Drupal Linkit module version 7.x suffers from an access bypass vulnerability.
efc81d938cddf7b5703159d40aae904f3759e7900541b5a8edcdd9c2d8882401Drupal Spaces module version 6.x suffers from an access bypass vulnerability.
347ac91feb7acc6375b733a9114268dd653f58fb484c9eedc306f8462aec4fd9Drupal Site Documentation version 6.x suffers from an information disclosure vulnerability.
4deadfa9ab12cae4f4a040ed36b5884ad4ff166adbf02566eb2e9c63746223a7Drupal Ubercart module versions 6.x and 7.x suffers from code execution and cross site scripting vulnerabilities.
8ad5e51b2e8211b46a86fd0884c4432816a13267ddf774999bf5b42ae172622aDrupal RealName module version 6.x suffers from a cross site scripting vulnerability.
ac32848d9a2bea11a8b9268c408786c21c6630e8ea7f32e8da717fb8ab2000c7Drupal Creative Commons module version 6.x suffers from a cross site scripting vulnerability.
cd7543b39866fa90a05ae4e94480fc308d2a02154efdb0ede21f8750010f1192This Metasploit module exploits a buffer overflow in Shadow Stream Recorder 3.0.1.7. Using the application to open a specially crafted asx file, a buffer overflow may occur to allow arbitrary code execution under the context of the user.
8605d6b286358f8ebce3e864c8089ee88a7cec055a12349e1618003174c8d254This Metasploit module exploits a stack buffer overflow in MSCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012. This Metasploit module targets Office 2007 and Office 2010 targets. The DEP/ASLR bypass on Office 2010 is done with the Ikazuchi ROP chain proposed by Abysssec. This chain uses "msgr3en.dll", which will load after office got load, so the malicious file must be loaded through "File / Open" to achieve exploitation.
0b684caf70084bb5bcb079447d8379464ff2e3e928ee2d84beab044161baf6bbWordPress Organizer version 1.2.1 suffers from cross site request forgery, cross site scripting, and shell upload vulnerabilities.
5d7da27b984ced3d8195b475c086f6fa632941aa13a56de1779eb08cce7b634dMoroccoTel boxes suffer from an issue where there is a default password that can be used on the telnet server.
15212df8a3a8d8b6ba16ec77025ef5e22d8dacfee6fd2ff769977b33b5b5fd46Piwigo version 2.3.3 suffers from cross site scripting and directory traversal vulnerabilities.
170fe747de0161668180d3fcf82d6993ee1b0965b81a9d2d8dfc43b1af0b7d9emount.cifs chdir() allows for arbitrary file identification as root. All versions prior to 5.4 are affected.
1a07d210c27edc8b4cb7f1f1ad3579fd0a15fb1679968e8465902f2d88e2e7aeDebian Linux Security Advisory 2454-2 - Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier.
7e348a26b106449f52510f57388768abb0d395544cec547906f51111b437e856Red Hat Security Advisory 2012-0523-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect.
ff4ede8dc43b0b73e973f833df2aeefc71ad1e57b3a9db116767dd97722d5999Debian Linux Security Advisory 2460-1 - Several vulnerabilities were discovered in the Asterisk PBX and telephony toolkit.
90ac813962f844ca8939a8b64ac607c95c83938e1adac515d296dc2a4e24ef63Red Hat Security Advisory 2012-0522-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO inputs. Specially-crafted DER encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code.
51fbde2a46cf9e365819ced0a0b997025187b272c419e02e9e8719e01c4eb801Secunia Security Advisory - High-Tech Bridge SA has discovered some vulnerabilities in Piwigo, which can be exploited by malicious people to conduct cross-site scripting attacks.
ca4c88a696c0cc9fd89674d8023d4dcc0465f1fa33db25d5f4267583c10eaccaSecunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain sensitive information, and compromise a user's system.
caef6f0fabf69a0c8cfd624e7da7b7c89a1b6a44dd1e8b8456269e3e1c959b66Secunia Security Advisory - Multiple vulnerabilities are reported in multiple IBM Rational products, which can be exploited by malicious users to disclose sensitive information and conduct session fixation and script insertion attacks and by malicious people to disclose sensitive information, overwrite arbitrary files, conduct cross-site request forgery and spoofing attacks, and compromise a vulnerable system.
d4a69a9fe21d523dd8643366637bfc6a3ede3833ad6dbf9a329ef970085f2649Secunia Security Advisory - Debian has issued an update for iceape. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.
a938d418491b6c5a61cd539da6a54633f7594a5a2d336f9651f89a77735352fcDebian Linux Security Advisory 2458-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
63ce617ad4207fc9f6f56c8d68d84d9f42707e256fcf4c53016b892111eca303Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.
4c2d7e867f2236c82154ad3fdca5b623e021c311c49562d7e1ef097fb83249f5Mandriva Linux Security Advisory 2012-064 - It was discovered that the fix for was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue.
ec7a43232cc989e79b3501b0f69ac7ec5d682e3b543f7d254621488da11de02dSecunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
ce3029cc85c7cb0a0c429e02786abee5b17a5d543ad773b9c2b249d2b776f72dSecunia Security Advisory - Multiple vulnerabilities are reported in multiple IBM Rational products, which can be exploited by malicious users to disclose sensitive information and conduct session fixation and script insertion attacks and by malicious people to disclose sensitive information, overwrite arbitrary files, conduct cross-site request forgery and spoofing attacks, and compromise a vulnerable system.
9e76e0bd069ca2d87881f5a7f98faf35a2773ab0288cbdb484d6efa7de854e4d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed