Suprema BioStar 2 version 2.8.16 suffers from a remote SQL injection vulnerability.
d4430e30903a9db88dc6330e948ac08547e1622d7051cf8fedc3868bf8e104d1Gentoo Linux Security Advisory 201208-6 - A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks. Versions less than 0.8.1-r2 are affected.
6c9550b2609f2f265e43e99e0791a7773adfb69954890e5f2e3a22021e0ab085Gentoo Linux Security Advisory 201208-5 - An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks. Versions below 2.710.0 are affected.
3bcd9906a91e0e60116a8e74a6871bf2c3d7a8bbd8baaef329447255da0a07b9HP Security Bulletin HPSBMU02800 SSRT100921 - A potential security vulnerability has been identified with HP Service Manager and HP Service Center Server. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS). Revision 1 of this advisory.
4ad254c5b89030dfa92dc00ec1f085e885f2d1db130e20182a5f2d7e3cae8aa6HP Security Bulletin HPSBMU02802 SSRT100923 - A potential security vulnerability has been identified with HP Fortify Software Security Center. The vulnerability could be remotely exploited to allow disclosure of privileged information. Revision 1 of this advisory.
b89198f8d8035895450565a76fb38a1af3fd87d8fcc89ef43485ca94649527feHP Security Bulletin HPSBMU02801 SSRT100879 - A potential security vulnerability has been identified with HP Fortify Software Security Center. The vulnerability could be remotely exploited to allow unauthenticated disclosure of information. Revision 1 of this advisory.
5898d749444d507cbdd005d51e64feb010b4f1f5cc9cf4790bc7b7467217d7ffGentoo Linux Security Advisory 201208-4 - Multiple vulnerabilities have been found in Gajim, the worst of which may allow execution of arbitrary code. Versions less than 0.15-r1 are affected.
671a0b3219a4ed58fa722ddbf83b1ae6f5f37fe1b6371f1c987d2f448e285a5bGentoo Linux Security Advisory 201208-3 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 21.0.1180.57 are affected.
0e4ab358111560250603ed9103607bfa7bafe146bbf5da81c989bb38fe4435e1Gentoo Linux Security Advisory 201208-2 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.13 are affected.
34e2e5b7d34db5d93643e67dcebb7c67afd870204a7c4b3718e99acee2ae0d8bGentoo Linux Security Advisory 201208-1 - A buffer overflow in socat might allow remote attackers to execute arbitrary code. Versions less than 1.7.2.1 are affected.
5ba3149b5f1771cf176c32952ee57223f04b09538cb30fff6bad71d6dd9db4d3Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.
5f1ac3455cca303b5f6aca689847449cc9dd5b0bb1082518a0a561ff16855b85Debian Linux Security Advisory 2528-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.
71b51ce0cbe692a4624106eb180f6e02df450db451499c2178a3cc4a7dce2ff3Red Hat Security Advisory 2012-1169-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.
7d5b013b987ff091dd7a23fc5f576eb318a9b088700f78e918b6ba97b41e66c5Red Hat Security Advisory 2012-1156-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the i915_gem_execbuffer2() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. A missing initialization flaw was found in the sco_sock_getsockopt_old() function in the Linux kernel's Bluetooth implementation. A local, unprivileged user could use this flaw to cause an information leak.
fbd1918309805b53a8e1ad016730e6bf9f865aba9924026c70184a097b192aecRed Hat Security Advisory 2012-1168-01 - Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. Condor installations that rely solely upon host-based authentication were vulnerable to an attacker who controls an IP, its reverse-DNS entry and has knowledge of a target site's security configuration. With this control and knowledge, the attacker could bypass the target site's host-based authentication and be authorized to perform privileged actions. Condor deployments using host-based authentication that contain no hostnames or use authentication stronger than host-based are not vulnerable.
d2ced5174e3b3e5aa23d5bb70fe45a1a71a1a33cadc9611bc0fa7bc2e78e8c66haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
6950672e88376f5de7976d0ac9e479c6a3ecdb8d2d214887347eb24f367d5d8eHP Security Bulletin HPSBHF02804 SSRT100631 - A potential security vulnerability has been identified with HP Integrity Server models rx2800 i2, BL860c i2, BL870c i2, BL890c i2.The vulnerability could be exploited to cause a Denial of Service (DoS). Revision 1 of this advisory.
4e4cf0259e45a78879f22245f35ad765f2328c35712f2d71b73b33d87d5d00f6Mandriva Linux Security Advisory 2012-131 - Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. The updated packages have been patched to correct this issue.
d2dfc5f2426fd1d0773603a84cfba004ef4a99ccaa10eaee9b7fdd6c41ecb855Total Shop UK eCommerce, which is based on CodeIgniter version 2.1.2, suffers from a cross site scripting vulnerability.
5152d11e96f30211a557516deffd45d1b790edd8b739f21a1dd10b248c3997c9ProQuiz version 2.0.2 suffers from cross site scripting, local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.
cd96527f58d918d01dbe7ff75611b1729daf91b7449eeb441565cef7115b0a2aPure-FTPd version 1.0.21 crash proof of concept exploit that leverages a NULL pointer dereference.
c2280992211c9ea41ac2e2ddf61f4ee7e7455a52f000ddfb5f9302a7a81ccbc0The Call For Papers for nullcon Goa 2013 is now open. It's the time of the year when they welcome research done by the community as paper submissions for nullcon. So, sip your coffee, dust your debuggers, fire your tools, challenge your grey cells and shoot them an email.
1a6082463e38b8465a0cf348d013c75a5c1276abd719ab4e2d1aec4ffee01c92Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.
15e682bf17192a767c067672be6251b9e0fad5a2b5601ea063b950e8a67a46aeDebian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
19d56ac85b34319b9d93e656f85139e1d5a6ad3686507f40c07541d97d990968Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.
f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.
60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed