Mandriva Linux Security Advisory 2011-057 - The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
31575dfd2690776449de387b510ce9d1Ubuntu Security Notice 1100-1 - It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash.
105acb722cf292813b82a0d12174cf64The MaxSite Anti Spam Image plugin version 0.6 for WordPress suffers from an anti-automation vulnerability.
4c8ed9d700c1f149be1e5cfdb316fb6bDebian Linux Security Advisory 2208-2 - The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains.
75b516f00fa3615cf38b24acd384bcfdUbuntu Security Notice 1099-1 - Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges.
9c6fb2fe0799cd3a6d93939fd62ae0acSecunia Security Advisory - A vulnerability has been reported in Cisco Secure Access Control System, which can be exploited by malicious people to bypass certain security restrictions.
319e4abb18a363cc83354774d563ff0fSecunia Security Advisory - Multiple vulnerabilities have been reported in the Translation Management module for Drupal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
913a53299fa4fb1da1768af3286a7167Secunia Security Advisory - A weakness has been discovered in PHPBoost, which can be exploited by malicious people to disclose sensitive information.
455fe2b0439faf1639fe974214720f23Secunia Security Advisory - SUSE has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
510ba6b7f1e3a49662b51d8d6591efc2Secunia Security Advisory - A security issue has been reported in VMware Workstation, which can be exploited by malicious, local users to gain potentially escalated privileges.
248b20bf82d41c649aaaad179f7f3873Secunia Security Advisory - Debian has issued an update for mahara. This fixes two vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
c5cc342b6f787ded1cbeb1ed8faa981fSecunia Security Advisory - Oracle has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
78d66c37aa457c6ce016dcfbbb27ef11Secunia Security Advisory - Fedora has issued an update for wordpress. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
229885c527e3a14786a1252410f078c7Secunia Security Advisory - A security issue has been reported in VMware VIX API, which can be exploited by malicious, local users to gain potentially escalated privileges.
3ad4c0b9979fb7d5ff5b996ca05db4daSecunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Spitfire, which can be exploited by malicious people to conduct cross-site scripting attacks.
e60eb59a346076872a10c11f6292afe3Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in RunCMS, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system and by malicious people to conduct cross-site scripting and request forgery attacks.
9402fdd5095edc2ad2ae9a12f325f96dSecunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1871396d393f28b4d275aecdf4c72e8fSecunia Security Advisory - Debian has issued an update for tomcat5.5. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious users to disclose sensitive information and manipulate certain data and by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
37dca43bb6c775ceac9661e438cf53f2Secunia Security Advisory - Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
533e437af87ada5739b9b4aacf14696aSecunia Security Advisory - Mesut Timur has discovered a vulnerability in Tracks, which can be exploited by malicious people to conduct cross-site scripting attacks.
ad0d9c65b86cc20eef9e050234b006a1Cisco Security Advisory - A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
25ea801f2bf5e839abd7519bd4099987Debian Linux Security Advisory 2208-1 - It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer (IXFR). Such an update while processing a query could result in deadlock and denial of service.
0d7b8fad9cfe5f882faa5640facec194Cisco Security Advisory - Cisco Network Access Control (NAC) Guest Server system software contains a vulnerability in the RADIUS authentication software that may allow an unauthenticated user to access the protected network. Cisco has released free software updates that address this vulnerability.
82f852f8537b251715887a935685082cA vulnerability exists in EMC Replication Manager which is embedded in NetWorker Module for Microsoft Applications (NMM). The vulnerability may allow arbitrary code execution on vulnerable installations of the product. Versions affected include EMC NetWorker Module for Microsoft Applications 2.1.x / 2.2.x.
dc245cc7888a0e5d3b03833c6d30192cMandriva Linux Security Advisory 2011-056 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name, which allows remote attackers to bypass intended access restrictions via an arbitrary password. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field. The updated packages have been patched to correct these issues.
163855e28dd547d30ccf2fe21546492e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed