Red Hat Security Advisory 2011-1243-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Thunderbird; however, affected certificates issued after this date cannot be re-enabled or used. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.
0e03cc31929ca60dd1f939bf86d48d78Red Hat Security Advisory 2011-1242-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Firefox; however, affected certificates issued after this date cannot be re-enabled or used. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect.
9a2349defe71bbc1b6f7003cd58783d7Red Hat Security Advisory 2011-1241-01 - eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the "ecryptfs" group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory.
1694c3f90d3c7b2d523bc306a63ba00cSardus suffers from a remote SQL injection vulnerability.
09980c02a5973735d6ed548c33a52091iProv CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
48cc3c6644dd8f2e45a17595d3f384f1D-Tekweb suffers from a remote SQL injection vulnerability.
d15a74643e054494d06a93514d0ad00cDream Factory suffers from cross site scripting and remote SQL injection vulnerabilities.
f83443e7f4e5038115b62ab0d12b8e6cRed Hat Security Advisory 2011-1240-01 - This is the 6-month notification of the End Of Life plans for Red Hat Enterprise Linux 4.
ea9a8740fecf02331b466f0dbac4e914Red Hat Security Advisory 2011-1239-01 - This is the End of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 4.7.
57db3ed2cd4400b3be104ccfd522fb24WordPress Redirection plugin version 2.2.8 suffers from a cross site scripting vulnerability.
a3920a58c71f94ab609eae9962ab1b56Zero Day Initiative Advisory 11-277 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles 'mp4v' codec information. When parsing the video description table it will read the size field preceding the 'mp4v' tag and use that size to create an allocation to hold the data. It will then copy the correct amount of data into that buffer, but then does some endian changes on a fixed portion of the buffer without checking its size. The resulting memory corruption could result in remote code execution under the context of the current user.
a3dd4716a54963b77e886fd3f67b21dcDebian Linux Security Advisory 2300-1 - Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries.
c536f0e78e2b245da2edac0ef79e837aDebian Linux Security Advisory 2299-1 - An unauthorized SSL certificate has been found in the wild issued the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in its ca-certificates bundle.
0e562f8cc6272e92c9bc1d374a9311abSLADS CMS suffers from a remote blind SQL injection vulnerability.
34c2da423051ad338542b257dc8b80bfMake Art CMS suffers from a remote blind SQL injection vulnerability.
6dc83edad63381263e56f2a05f28aab0AR Solutions suffers from a remote SQL injection vulnerability.
f66fff2878fc22a812d730a4b88772cdWeb Professional suffers from a remote SQL injection vulnerability.
d24a725e48d20cb8bb63a3d2309506deOfficine Digitali suffers from a remote blind SQL injection vulnerability.
a3c67bb8c116c644fe31a7869d2cb833Idea Web Agency suffers from a remote blind SQL injection vulnerability.
a742a4f2455b907c90e9de6727c5246cGMDS CMS suffers from a remote SQL injection vulnerability.
ceeff6a8e76dee334dafef47440fc9a5Different Web suffers from a remote SQL injection vulnerability.
4450d8410d48d5c8ffbaa4acb3579ebbSQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.
bfe294cd4b1b21395f42a22491567ca9Cisco Security Advisory - Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs that are running software versions prior to TC4.0.0 or F9.1 contain a vulnerability that could allow an attacker to cause a denial of service. Cisco has released free software updates that address this vulnerability.
6ba516d510a5b4841fcd9444d5a6d5c598 bytes small DragonflyBSD portbinding shellcode that spawns on tcp/31337.
c193fa24bb15f9451ef8e165de8de12aSerendipity Weblog suffers from a remote blind SQL injection vulnerability.
4cdf4b8f7db1368a2808ac966f43eaf5
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed