HP Security Bulletin HPSBOV02780 SSRT100766 - A potential security vulnerability has been identified with OpenVMS ACMELOGIN when SYS$ACM system service for authentication is enabled. The vulnerability could be locally exploited to allow unauthorized access and increased privileges. Revision 1 of this advisory.
a763d5d805c244aa57548276d2b6ed5cHP Security Bulletin HPSBUX02782 SSRT100844 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
f23ea343ef5eb1f9a81d52598057e863Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.
6f125c1443abfe5487d3aa1d9138a149Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.
755a65afc10d5474042e3617ff61f528Debian Linux Security Advisory 2475-1 - It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service (application crash.)
24066964cf360cc9b3b6089933989a2eUbuntu Security Notice 1445-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. Steve Grubb reported a flaw with Linux fscaps (file system base capabilities) when used to increase the permissions of a process. For application on which fscaps are in use a local attacker can disable address space randomization to make attacking the process with raised privileges easier. Various other issues were also addressed.
4680890e5be09de2cf9e803217cda11eUbuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
f09d32015ed3a30130e7966692b17a42Secunia Security Advisory - A vulnerability has been reported in Tornado, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the framework.
6635d2954909cc655237c76bfca0eac6Secunia Security Advisory - A weakness has been reported in PolarSSL, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
ba43344f07f33496412d2abfe0436fabSecunia Security Advisory - A vulnerability has been reported in the Aberdeen theme for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
0135f05d72a9af84266cb93e06c90e77Secunia Security Advisory - Multiple vulnerabilities have been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
e2a81d75b1fe4177d2d8d7697b297adeSecunia Security Advisory - SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
d61d61d33bf2246416502ba6e60b9a6bSecunia Security Advisory - A vulnerability has been reported in the Smart Breadcrumb module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
d906edafc5edcf98c900d542b870d930Secunia Security Advisory - Multiple vulnerabilities have been reported in DeltaV products, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
03ec67d336c0fcf452bb4f0fb80b6536Secunia Security Advisory - A vulnerability has been reported in the Ubercart Product Keys module for Drupal, which can be exploited by malicious users to disclose sensitive information.
1ad2b251a9fa9cbb5f62bfba15276be1Secunia Security Advisory - Tielei Wang has discovered a vulnerability in LibreOffice, which can be exploited by malicious people to compromise a user's system.
f514b236adbcf2ee055e525c2fd27279Secunia Security Advisory - Gjoko Krstic has discovered a weakness and two vulnerabilities in Artiphp, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
6c47796e4d1eb2bc483d8285531be977Secunia Security Advisory - A vulnerability has been reported in HP Business Service Management, which can be exploited by malicious people to compromise a vulnerable system.
6abf5345998e3a34a08331e84afc004aSecunia Security Advisory - A vulnerability has been reported in the pidgin-otr plugin for Pidgin, which can be exploited by malicious people to compromise a user's system.
2f84a2d3a53a3523461241959a0e5f13Secunia Security Advisory - A vulnerability has been reported in the Gliffy and Tempo plugins for JIRA, which can be exploited by malicious users to cause a DoS (Denial of Service).
748095fc897c6fc5419c9c6d17b114f3Secunia Security Advisory - A vulnerability has been reported in Sudo, which can be exploited by malicious users to bypass certain security restrictions.
fc2b747152b25c1a1d62d7b3e21507e0Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
21f180832ee7a649e666a1a5dcc842c6Secunia Security Advisory - Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.
a407121e375a9d5a9489d4ae45badf9dSecunia Security Advisory - Debian has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
faca2aaf0ccd42866b181c95010bb8a1Secunia Security Advisory - A vulnerability has been reported in Libxml2, which can be exploited by malicious people to compromise an application using the library.
aff1603df51d08ab1fb8d51c92d9323c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed