Mandriva Linux Security Advisory 2012-026 - Multiple vulnerabilities has been discovered and corrected in postgresql. Permissions on a function called by a trigger are not properly checked. SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate authorities. Line breaks in object names can be exploited to execute arbitrary SQL when reloading a pg_dump file. This advisory provides the latest versions of PostgreSQL that is not vulnerable to these issues.
f728f35a754010929427e9f14844f505ZipCart version 6.x suffers from an access bypass vulnerability.
da0051d73b9160d001bdaafb0d37a99cCool Aid version 6.x suffers from access bypass and cross site scripting vulnerabilities.
0c69121ff538ea7479ed4ea4da7aca8aUbuntu Security Notice 1378-1 - It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32 characters. If a host name was exactly 32 characters, this issue could be exploited by an attacker to spoof the SSL certificate. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.
c6d497732c221a6c0a60ff2a9ac24a31Red Hat Security Advisory 2012-0343-01 - The IBM 1.4.2 SR13-FP11 Java release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
f9b74c4612832103615d8a6046b22b51Ubuntu Security Notice 1380-1 - The linux kernel did not properly account for PTE pages when deciding which task to kill in out of memory conditions. A local, unprivileged could exploit this flaw to cause a denial of service. A flaw was discovered in the TOMOYO LSM's handling of mount system calls. An unprivileged user could oops the system causing a denial of service. A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Various other issues were also addressed.
cbf670852c7d33349683932e7de814a5Ubuntu Security Notice 1379-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. A flaw was found in the Linux Ethernet bridge's handling of IGMP (Internet Group Management Protocol) packets. An unprivileged local user could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system. Various other issues were also addressed.
ce143cf8b1b8cc8e8cc1bb38636b82a1Debian Linux Security Advisory 2420-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.
84ac30183d557321f669490dc38a7881MediaFront versions 6.x / 7.x suffer from a cross site scripting vulnerability.
83c1c9fec0d359bcc14efea81dfd02f2Secunia Security Advisory - Avaya has acknowledged two vulnerabilities in Avaya Call Management System, which can be exploited by malicious, local users to disclose system information and cause a DoS (Denial of Service) and by malicious people to cause a DoS (Denial of Service).
ba56e6026877b4c6480cb9d84aca162cSecunia Security Advisory - Sony has reported multiple vulnerabilities in WonderDesk SQL, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
8762282507c35684323d3ac07fe8b5e0Secunia Security Advisory - SUSE has issued an update for cvs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
2102e90dd93a111b1842bea5d6f7b3feSecunia Security Advisory - Gentoo has issued an update for libvirt. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions, by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
7ce49608ed9166822c2cc2785f032906Secunia Security Advisory - MustLive has discovered multiple vulnerabilities in Webglimpse, which can be exploited by malicious people to conduct cross-site scripting attacks.
7331bbefc3d9fc16f1591ff47e407402Secunia Security Advisory - Debian has issued an update for puppet. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
c844a45ab3aee8d418fa86b506d19587Secunia Security Advisory - Sense of Security has reported a security issue in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions.
0a3a02cbeca3ba8cedb004c742696f9fSecunia Security Advisory - A vulnerability has been reported in lknSupport, which can be exploited by malicious people to conduct cross-site scripting attacks.
993b2e67e02b1fa43e47d71727238751Secunia Security Advisory - Ubuntu has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
f853470bbe1b7eb8f62ead6b504d40f4Secunia Security Advisory - Debian has issued an update for postgresql-8.4. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks and manipulate certain data.
0d2a4e7275c022c1434138bfc962d751Secunia Security Advisory - Ubuntu has issued an update for ruby. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
7149f43a9c04dfc5a1ce1502418b3df2Secunia Security Advisory - SUSE has issued an update for java-1_6_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
07de1120f142318e49003d1cf9b18760Secunia Security Advisory - A vulnerability has been reported in Sagem F@st 2604, which can be exploited by malicious people to conduct cross-site request forgery attacks.
868e3e007a1a06d4f981f0c2bdbde3cbSecunia Security Advisory - SecPod Research Team has discovered two vulnerabilities in NetDecision, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a vulnerable system.
8e9a4c45cec83d9642fd63ab28799406Secunia Security Advisory - Sense of Security has reported a security issue and a vulnerability in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
74354150b0304ac0ebf177f74c84510bSecunia Security Advisory - Sense of Security has reported a security issue in Snom VoIP Phone Firmware, which can be exploited by malicious people to bypass certain security restrictions.
bfcd6dadda5fb6bc5a6d31986b90c7ea
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed