Debian Security Advisory 1475-1 - Jose Ramon Palanco discovered th a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.
5154f4b406cba7657846a829fa882a0fGentoo Linux Security Advisory GLSA 200801-14 - The /usr/bin/blam script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) being included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 1.8.4 are affected.
cb1fe56737775e672c4939c2171655c0Gentoo Linux Security Advisory GLSA 200801-13:02 - The IRC_PART() function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied. Versions less than 0.10.4 are affected.
758ec244e172e362d03c4518ac61d8fbGentoo Linux Security Advisory GLSA 200801-12 - Luigi Auriemma reported that xine-lib does not properly check boundaries when processing SDP attributes of RTSP streams, leading to heap-based buffer overflows. Versions less than 1.1.9.1 are affected.
ddae71eec629db2527290e569fec514aGentoo Linux Security Advisory GLSA 200801-11 - CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession._get_file_path() function before using it as part of the file name. Versions less than 3.0.2-r1 are affected.
bab49fc0b73c1600d9469fc44cecd4daSecunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS / IR, which can be exploited by malicious, local users to cause a DoS (Denial of Service), or to gain escalated privileges.
7bfaf629f8e73c38c4f50a4184f04363Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in multiple Avaya products, which potentially can be exploited by malicious people to compromise an application using the library.
8b34852adbf98c714e15be4af70da8f0Secunia Security Advisory - NBBN has discovered a vulnerability in phpBB, which can be exploited by malicious people to conduct cross-site request forgery attacks.
89bf4e813ba0a7e057d6db9d436c039eSecunia Security Advisory - NBBN has reported a vulnerability in Woltlab Burning Board, which can be exploited by malicious people to conduct cross-site request forgery attacks.
dbabddd8b835754772b4ab5463a1b734Secunia Security Advisory - rgod has discovered a weakness in ImageShack Toolbar, which can be exploited by malicious people to potentially disclose sensitive information.
8de7a0425be8a5e7f495e64316dc39b4Mandriva Linux Security Advisory - A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration.
8909b5c5d3679c095cddeb45e29c6a08Mandriva Linux Security Advisory - Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.
480ce9401b03aa8a2e001186d385295dSecunia Security Advisory - 0in has discovered a vulnerability in Tiger Php News System, which can be exploited by malicious people to conduct SQL injection attacks.
975b5f11ee6d7f182278a18c8266db98Secunia Security Advisory - Elazar Broad has discovered a vulnerability in Move Networks Upgrade Manager, which can be exploited by malicious people to compromise a user's system.
8cb01b18485bb6aa83f23a53493970bfProficy Information Portal version 2.6 passes a user's password base64 encoded on the wire, allowing for it to be easily intercepted and decoded.
74d3e66416dad59621861f8f10521ac8Proficy Information Portal version 2.6 has a flaw that allows an authenticated attacker the ability to upload arbitrary code on the server.
951bc80e0fa631556e175dfc730d384aCimplicity HMI version 6.1, 6.1 SP5, and 6.1 SP6 all suffer from an exploitable heap overflow vulnerability.
4ec75e1f7dcdd554a9bb7b038ee35f58Secunia Security Advisory - rPath has issued an update for bind and bind-utils. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
ac562d8e4b7bbcec89b09ab35f90ee3bSecunia Security Advisory - Will Drewry has reported some vulnerabilities in International Components for Unicode, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
ed1ffff0af491fb58a9aae6933620f36Secunia Security Advisory - Mandriva has issued an update for x11-server. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
11389e0e54e470e010b86a147dbeeb74Secunia Security Advisory - Fedora has issued an update for hsqldb. This fixes a vulnerability, which has unknown impacts.
4ef462f7b27f41fa591dc8805384eec1Secunia Security Advisory - rPath has issued an update for CherryPy. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security settings.
18f68c1a6e5aa9d6f1d158dbdd66b849Secunia Security Advisory - Red Hat has issued an update for icu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
0f9b32294188160a9c30a86a7eda6bd7Secunia Security Advisory - Fedora has issued an update for pulseaudio. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
34aa8d1c3a04a023517fcec79c178990Secunia Security Advisory - Fedora has issued an update for xorg-x11-server. This fixes a security issue, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions.
d81f063c6d457ed2f52b20bcf93c20f7
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed