130bSecunia Security Advisory - Red Hat has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
9cfb18e4f91676c287481d2b23657dc09a9b657a9d0cab3809d2effb304dbc33Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
bce1c5415afa8ea6599c3f99da383818194b1c47735bf195ababac46763c816cSecunia Security Advisory - Red Hat has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
6a73883ca2f2183be4e6a1725ba132f4e2463077626386f0e045d19403127311Secunia Security Advisory - Red Hat has issued an update for php-pecl-apc. This fixes a vulnerability, which can potentially be exploited by malicious people to conduct cross-site scripting attacks.
61a6e36048021fcfaf393ac4c6ade8d2d0fcabd3f4932e9d2213fd4296a1ce2cSecunia Security Advisory - Red Hat has issued an update for java-1.7.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
64159fc2c3f6c934b5fe85f2c1e541aede8051d22002c60170d81ee4a2ca22f7Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
e53fd2776af93ae71e5b5689f73a3780e892b2167d39240548d98d219eb2a863VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a heap overflow error in the mshtml.dll module when processing "Col" elements, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
58b473d4348bb610fc06c374fb2c748a08cf5103cd4a273b9e7f79bc45b2b21eVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing GetAtomTable objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
8e4efee72018e74d74bd0e481367967504569eb75b76d4050a7fef60ffc11887This Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.
e26bbead67100b455a3fddb8cfcf7df0baddef6b4fbc68f4cc261a2c4dea9972VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error in the mshtml.dll module when processing CollectionCache objects, which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP.
e3d29879255e1ff2003388a8d7447ab0c086cfdc1cb25b9bc5b4605cfe1e6951HP Data Protector client versions 6.11 and 6.20 suffer from an EXEC_CMD remote code execution vulnerability.
5d34993adf845edd6d894d448162c3ced97c1186b2c7b70f5c29bfbe0a5da886Samsung AllShare versions 2.1.1.0 and below suffer from a NULL pointer vulnerability. Proof of concept utility included.
83cd80b6e2edbb33b8a4976ea647724003619c7fb8d84f66b2a16fcef95d2296Sysax versions 5.62 ad below administrative interface local buffer overflow exploit that binds a shell to port 4444.
7efb7cd16bdaabc3ae5c671cbe33491c4a4f524a9fb6e3dd1b168c19d3339372vBulletin version 4.2.0 suffers from a persistent cross site scripting vulnerability in the calendar section.
e7d9b6e67ae5c903fc89ea7cf816b833e7afba6a2dabbdf3f503d0c45e30bc9aUbuntu Security Notice 1482-2 - USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem. It was discovered that ClamAV incorrectly handled certain malformed TAR archives. A remote attacker could create a specially-crafted TAR file containing malware that could escape being detected. It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. Various other issues were also addressed.
d71f6c0e933ef9f027c20f83737f0ac412df02c939b1661f6397cd5b0a8f8471Ubuntu Security Notice 1481-1 - It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. Various other issues were also addressed.
ef532b3bed02d20d59b37b0ac7ce3245a50645818f614071e2b2ed22dce3926eRed Hat Security Advisory 2012-1013-01 - The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. When a JBoss server is configured to use JaccAuthorizationRealm, the WebPermissionMapping class creates permissions that are not checked and can permit access to users without checking their roles. If the ignoreBaseDecision property is set to true on JBossWebRealm, the web authorization process is handled exclusively by JBossAuthorizationEngine, without any input from JBoss Web. This allows any valid user to access an application, without needing to be assigned the role specified in the application's web.xml "security-constraint" tag.
00999837f17b1b0b26b7d6c7ae3e33974a469610cd0c968e5f9c9ec652967eacRed Hat Security Advisory 2012-1012-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0036 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
106f6909d35fc9d2c45a96191a20b629c3f0868b4f173b821e361478e556f98f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed