Gentoo Linux Security Advisory 201206-32 - An error in the verification of SSL certificates in Links might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 2.6 are affected.
2844cba5db93a16c292bda396e0c06a8ae6bcd3c1befdcb1c5b2875a67615f1d
Gentoo Linux Security Advisory 201206-31 - Multiple vulnerabilities have been found in Linux-PAM, allowing local attackers to possibly gain escalated privileges, cause a Denial of Service, corrupt data, or obtain sensitive information. Versions less than 1.1.5 are affected.
70b66584b8817a240db5a659f9e3fb27abfb44c6a46e9e68c554ca01bafc291f
Gentoo Linux Security Advisory 201206-30 - An error in the hostname matching in sendmail might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 8.14.4 are affected.
e81c680a240ecc016d13ad4e7e1e4963af6de79ece9e1a280f15e3e3925484ac
Gentoo Linux Security Advisory 201206-29 - Multiple vulnerabilities were found in mount-cifs, the worst of which leading to privilege escalation. Versions less than 3.4.6 are affected.
aec8dbbc16f75047942983e84a3b0014380e54e4ec733595b3b7b9ad80ab33d5
Gentoo Linux Security Advisory 201206-28 - Multiple vulnerabilities were found in texlive-core, allowing attackers to execute arbitrary code. Versions less than 2009-r2 are affected.
22c42bb7b7ec6932a92cdb102c3c8795014df13f16038fca30ce11d10a834cbf
Gentoo Linux Security Advisory 201206-36 - Multiple vulnerabilities were found in logrotate, which could lead to arbitrary system command execution. Versions less than 3.8.0 are affected.
be9fd5a4e003c592a8e519a6693aa11f6ecc9162b5f96b4262f00bd5843d1bde
Gentoo Linux Security Advisory 201206-35 - Multiple vulnerabilities were found in nbd, which could lead to remote execution of arbitrary code. Versions less than 2.9.22 are affected.
ba2c3b7ab48e436fc9ebb6afe201e5730246d150155fedd86d2bd9d097c2b5fe
Gentoo Linux Security Advisory 201206-34 - An error in the hostname matching in msmtp might enable remote attackers to conduct man-in-the-middle attacks. Versions less than 1.4.19 are affected.
8ba06fe3d8db6a4789b2a24274ef4e1b78361d031949c77fdecb5c5f0b50d5d1
Gentoo Linux Security Advisory 201206-33 - A vulnerability has been found in Postfix, the worst of which possibly allowing remote code execution. Versions less than 2.7.4 are affected.
05e98f47777707c46cf6dde146609306a3f61d80648b0c877d2ed8871983f6f0
The Asus iKVM/IPMI implementation stores credentials in the clear, in a text file, and readable by the anonymous user which has a hardcoded password of "anonymous" with no way to change it.
113384f21d7260eda3e28efe8b129c714d9f70b1f537a8ebb70663c9928415dc
Security Explorations does not agree with Apple's evaluation of a vulnerability they reported. They have decided to release proof of concept code to demonstrate a bypass vulnerability in Apple QuickTime Java extensions.
c2aeee9d3f479037cf3a1177e445be5a6068ad94532c3d4c68af96ada0b39421
Apache Roller versions 4.0.0 through 4.0.1 and 5.0 suffer from a cross site request forgery vulnerability.
4763bc6a74cffbb8c4a98ebfd85497d4c135a0229565573c11711bb32366736c
Apache Roller versions 4.0.0 through 4.0.1 and 5.0 suffer from a cross site scripting vulnerability.
2a3ef283fa2c44950937510f6450a29a58cbf100742cf9efd1a746297da0ed8a
Kingview Touchview version 6.53 suffers from an EIP direct control vulnerability.
f614238bf00bbff01c4cacb0de5e0d817d19edb0c4b62a906b365aace0a82525
Kingview Touchview version 6.53 suffers from multiple heap overflow vulnerabilities.
37f45498f2bff4a854d189b580bf99ea79b9dc21dfa6b458fdc14b0c63e2c8b6
Mandriva Linux Security Advisory 2012-100 - An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the imfile rsyslog module was enabled, a local attacker could use this flaw to cause denial of service via specially-crafted message, to be logged. The updated packages have been patched to correct this issue.
613dfcef425f4a5b661ad286cf09803a2aa7044018ac10a963dd2f0b79087e99
This whitepaper discusses the insecurity of poorly designed remote file inclusion payloads. This is part two.
357450c73effdc1d8d79eadc0c1966d2cf52597ec2b85ef66ef49ae5a9a554f2
Slim PDF Reader version 1.0 suffers from a denial of service vulnerability.
d1ffdeb69b179bf453e9df13d5f38f2ea80e5975170ad4c9dfbaf90077a7117b
Hashdays 2012 Call For Papers - Hashdays is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks. The event features many international IT security experts sharing their deep technical knowledge in an open environment and takes place October 31st to November 3rd, 2012 in Lucerne.
6e0ac8238a53b8ebe88af5e47d06f685e8e944f0c7bdf03885eef4a921bcec0d
The WD TV Live Streaming Media Player suffers from two implementation flaws that together allow for remote command execution as root.
30e038aaf42732de5c7c31917ec77feb71e99f5a032ca468e8d514c9181e41c1
Drupal Drag and Drop third party module version 6.x-1.5 suffers from a remote shell upload vulnerability.
d20be48fb476e6e13f7e457963b8e28ac136039c50a776c45993e46260ecf151
Autopagina CMS version 2.8 suffers from a remote SQL injection vulnerability.
a563a2bdda1882cafa89faf3ca21ba53255d47d50c45f1edde7b0866d86b906f
Umapresence version 2.6.0 suffers from remote shell upload and file deletion vulnerabilities.
34c100c2e912e0c0e0f50bd32af4870f83873de3311da8742d14b3108c80e283
Able2Extract and Able2Extract server version 6.0 suffers from a denial of service vulnerability.
ab32292905312ba912de21c5e6dc97b63078bc9aba3c2d7e2bb0d20ef3ff08fb
Able2Doc and Able2Doc Professional version 6.0 suffers from a denial of service vulnerability.
c10a756810f848125bb592c0fffa27ca8b2a9b951b84b8538dac2d376c20130c