Apple Security Advisory 2013-09-12-2 - Safari 5.1.10 is now available. Multiple memory corruption issues existed in JavaScriptCore's JSArray::sort() method. These issues were addressed through additional bounds checking.
dad50264ba84704a812b063a6db4caf4aa8ffcc67468560920131a15005a4899Apple Security Advisory 2013-09-12-1 - OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND issues, ClamAV issues, and more.
6ba59298aa5785b3b0ac181767509f821759a4fbc0ab6e1b3056eb65c22a59a5WordPress Design-Approval-System version 3.6 suffers from a cross site scripting vulnerability.
da5fca60cbc29c0c681a78a9d1ee68b79784e24c908d0ab134d90d49123bad9cZimbra Collaboration Suite (ZCS) version 6.0.16 suffers from a session replay vulnerability.
e40ecf664aac328775e95496dca013cb8ba4e09dc8d94fa529dc1186989c0d37Mandriva Linux Security Advisory 2013-234 - Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. It was shown that the handling of the 'ALLOWED_INCLUDE_ROOTS' setting, used to represent allowed prefixes for the {% ssi %} template tag, is vulnerable to a directory traversal attack, by specifying a file path which begins as the absolute path of a directory in 'ALLOWED_INCLUDE_ROOTS', and then uses relative paths to break free. To exploit this vulnerability an attacker must be in a position to alter templates on the site, or the site to be attacked must have one or more templates making use of the 'ssi' tag, and must allow some form of unsanitized user input to be used as an argument to the 'ssi' tag. The updated packages have been patched to correct this issue.
d3f769be8b513a5267862bd72b2ed194d642228aa7ec807789ae85a17661ab3bMandriva Linux Security Advisory 2013-233 - The string formatting of subjectAltName X509Extension instances in pyOpenSSL before 0.13.1 incorrectly truncated fields of the name when encountering a null byte, possibly allowing man-in-the-middle attacks through certificate spoofing. The updated packages have been patched to correct this issue.
a43120d106d63684cf3f88a50e2e526955d2903de89c95489a0ab2bb2069c224Mandriva Linux Security Advisory 2013-232 - Multiple vulnerabilities has been discovered and corrected in libmodplug. An integer overflow within the abc_set_parts() function can be exploited to corrupt heap memory via a specially crafted ABC file. An error within the abc_MIDI_drum() and abc_MIDI_gchord() functions can be exploited to cause a buffer overflow via a specially crafted ABC file. The updated packages have been patched to correct these issues.
7b62b10c82df134d371fb8b828bfb1927587629da00fb96802d432f68e2cf924Debian Linux Security Advisory 2753-1 - It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.
48974ef0719214c241b3c1f2c20f0ed60828b426c7894f1ff79b784caed12264WordPress Mukioplayer plugin version 1.6 suffers from a remote SQL injection vulnerability.
f4235fd16386ccd066515e73b527810f8e2d1b62791b18ca6004067dad2a258eUploadify version 2.1.4 suffers from cross site scripting, arbitrary file deletion, and arbitrary file upload vulnerabilities.
918baa1c8fe8fe39eaf0e9e6e7cb98daa4c7e1731d544f54af20ff4dd8536e5dGentoo Linux Security Advisory 201309-5 - Multiple vulnerabilities have been found in pip, which may allow remote attackers to execute arbitrary code or local attackers to conduct symlink attacks. Versions less than 1.3.1 are affected.
cf34ce7f1f43208c3d036aa2d82aa90e93b5f11d10ee09e4278f847c39b3ab12Ubuntu Security Notice 1950-1 - It was discovered that Light Display Manager created .Xauthority files with incorrect permissions. A local attacker could use this flaw to bypass access restrictions.
97f3d2dd36209179c6752c663f75fe065e88a11c91f09fb4f74f01a7e2a26595GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
00df8902c7cef4d2440d36ca2a45985853eb36c34a4163bc995c3578030eeef5OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
b4bc70bfb54ede8ed657cc7f669b5f58bc5e20eabf9b01ca107a6876b08bed35Zimplit CMS version 3.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
7c64f74b70c42cb2afd9280daf97f66e95d668f1a9a8b1da8249929adb843ef1This whitepaper discusses the ImmuniWeb Self-Fuzzer Firefox Extension. It is designed to detect cross site scripting and SQL injection vulnerabilities in web applications.
6f6965c6ee77da56e8c4cd79550ce7ac4fc004582bbbf1c3acceb2d70e88bad8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed