ExtCalendar version 2.0 Beta 2 suffers from a cross site scripting vulnerability.
14a01ecebc1f2aca941cc89b1321c089Ubuntu Security Notice 905-1 - It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.
230ebfb801c7dd3050506c6006b4fd98Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.
0fccabbaf71e2011697935542bdec54cgetPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.
3fdb375f69fdba6afb5d299261d069a8Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.
96b5d56898cb42ff746d93184ad1b2cdMandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
ce54f70bd3712518207c76a2bbe77157Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.
603ea6e56f052454b43c7ca0c358fcc1The DATEV Active-X control suffers from a remote command execution vulnerability.
4751b84357cfad67cddca8f9f4529f30Secunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions.
d7c3cece8368548eb27ebb6c56e0fa47Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
6560c48f7f16fe8e0d34c81e38fb271eSecunia Security Advisory - Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.
400ecf6ba876514a39dd56de9dfb1069Secunia Security Advisory - A security issue has been discovered in XMail, which can be exploited by malicious, local users to gain escalated privileges.
17f709fbe16d004150ea87db105265e3Secunia Security Advisory - A vulnerability has been reported in Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks.
389d748b61a74eda2b5a9dd3915d33c1Secunia Security Advisory - Maciej Gojny has reported a vulnerability in WebAdministrator Lite CMS, which can be exploited by malicious people to conduct SQL injection attacks.
7628964387e260b9abbffcb696a6aa19Secunia Security Advisory - Two vulnerabilities have been reported in PHP, which can be exploited by malicious users to bypass certain security restrictions.
7cf015e71d55517a2b3de895f99b2843Secunia Security Advisory - A vulnerability has been reported in Website Baker, which can be exploited by malicious people to bypass certain security restrictions.
7e5b249bc94f294bc5677b0c6d6c47a5Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes multiple security issues, which can be exploited by malicious, local users to gain escalated privileges.
05a457b3145f86a459da13c792cc55d5Secunia Security Advisory - mr_me has discovered a vulnerability in Orbital Viewer, which can be exploited by malicious people to compromise a user's system.
e188b500c61068bcbff6a894bc21bab4Secunia Security Advisory - A vulnerability has been discovered in the HD FLV Player component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
ab12f61695bc465036d38aaa33d02367Secunia Security Advisory - Ubuntu has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
d6969fb23590eb8c083f87e2a83657f1Secunia Security Advisory - A vulnerability has been discovered in WikyBlog, which can be exploited by malicious people to conduct cross-site scripting attacks.
e8eb47b9cd8ff8670196e4044f728638Secunia Security Advisory - Matthias -apoc- Hecker has discovered a security issue in rbot, which can be exploited by malicious people to bypass certain security restrictions.
56be1c4e2f4c96a4be9d1e4a6b4ce3e4Secunia Security Advisory - A vulnerability has been discovered in Newbie CMS, which can be exploited by malicious people to bypass certain security restrictions.
7ea5122ff10b72f12e68fcd901cf6622Secunia Security Advisory - AbdulAziz Hariri and Mohammad Abou Hayt have discovered a vulnerability in Symantec Altiris Deployment Solution, which can be exploited by malicious people to cause a DoS (Denial of Service).
d17ef144e77ca498a4c9848f2ea99cdaSecunia Security Advisory - Multiple vulnerabilities have been reported in Article Friendly, which can be exploited by malicious people to conduct SQL injection and cross-site request forgery attacks.
35d5516a194e94fe97314fd6531a053e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed