Secunia Security Advisory - Slackware has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
f67a25a97af2b0aa04c06153ce53b475Secunia Security Advisory - A vulnerability has been reported in feynmf, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1c6d1e4fe5f0278f7ccd0737da2df703Secunia Security Advisory - Tim Brown has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
d2defa7221977c680124ad9d1ea6f932Secunia Security Advisory - A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system.
fb7f4722d23bd00a2b7cea0b092a8175Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
c61953cd66f9d45ae2767f3433a17404HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
6a9e01625b66130071659acf429cd464A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
1bf464d15cc6808d2e855feb01c1d0c7Citrix NetScaler version 8.0 suffers from a weakly encrypted cookie vulnerability in the web management interface.
8cd1ed5dff39d61e48a4bd386c1acff0Yahoo! suffered from a cross site scripting vulnerability using UTF-7. This has been fixed already.
ae5efe8d557f6c417545242adfecd106Gentoo Linux Security Advisory GLSA 200711-34 - Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 2.0.2-r2 are affected.
c33d31a631b5831bdc0888c4124f1862Gentoo Linux Security Advisory GLSA 200711-33 - Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process. Versions less than 258 are affected.
91fbe75e5024d67237681c85d6b56e08PHP versions 5.2.4 and below suffer from a htaccess safemode and open_basedir bypass vulnerability via mail.force_extra_parameters.
877976e6ec9433c29493a93433f0964aDebian Security Advisory 1412-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
7ed208a8827375254093620d6928cd88Debian Security Advisory 1411-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
e010c9333d7617194bd9ea2dd48ed563Debian Security Advisory 1410-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
60a89e291c4c26e67721240a8b989b61Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour.
af94122a03abb9e752f705e053cd564aSecunia Security Advisory - Adrian Pastor has reported some vulnerabilities in Linksys WAG54GS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
e56a4b5999b6d60da209274381149c14Secunia Security Advisory - Gentoo has issued an update for feynmf. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
48f302842a164c2488cb37c9ead988bfSecunia Security Advisory - h07 has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system.
0508607272787bf95c93a2d85daeafafSecunia Security Advisory - Gentoo has acknowledged some vulnerabilities in cstetex, where some have unknown impacts and others can be exploited by malicious, local users to disclose and manipulate sensitive information, or by malicious users and malicious people to compromise a vulnerable system.
368dbc2e13b7032c1cd6f312008ef308Secunia Security Advisory - A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a DoS (Denial of Service).
45b9c251b9281da5d47e86f4ca50dbdbSecunia Security Advisory - Debian has issued an update for ruby1.8. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
c85b27e7a7f2255c7ee87956bd390e24Secunia Security Advisory - Gentoo has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.
d304b0788bc6c530ee358a86550329caSecunia Security Advisory - Debian has issued an update for libopenssl-ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
9524ac92071237d99d367749cea312d1Secunia Security Advisory - A security issue has been reported in Liferea, which can be exploited by malicious, local users to gain escalated privileges.
0553c4b5215f2d9b50d6e341fa31a248
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed