Mandriva Linux Security Advisory 2011-057 - The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
22de56c09b08a58a738c13069e87c04573002b0b52ea84aadd8e486e46b65feeUbuntu Security Notice 1100-1 - It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash.
29371eb33f44bf7dd06b949a37d77a4725800566231420c8ea5ba3bedfe8b622The MaxSite Anti Spam Image plugin version 0.6 for WordPress suffers from an anti-automation vulnerability.
56d360a31b05be7e932af17d7096c50a9708ff525c05619413139fae2e6c2956Debian Linux Security Advisory 2208-2 - The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains.
f731e91d3be36cf5817c4082103d78fb8988f511662f8a796e0adbc0d8384d82Ubuntu Security Notice 1099-1 - Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges.
d514ab3fe4b1a1fc21f19d2440ed651da9ef009bb9076b19c86d194bffa0846fSecunia Security Advisory - A vulnerability has been reported in Cisco Secure Access Control System, which can be exploited by malicious people to bypass certain security restrictions.
7f70a634fa64a380bdcc4eb0d1148099ca41fde73533c68a3fc73d78cd260363Secunia Security Advisory - Multiple vulnerabilities have been reported in the Translation Management module for Drupal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
7abc02772be82cbccd871453ca125bd663ced4ccd104195d2f5dc8daffc1984fSecunia Security Advisory - A weakness has been discovered in PHPBoost, which can be exploited by malicious people to disclose sensitive information.
13163ff7aa9f81c688f26f45f546b8de3c627b8963e1f9b23ed786f0da30a646Secunia Security Advisory - SUSE has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
9aad6c995bd098a7957c9d61bc240d56c8025998c67f53c0d14e7fa313bb2a67Secunia Security Advisory - A security issue has been reported in VMware Workstation, which can be exploited by malicious, local users to gain potentially escalated privileges.
be6cd4acffee4a7abd81f0165b9e698ada31eab61bbc7d3dae1bcda8d8a6e99cSecunia Security Advisory - Debian has issued an update for mahara. This fixes two vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
8615c84a0ecdeacc8953a88a3b16defa598f8b4af3546a56d95ea0cdaa4ac633Secunia Security Advisory - Oracle has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
a733c7a7f705b2bbb383c00919f2b1ef29f3f656b6f2c6d55e5388246ce925ddSecunia Security Advisory - Fedora has issued an update for wordpress. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
218059dbe6f8a6bedb9aaeb60c7258ed0fa4bf53e4980f54022993768608b313Secunia Security Advisory - A security issue has been reported in VMware VIX API, which can be exploited by malicious, local users to gain potentially escalated privileges.
07e61602571d009a8c1b6e3b0b8530f6983e04111eef89654ef80ce775888b5eSecunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Spitfire, which can be exploited by malicious people to conduct cross-site scripting attacks.
c1d37795f57f4a7ae3b5fbec1caca690ed85418b04fb55902f32522d08af83f7Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in RunCMS, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system and by malicious people to conduct cross-site scripting and request forgery attacks.
d07958d980219d5ab8990c96a177fed52a1661e29d3b96472c672e2be1310e83Secunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
b67d24f01a679ff2f0d476c508d2ec133aa3e35ca21d9426e9b66d7ab9957aa4Secunia Security Advisory - Debian has issued an update for tomcat5.5. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious users to disclose sensitive information and manipulate certain data and by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
b32785b886596f1ca523adfff672fc6f0ad0fc484d2f2a38f71688f417ea5180Secunia Security Advisory - Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
aa610583e94c39fa444831e618e087917782462880fa8ff0e17b340713d7b472Secunia Security Advisory - Mesut Timur has discovered a vulnerability in Tracks, which can be exploited by malicious people to conduct cross-site scripting attacks.
2cef57f61ec9ea0c61f12f6d346d40ca8f2b113ea1aebdc5f6cfac02a8b87f2bCisco Security Advisory - A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
6b27a6d0350503c5eb2d868879d677892bb126cfaeb81bd45854c169f2040d76Debian Linux Security Advisory 2208-1 - It was discovered that BIND, a DNS server, contains a race condition when processing zones updates in an authoritative server, either through dynamic DNS updates or incremental zone transfer (IXFR). Such an update while processing a query could result in deadlock and denial of service.
8e452dea246304cace57360967f3dd35c2135af4917dc90c3899c242b7d570fdCisco Security Advisory - Cisco Network Access Control (NAC) Guest Server system software contains a vulnerability in the RADIUS authentication software that may allow an unauthenticated user to access the protected network. Cisco has released free software updates that address this vulnerability.
268896624ef8d94224345a2976b3904c9920e2396783d1d556ab4bccf7dc55e9A vulnerability exists in EMC Replication Manager which is embedded in NetWorker Module for Microsoft Applications (NMM). The vulnerability may allow arbitrary code execution on vulnerable installations of the product. Versions affected include EMC NetWorker Module for Microsoft Applications 2.1.x / 2.2.x.
0bf8111e108fe2a222a6dfcc4cca63a04d783a161a247e687ec31c6cc9b95587Mandriva Linux Security Advisory 2011-056 - chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name, which allows remote attackers to bypass intended access restrictions via an arbitrary password. modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service via a relative Distinguished Name that contains an empty value for the OldDN field. The updated packages have been patched to correct these issues.
ace7fafa9471fca6031d43a03d644b937b041bcea223a3fb3b08278136c49d2e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed