Ubuntu Security Notice 1655-1 - It was discovered that LibTIFF incorrectly handled certain malformed images using the DOTRANGE tag. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
4a7f65cefa922e85d015f213933fc63494e8eb1461ad51812c19671891f2201a
Ubuntu Security Notice 1656-1 - It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. If a user or automated system were tricked into processing a specially crafted XML document, applications linked against libxml2 could be made to crash or possibly execute arbitrary code.
262ee9f9a12b339ba16f79249ef8e36409efc15e996ebb93531225f8cf7cd074
Ubuntu Security Notice 1654-1 - It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.
4e4ffd878942516a63dc2c18eebaaceaa243b9b51a7bca12fc67935cbc19a73f
Red Hat Security Advisory 2012-1547-01 - On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited Production Phase 2 marking the end of their support by Red Hat.
e47024754f89868ff40cf551d4b7a042bdb798d08bc28e77307b0063acc0048e
Red Hat Security Advisory 2012-1546-01 - On December 1st, 2012, per the life-cycle support policy, the following versions of Satellite and Proxy products, released on Red Hat Enterprise Linux 4, exited Production Phase 2 marking the end of their support by Red Hat.
0dfa1d295d9f08d1260be103787b198539795b9ec3784b51dffdce4a3bb79e7c
FOOT Gestion CMS suffers from a remote SQL injection vulnerability.
826fdb80b00c59a239f0011d0aa0465d2b756c37b08335c0586c44562e7190ae
Buffalo Linkstation (and various other Buffalo products) suffer from a privilege escalation vulnerability where a permanent guest account can be used to change the administrative password.
f44c4b344c2520f3a2486cf44d535e312b8c1fef9a6529e1abdbc45dbca66622
Kordil EDMS version 2.2.60rc3 suffers from a remote SQL injection vulnerability.
7a9a4f2c82af1753cf8f7379fed5affc3dbba7187566bd35e59ff78b1496719c
Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
41702735cf4b56c7def4c67e3130258a055554c9763ac0689c215f91b92921a9
Secunia Security Advisory - Multiple vulnerabilities with unknown impacts have been reported in cPanel.
a905e569cb8358a6536c1714d5d0bd2d1ec9a1404411676d66e802fa17df0961
Secunia Security Advisory - Citrix has acknowledged multiple vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
2b2955e6a616fe99f86e20843a4c44e9ba97015d5fb4008d03ad08127a7c2d9e
Secunia Security Advisory - Multiple vulnerabilities have been reported in Red Hat CloudForms, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and perform certain actions with escalated privileges, by malicious users to disclose and manipulate certain data and cause a DoS (Denial of Service), and by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, manipulate certain data, cause a DoS, and compromise a vulnerable system.
ec36504bfd255c9d7d09af887991917f24e5df51468a8074b1c20556cd1e42d9
Secunia Security Advisory - Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
b6541f1a44b199ec059f814f2bb284c582b6007968ac1e08d16ad8c49e456ea8
Secunia Security Advisory - Red Hat has acknowledged a vulnerability in Red Hat Network Proxy and Red Hat Network Satellite Server, which can be exploited by malicious people to bypass certain security restrictions.
3e53409dca3d0d01cd85cb60d9ceeb27e51c4fcecae4c4965bce19511585cfa9
Secunia Security Advisory - A vulnerability has been reported in Mesa, which can be exploited by malicious people to cause a DoS (Denial of Service).
36288d5c59bef2e03db87fa55019742bc6f417a56379f2133e5d3d7b2446ff5f
Secunia Security Advisory - SUSE has issued an update for xen. This fixes two vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
af86400701b08f591a4a18686cac3d65b4caf241cef267b69bec9fa6ac7f1c9b
Secunia Security Advisory - Kaveh Ghaemmaghami has discovered a vulnerability in Opera, which can be exploited by malicious people to potentially compromise a user's system.
feb280b94dcb421499f542dc19675d08d7199fd19b7aa665304bef195b712877
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
4113334039c29cfd3883f500ca7ecc1fa5b54c4098d54977aa8abc14c3c61d0e
Secunia Security Advisory - Ubuntu has issued an update for linux-ec2. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
e71486efb667eb645cb564569df002a50e90934cda3cbe4d932059613bc7aa4d
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
4124d07c25f548f87f53bc61547d000b42874a40028b997b886165f7c0767f8e
This Metasploit module exploits a vulnerability in Ektron CMS 8.02 (before SP5). The vulnerability exists due to the insecure usage of XslCompiledTransform, using a XSLT controlled by the user. The module has been tested successfully on Ektron CMS 8.02 over Windows 2003 SP2, which allows to execute arbitrary code with NETWORK SERVICE privileges.
2dda141b54a2d9b1cc61d181c833e4fa97868dcf6a148604c0bdaeebed78af75
This Metasploit module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root.
a8cae2783ae383b985cfe414beea92207b93fca99d51ada21c788b6eff779ccc
ipset allows administration of sets of IP addresses/networks, ports, MAC addresses, and interfaces, which are stored in hash or bitmap data structures. These can then be used in conjunction with iptables to do fast presence lookups.
cb5b02deab8521946fd473b77c40f00452b76fed621f0eee76746c74e89e4c3c
The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.31 are affected.
74e285db6d16f94ed3552ccea4024d4d096965cbcd236bc2ba5d83beab7e0fda
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate(). Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.27 are affected.
1f71f1e689097b01826957ede5576c3f27e8009359fb6acaa921b0e52b63fe43