Secunia Security Advisory - A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct cross-site scripting attacks.
bd906de34ae82246e1df62d7546f1562Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
66f5f6377fd559f737b581f46c2053bfDebian Security Advisory 1621-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
601bf0653fea1e6af4c2a24e60ea81aaDebian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.
2f4fbaf034191b48a5243837efbad92cDebian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.
bc5cc0626a47ff39888e21678e8ff28cDebian Security Advisory 1618-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.
4e3c3e8218a4e810cfd143c743eaee31Debian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
ceabffda6d4cb45cef97943d6e18bd28Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16.
c42b0d5c1d78fe93fed6e40c07dbe7ccA vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control. Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user.
c1dc5a2b4f3ec5b589d8087402e03e9dA vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered.
6aee3edef397f5bdbe93bef7b3d46705A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code.
fd7eab9f0357ba1ffd8f1eb1b36d1baaRealPlayer suffers from a vulnerability where the WindowName and Controls properties of rmoc3260.dll do not manage heap memory properly resulting in a use after free condition which can overwrite heap management structures resulting in code execution. RealPlayer 11, 10.5, 10, and Enterprise are all affected.
6770b3f1177517eb6841ebc11efa2528Security Objectives Advisory - The Cygwin installation and update process can be subverted to a lack of checksum verification. Cygwin setup.exe version 2.573.2.2 is affected.
0d95149f3d415d7bc0ba049956304dd5Secunia Security Advisory - Mark Janssen has reported some vulnerabilities in Blackboard Academic Suite, which can be exploited by malicious people to conduct cross-site request forgery attacks.
f43d0f8db7b09debe264709947731072Secunia Security Advisory - Mr.SQL has discovered a vulnerability in Atom PhotoBlog, which can be exploited by malicious people to conduct SQL injection attacks.
784f6238bbf1dd434596aff77b3a1376Secunia Security Advisory - BlueCat Networks has acknowledged a vulnerability in BlueCat Networks Adonis, which can be exploited by malicious people to poison the DNS cache.
dc00a8a76304a957eead7b0780c8cd38Secunia Security Advisory - IRAQI has reported a vulnerability in Live Music Plus, which can be exploited by malicious people to conduct SQL injection attacks.
479fc5add8b7e28f4b0cbd6198d679daSecunia Security Advisory - Some vulnerabilities have been reported in Lore, which can be exploited by malicious people to conduct cross-site scripting-attacks.
ca76756e5a02a5f4ddb6201dd2b607edSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
c83703fa6dbfd5117f388cf9d0283151Secunia Security Advisory - Red Hat has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
aec4063975a15fcbd0793e12405f7055Secunia Security Advisory - Red Hat has issued an update for vsftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
e421c352e0bd15c9e87ac94dcd262e03Secunia Security Advisory - Red Hat has issued an update for rdesktop. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
df154abc44a20fee3ff4dae01eab71d2Secunia Security Advisory - Red Hat has issued an update for coreutils. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
f49ceac0d7c62238bbd1b0195df3e212Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to bypass certain security restrictions.
906151d7db6572d95c9608ac83d8354cSecunia Security Advisory - Red Hat has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to manipulate certain data.
417e084c75c9f8618a20345cb57af521
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed