Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed.
2daff38dec5e5b4254f2f5b46b1f6f9eMonth Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability.
9483d4cd1c3443828f7a3a772fc8c077Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart suffers from a file upload cross site request forgery vulnerability.
cb668643220bc419123a9b08b22f323eMandriva Linux Security Advisory 2010-190 - libtiff allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. The updated packages have been patched to correct this issue.
1911159cfabb247e0ac6341a8eaf76fbHP Security Bulletin HPSBMA02558 SSRT100158 - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code under the context of the user running the web server. Revision 3 of this advisory.
6785a0e2f09b9a73aad4f96eec1d230bVMware Security Advisory 2010-0015 - ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages.
9f99f58fbdd8d777048475ace5b9e8a4Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities and weaknesses, which can be exploited by malicious local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or gain escalated privileges, and by malicious people to disclose potentially sensitive information.
25d26f3acdc8d948624b992d9b1f9b6fSecunia Security Advisory - Ubuntu has issued an update for libgdiplus. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
aab29f736424a0370f1115463e7dbc39Secunia Security Advisory - Ubuntu has issued an update for libhx. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
e0dd05e66020acfe676dbf5fa155a3a5Secunia Security Advisory - Gentoo has acknowledged some security issues in fence, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
bf7d77d1f05b773ef0fd6343adc6ccc1Secunia Security Advisory - A vulnerability has been discovered in Pluck, which can be exploited by malicious people to conduct cross-site request forgery attacks.
cda67f0037af2e149752616bef0f38f5Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Zimplit, which can be exploited by malicious people to conduct cross-site request forgery attacks.
9ddd62066e24335ab21123c4c392d507Secunia Security Advisory - Multiple vulnerabilities have been reported in the Imagemenu module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
9f8c06b7fe117c64971924aa988ace08Secunia Security Advisory - A vulnerability has been reported in the Imagemenu module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks.
f4c05d0b343dd5b4e38b96f62bb3f99dSecunia Security Advisory - A vulnerability has been reported in the PECL Alternative PHP Cache (APC) extension, which can potentially be exploited by malicious people to conduct cross-site scripting attacks.
b286de1c963a89dc76a4414ad1b865d6Secunia Security Advisory - A security issue and a vulnerability have been reported in the Memcache module for Drupal, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks.
231d79f8c60e7889f4cacaffa210e989Secunia Security Advisory - Julien Cayssol has reported some vulnerabilities in Artica, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, SQL injection attacks, and disclose sensitive information.
c9f6609888a0ac3b0dfc7069fd7397a7Secunia Security Advisory - Multiple vulnerabilities have been discovered in JE Guestbook component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
9057856e7743bbf8c58b6dc1c2e51f97Secunia Security Advisory - Fedora has issued an update for php-pecl-apc. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
002183eb517c96eb2237811f9e1598c0Secunia Security Advisory - Some vulnerabilities have been reported in webSPELL, which can be exploited by malicious people to conduct SQL injection attacks and bypass certain security restrictions.
b277b7ba191af1b1cf0e303d261d3c8bSecunia Security Advisory - Fedora has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
40063580dcd191191a07fe4c1b057bafSecunia Security Advisory - A vulnerability has been reported in 3Com H3C 3100 and 3600 Series switches, which can be exploited by malicious people to cause a DoS (Denial of Service).
52d5677545bfec66f5d7d1e597660020Secunia Security Advisory - A security issue and some vulnerabilities have been reported in phpCAS, which can be exploited by malicious users to perform certain actions with escalated privileges and disclose sensitive information and by malicious people to conduct cross-site scripting attacks.
cf9049e9a542665d56ad7be7c9ee04fcSecunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESX Server, where one has an unknown impact and the others can be exploited by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions and by malicious people to manipulate certain data, conduct spoofing attacks, bypass certain security features, and cause a DoS (Denial of Service).
eb028bbecfe30c38f7cd84704e55102eZero Day Initiative Advisory 10-187 - This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe process which listens by default on TCP port 11406. The problematic code resides within a function responsible for reading a block of network packet data. A parameter to this function is initialized to 0 and under certain conditions this value will be accessed before properly initialized. This causes a NULL pointer to be dereferenced and subsequent application crash due to a lack of exception handling. Successful exploitation leads to immediate termination of the fastback server.
875f2b08848724bbbf7c0318f1980d3c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed