Secunia Security Advisory - Luigi Auriemma has discovered two vulnerabilities in Siemens SIMATIC WinCC Flexible, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
5fd55fcd2bf9dfe1a7c458925dcb0aadSecunia Security Advisory - Ubuntu has issued an update for linux. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges.
83ccde2721dc9a5610242d059d873cfbSecunia Security Advisory - High-Tech Bridge SA has discovered multiple vulnerabilities in OrangeHRM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
dc41a2ad0f25378c562f0662e0ac2c18Secunia Security Advisory - Two vulnerabilities have been reported in ExpressionEngine, which can be exploited by malicious people to conduct cross-site scripting attacks.
1e42193399830540d2ee9dd3486ab531Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Netcool/Reporter, which can be exploited by malicious people to compromise a vulnerable system.
d005fb1122c38fc3a06f1cc02d2672a1Secunia Security Advisory - A vulnerability has been reported in Hastymail2, which can be exploited by malicious people to conduct cross-site scripting attacks.
b148489b362211ad93e46a6bc428b708Secunia Security Advisory - Multiple vulnerabilities have been discovered in Manx, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks and compromise a vulnerable system.
a44950861322e8e2d0c11b41f1dace8aSecunia Security Advisory - Multiple vulnerabilities have been discovered in HP Network Node Manager i, which can be exploited by malicious people to conduct cross-site scripting attacks.
11eb5acb8db30ce8eb8a9235a7ccc252Ubuntu Security Notice 1285-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
e74dde7810f3e397c92db107a7f9f975Red Hat Security Advisory 2011-1496-01 - A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon will be restarted automatically.
eaf5a648dc8ea2f318db3f97b4f080b0Red Hat Security Advisory 2011-1479-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Various other issues were also addressed.
d02c2d86522890a0fceb829fd283f7ccSecunia Security Advisory - Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
0f4d182dd6f043de4b0caf3e2ae20f69Secunia Security Advisory - Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
0f4d182dd6f043de4b0caf3e2ae20f69Secunia Security Advisory - Ubuntu has issued an update for update-manager. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to conduct spoofing attacks.
1b8944ca9b8007dfd8416fe83eb55fbaSecunia Security Advisory - Multiple vulnerabilities have been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system.
91b6c948e35ff03718e5120257088490Secunia Security Advisory - Fedora has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
4a911dcd4412e11418fc23f90f6cf26eSecunia Security Advisory - Nick Freeman has discovered a vulnerability in Avid Media Composer, which can be exploited by malicious people to compromise a vulnerable system.
71b81601a515026855f8c5332f45d883Secunia Security Advisory - Nick Freeman has discovered a vulnerability in Virtual Vertex Muster, which can be exploited by malicious people to disclose sensitive information.
fcfcf4ab97d08e2ae8c1c37d11d481b5Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).
a1f70fe5871f01fdc4bd32415ec5d717Secunia Security Advisory - A vulnerability has been reported in Apache MyFaces, which can be exploited by malicious people to bypass certain security restrictions.
c19ce0e374b75eaea85882f4b65916ffSecunia Security Advisory - A vulnerability has been reported in Oracle Mojarra, which can be exploited by malicious people to bypass certain security restrictions.
6b0720565498d5c050937ee1fd5a270aSecunia Security Advisory - A weakness has been discovered in MediaWiki, which can be exploited by malicious people to disclose potentially sensitive information.
e899efec610fe6e61dfdfe79a5a89985Secunia Security Advisory - A vulnerability has been reported in Gitblit, which can be exploited by malicious people to bypass certain security restrictions.
d8bd096e4502649a1b5d48098f134948Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.
c03baf8f1f878fff1d40743cf60e284aZero Day Initiative Advisory 11-337 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. During decoding of the sample data, the application will explicitly trust an index from the partially filled buffer and then use that to calculate an address to write to. This can lead to memory corruption which can be converted into code execution under the context of the application.
10f78e6d499d58655257bf60e10da003
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed