Secunia Security Advisory - A vulnerability has been reported in Dell OpenManage Server Administrator, which can be exploited by malicious people to conduct cross-site scripting attacks.
1ff7053c932c7f89411943c94b63141c39870bb45965991c67f0833a18d51af1Secunia Security Advisory - A vulnerability has been discovered in the Browser Rejector plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
dbd8752656e046e21f11b9317e3de44407d323c32c23e3c882ea063ba9c1bcb0Secunia Security Advisory - Charlie Eriksen has discovered a security issue in Call of Duty Elite for iOS, which can be exploited by malicious people to conduct spoofing attacks.
7cc95ca0da88db6c28f77b669565cfafb8ae3e0cc0727f162e8065ba0f3d2eeeSecunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Zingiri Forum plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
cbc857c3ed93832c428eb15211c02b4ad653c6d623f9a7d8343d6661ec4d9cd2Secunia Security Advisory - A vulnerability has been discovered in the Store Locator Plus plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
6b1ffd55d64d7d689de8914c2b0e19b65e485c00ffdb351192b45d8cf9b95a34Ubuntu Security Notice 1681-2 - USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
f5f21baaa2090e5debbc39691d9b154f1862f668e44f0e1c14d83a6f6939615aIt appears that Google Wallet may share you information with EveryWhereReward.com, who in turn keeps it eternally.
5edf5546c420caa6f44f33049092f514cc7afff8025d13bb4f4f5990e6450979Technical Cyber Security Alert 2013-8A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.
03beba47c65945e35bec063cab8462697d97bcd471a95aa5041a5f69d2c6ef72This bulletin summary lists 7 released Microsoft security bulletins for January, 2013.
7fb4892634d68950b1c1b34d1dad4b4b64c5aefcd4e9e0908a039521c1f00bddJoomla Incapsula component versions 1.4.6_b and below suffer from a reflective cross site scripting vulnerability.
c5607c9cd5809d111ccf666b897697c5865f1a7009fc745dd22e6f522013f58fGentoo Linux Security Advisory 201301-7 - Multiple vulnerabilities were found in DokuWiki, the worst of which leading to privilege escalation. Versions less than 20121013 are affected.
9e606ab4f5f95cf13f5ab5240013341c9f613a2e9a91c233805895c86e691d5cGentoo Linux Security Advisory 201301-6 - Multiple vulnerabilities have been found in ISC DHCP, the worst of which may allow remote Denial of Service. Versions less than 4.2.4_p2 are affected.
52ff96ed35904c6394d9f7d674251ad0c4071daa8bc2b1b6ef5a6f6de136a80bGentoo Linux Security Advisory 201301-5 - An integer overflow vulnerability has been found in bzip2 and could result in execution of arbitrary code or Denial of Service. Versions less than 1.0.6 are affected.
8a05528f2228d83f188f79f0bc675cb52064b26c73f66d4731fa70b7cc5ff8fbGentoo Linux Security Advisory 201301-4 - A vulnerability has been found in dhcpcd, allowing remote attackers to execute arbitrary code on the DHCP client. Versions less than 5.2.12 are affected.
acda0c008db48a45e02bf73f135ff246c317aec49f5e1ad58b80b202b3396b13Gentoo Linux Security Advisory 201301-3 - Multiple vulnerabilities have been found in Tor, allowing attackers to cause Denial of Service or obtain sensitive information. Versions less than 0.2.3.25 are affected.
1ce5e4fcdcb2acbdce162b2be890b3cc7a74c271c3e1885443f9c9b318d98138Gentoo Linux Security Advisory 201301-2 - A buffer overflow in HAProxy may allow execution of arbitrary code. Versions less than 1.4.21 are affected.
0e698668e09470c5c10ccd013efb1b5912ebc7335d8c208b77cad093cd325cd0Ubuntu Security Notice 1681-1 - Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
2b169ae0a8e50a945bfa9a6ad63afd568bcd5a5ccd5f1e2be9c786c6f49cbde9Red Hat Security Advisory 2013-0148-01 - The openshift-origin-node-util package provides a set of utility scripts for a node. Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. A flaw was found in the way the administrative web interface for restoring applications processed options passed to it. A remote attacker could send a specially-crafted request to restorer.php that would result in the query string being parsed as command line options and arguments. This could lead to arbitrary code execution with the privileges of an arbitrary application.
8f14291a6449b7a55d102d48cd9ee2c37de9807dcead869d10b23bf4eefc36f5Red Hat Security Advisory 2013-0146-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
6118a8cf2e314e27f4cf69f7693d3a704d0411a71f251716e8fb966578fc0b3dRed Hat Security Advisory 2013-0147-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
e00206a24350569b47bfb61f429fabd4085299eccfacf1826906065bd76d8bf5Red Hat Security Advisory 2013-0144-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox.
75285fc97f2f6b9f19802b0e29b73892bc62549092979f361f6c616e2b8fd32aRed Hat Security Advisory 2013-0145-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird.
e41abefb340b2ba28b8f30ea33ea4c37cb0ec31a042cb9743efdff7047c66a32Debian Linux Security Advisory 2602-1 - Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information.
84e57463f9d197797cfd15e1cdc06623b1260db220e9e82febcdce2387718060
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed