Ubuntu Security Notice 1222-1 - Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. Benjamin Smedberg, Bob Clary, Jesse Ruderman, Bob Clary, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, Jesse Ruderman, and Marcia Knous discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.
18eaedd819de16906bb6ee55d9fdded3Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
92236cfa490c9a67d1e989b2f6397d43Secunia Security Advisory - Fedora has issued an update for Django. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service).
54c867a8b1803552aa68f3b90e9d0f0dSecunia Security Advisory - A vulnerability has been reported in the T3BLOG extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.
abcf5051e43a3e853cbcdbb18623fb2cSecunia Security Advisory - A vulnerability has been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
60c2352733c631f49d5d8772363456dbSecunia Security Advisory - A vulnerability has been reported in Cisco Jabber Extensible Communications Platform (Jabber XCP), which can be exploited by malicious people to cause a DoS (Denial of Service).
79ed1ff50d009e720c755ab5e473d2c3Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
609b2378b9801277d9ef534478271091Secunia Security Advisory - A vulnerability has been reported in Cisco Unified Presence, which can be exploited by malicious people to cause a DoS (Denial of Service).
92b8c76ea10655338192b75e6642c901Secunia Security Advisory - Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
fd4c826daf17dbba5a98096575270053Debian Linux Security Advisory 2313-1 - Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox.
9715e7886f6bef350c41edfcd615f1aeUbuntu Security Notice 1220-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
c545d8cb75d14184310084cc7b87d4ddDebian Linux Security Advisory 2312-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
15e7f94d61ddd429cbd7a0cfafdbc482Ubuntu Security Notice 1219-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.
678fa3f9121155e428082acdf2e3e5eeUbuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
35d3d5b3963807dd2b342cfa8593fb78AmpJuke version 0.8.5 with Apache mod_negotiation suffers from a directory listing vulnerability.
e7d9139bd85d619c4934e1efe35d35f3Ubuntu Security Notice 1217-1 - Kristian Erik Hermansen discovered a directory traversal vulnerability in the SSLFile indirection base class. A remote attacker could exploit this to overwrite files with the privileges of the Puppet Master.
e58e47fd47ca9256b81bbdd146d94c3eRed Hat Security Advisory 2011-1344-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
4aa7c0c184940dfe96df18044d99380bGame Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.
1c9002bef34833a3228ab05a4050df1cGame Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.
fd6a8ff6ff4184618a15fba9e20a6ca3Red Hat Security Advisory 2011-1343-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
4d6cde7b4ebe28ba40dcff0ceca6125dUbuntu Security Notice 1213-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the Gecko rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Thunderbird. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious E-Mail could possibly use this to access the local file system. Various other issues were also addressed.
985adad35bdb8af5c09e8fbf916aa443Red Hat Security Advisory 2011-1342-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content.
7324394487fc6d3372a2e96cb643ac72Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.
d2c7e7e5247983f92df96feda5d4bcafHP Security Bulletin HPSBUX02707 SSRT100626 - A potential security vulnerability has been identified with HP-UX Apache Web Server. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
8a678b484a05b954ab86372e530db32dSecunia Security Advisory - Multiple vulnerabilities have been reported in Quagga, which can be exploited by malicious people to cause a DoS (Denial of Service).
a21abb84d99a983576afe9ef6138e982
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed