ExtCalendar version 2.0 Beta 2 suffers from a cross site scripting vulnerability.
f3ff74b4568f9159c2fd60ec484fe6464f1648d875317b00de9d9708cd6f6a11Ubuntu Security Notice 905-1 - It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.
6429269d5a7e2fc27d46e77eeca2faf4ade70b577099f07867e05c9aa22b77c1Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.
6c71492b8421e92f36cdd1a6901462fa3a8ad3e3f74fa98728a535318bf3f961getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.
e071af8d3f4b8b962bc5edfde3e6bfc33db4acd32f7296e78e2eaedc666e6e16Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.
1b93b33da3d5184c379547d81b5050d83dfdbc328a9e859576be03060c04eeb1Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
e08356d2265f5bbf8e1e1d35a2a50499020c9010536a56aec7e5bd3169bf8174Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.
5a74a11549ef957148ffdfc501ea49d478176ec6645d67961c660a4b2edc9d22The DATEV Active-X control suffers from a remote command execution vulnerability.
0813b6e932bdf3408d8be317740e7fb909e9982105a6a146fa81b12ae71dbb2bSecunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions.
cb7691a7d72f6398bfb3a87125f6fd54d3c21d2155d5731fb531f8f43c895e07Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
2eea838cca988ed6f1dd1bdc96d5ab0a425fa9a7390d7ee9cdf0c0ca3c64653bSecunia Security Advisory - Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.
5a50d76623ea018d8c52b0adbf3f8d9656d074b19d9468a5dc552656b96f04fdSecunia Security Advisory - A security issue has been discovered in XMail, which can be exploited by malicious, local users to gain escalated privileges.
fe6fd1aec68484cf82e50c4e37b17533d36d2c9ca53ee0da426e234d1c822ccfSecunia Security Advisory - A vulnerability has been reported in Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks.
813a68ad33d780ef9bc4b42bfcc7f70898b91b5bac7dc30051a9508bdef43e9eSecunia Security Advisory - Maciej Gojny has reported a vulnerability in WebAdministrator Lite CMS, which can be exploited by malicious people to conduct SQL injection attacks.
04610b3c86767c1a8e1fd37a836f47ebf9edd38c88b09c8ac3ebe6a44170c455Secunia Security Advisory - Two vulnerabilities have been reported in PHP, which can be exploited by malicious users to bypass certain security restrictions.
b6cd9bf29d55c8ed6e0e758be7d6b36840c11372e39fd34f804bcadaba3f7d69Secunia Security Advisory - A vulnerability has been reported in Website Baker, which can be exploited by malicious people to bypass certain security restrictions.
7a7a6e2308c8fae16d5646238153c82732533c9711f52a998e1516dcdaed5c61Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes multiple security issues, which can be exploited by malicious, local users to gain escalated privileges.
35e5b53719103a457aba638dc0803d9a09aef73c04535f326cb2f9211a4b2b68Secunia Security Advisory - mr_me has discovered a vulnerability in Orbital Viewer, which can be exploited by malicious people to compromise a user's system.
a69cce1fdbb4ced86ee264f4d007a285114667db56fb59593bfa2d3462581eb5Secunia Security Advisory - A vulnerability has been discovered in the HD FLV Player component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
e632da662b74d8fe8ef2c7228d9dff4e2cc755086fb241ad6c9dd72a5796d8feSecunia Security Advisory - Ubuntu has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
5da3cf117bd48a71be1c1249bb4d3d2e3aa89ea0e2804712b2b9e60ad46b5ac1Secunia Security Advisory - A vulnerability has been discovered in WikyBlog, which can be exploited by malicious people to conduct cross-site scripting attacks.
947b4bb5ba4e9ce67a33a243bb53b8fc855d70e69c7f08df12ce2a0f9ff3edd0Secunia Security Advisory - Matthias -apoc- Hecker has discovered a security issue in rbot, which can be exploited by malicious people to bypass certain security restrictions.
6503c1bb291527908923c3a571dbe9f9bd6e41f3c903dea0a6285870feab5c57Secunia Security Advisory - A vulnerability has been discovered in Newbie CMS, which can be exploited by malicious people to bypass certain security restrictions.
3498685e75f0a1709034d7c2f83aac60516f3cc82b8d92c5d703da002bb4e94cSecunia Security Advisory - AbdulAziz Hariri and Mohammad Abou Hayt have discovered a vulnerability in Symantec Altiris Deployment Solution, which can be exploited by malicious people to cause a DoS (Denial of Service).
633463f0456554a5e678f23da7ea2492c6627bdc63d68cdbdf2acfd43471e7aeSecunia Security Advisory - Multiple vulnerabilities have been reported in Article Friendly, which can be exploited by malicious people to conduct SQL injection and cross-site request forgery attacks.
60f2338783aafb2b3907a6a5cf8ac97a7bb009937c1caa46c2fa521120184b5c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed