IOActive Security Advisory - A vulnerability exists within AscoServer.exe of SIEMENS SiPass during the handling of RPC messages over the ethernet bus. Insufficient sanity checking allows remote and unauthenticated attackers to corrupt a heap-allocated structure and then dereference an arbitrary pointer. This flaw allows remote attackers to execute arbitrary code on the target system, under the context of the SYSTEM account, where the vulnerable versions of SIEMENS SiPass Integrated are installed. More advanced payloads could modify the behavior of the application’s internal controllers to unlock doors, control specific hardware, or expose businesses to other security risks. SIEMENS SiPass Integrated versions MP2.6 and earlier are affected.
6c360fd7a497194cefa22ee03fee415561bb9f756de284b4f7fa3b2eae5e5953Drupal Password Policy third party module versions 6.x and 7.x suffer from an information disclosure vulnerability.
4f166deab0186f97644f13236a2f760abbe59ed8082944d698f4cbd95cb7eb4eCisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability.
2f82b42df8ccd88fb4ed8096916f6700e1ff0b044532fae2f1f4d025164daad8Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
2ee2db415b12689d6f8289e311590b5173458b14e6d21c07db0d0e896dfa554fCisco Security Advisory - Cisco Unified MeetingPlace Web Conferencing is affected by remote SQL injection and buffer overrun vulnerabilities. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
c8372cfbc399ee23d63927afafe27e610a6548cdd057c146f8b92cfb306c4d46HP Security Bulletin HPSBUX02825 SSRT100974 - A potential security vulnerability has been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. This could allow remote unspecified indirect vulnerabilities. Revision 1 of this advisory.
547ceb4ef1c1d89b9d16d647e2865c0306004252d0f2fa561617c7dfa92310e2Red Hat Security Advisory 2012-1416-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
101cacfd82c7dac3ea6d3f99a4197eed000e0c42051e56aed16c17208f1c73a8Red Hat Security Advisory 2012-1418-01 - The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory.
6582863cde9c49a0e0bc85184224c6048197a56271a1b5c82822fe8778621d7fRed Hat Security Advisory 2012-1417-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 6.0 will end on 30th November, 2012.
c9451315b1ce5338a1748fe923873d9af637d3dfa78f3e93176d908e4589506bCitrix XenServer version 5.0 through 6.0.2 suffer from a privilege escalation vulnerability.
eb3974e68da4195443054f477c4bf3f18f7d35f86b9ec8a0799c51acbb0c4459Secunia Security Advisory - A security issue has been reported in EMC Avamar Client for VMware, which can be exploited by malicious users to disclose sensitive information.
deaac988fa770fc458028bfe0f9f9fe35562dd4d3b67ff7be8a2db044a58ea6fSecunia Security Advisory - Some vulnerabilities have been reported in the Formhandler extension for TYPO3, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
875d2cfd25178a58dac0e234b2838f0c47b3d7181a052e23bc535c818b8f624aSecunia Security Advisory - SUSE has issued an update for MozillaFirefox, MozillaThunderbird, xulrunner, and seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
1fea2bbae517baa23ca053dc1ae64c82fd9e15994a3ee08e24ff219495c1aea5Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
bdd901343c88160ef5544078a6448e4c838f7ff514f18d3b165c9ba0bf1acd98Secunia Security Advisory - Craig has reported a vulnerability in D-Link Wireless N300 Cloud Router, which can be exploited by malicious people to compromise a vulnerable device.
0c755c044ff7818095b8456ebfb819b7501699f81f43a2f50268485322346ecaUbuntu Security Notice 1620-2 - USN-1620-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Please note that Thunderbird is only affected by window.location issues through RSS feeds and extensions that load web content. Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. Antoine Delignat-Lavaud discovered a flaw in the way Firefox handled the Location object. If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections and perform cross-origin reading of the Location object. Various other issues were also addressed.
f2e4e764d882fd6bbb7f865b89f77a72bcbe31d45eecbc5b68c1ddb8b974ee7dSecunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
5b38e09956f586c935b4630b82e2cbe5589bc7e004a970632e953834c2293b8fSecunia Security Advisory - Debian has issued an update for icedove. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
930fea3ca9f7afe619635f17bc6af000f510550568de2821a2f436d3f6684732Secunia Security Advisory - MustLive has reported a vulnerability in CorePlayer, which can be exploited by malicious people to conduct cross-site scripting attacks.
870733fc405b5be026a1fc2b6bf94d2bace074f3968dc0d1414a4b513b9f048fSecunia Security Advisory - Multiple vulnerabilities have been discovered in the Slideshow plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks.
cae362d210f74443ff8b56bb92abeac5f7ae52f94e4b5fc060ecb07b665e3b0eRed Hat Security Advisory 2012-1413-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code.
ccae172d860a3458ffe08c0e4d3601ae3a7c6d83f4023e8cca647e1d72557f01Debian Linux Security Advisory 2569-1 - Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client.
5a06bd2116ba702863aef57845ec332601a1a47904f725f8392f9f557e438fe5The Avamar Server root user password is stored in plain text on Avamar VMWare proxy client. This could allow a malicious user with network access to proxy client and Avamar Server to gain privileged access to the Avamar server.
42555590e2ec1eaa4ed0e58462ba49dc8fd26c16852f27e2bdf6f80bb817912eSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix a security issue.
b3530772c2e519ca40f58872a39ef3d1c3c568a41a37bf4943b3f7cd0265fd4fSecunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, Thunderbird, and SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
ffc00ca2f9a908e46dec016bb7a8b16923322b279631060c67fe58158b246bea
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed