Mandriva Linux Security Advisory 2011-057 - The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
22de56c09b08a58a738c13069e87c04573002b0b52ea84aadd8e486e46b65feeUbuntu Security Notice 1100-1 - It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. It was discovered that OpenLDAP did not properly perform authentication checks to the rootdn when using the back-ndb backend. An attacker could exploit this to access the directory by sending an arbitrary password. Ubuntu does not ship OpenLDAP with back-ndb support by default. This issue did not affect Ubuntu 8.04 LTS. It was discovered that OpenLDAP did not properly validate modrdn requests. An unauthenticated remote user could use this to cause a denial of service via application crash.
29371eb33f44bf7dd06b949a37d77a4725800566231420c8ea5ba3bedfe8b622Interra Blog Machine version 1.84 suffers from a cross site scripting vulnerability.
b20872e61e3388d80cd3ac2001e598c77aa7b1f3e7066e5a946db11d9e4b790dNixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source tarball.
a341664a497bbc82a1f3e312a03e67fcf0a40cfe91b220abd500a628a9faee0bThe MaxSite Anti Spam Image plugin version 0.6 for WordPress suffers from an anti-automation vulnerability.
56d360a31b05be7e932af17d7096c50a9708ff525c05619413139fae2e6c2956Feng Office version 1.7.3.3 suffers from a cross site request forgery vulnerability.
6f382e14d75ba5747b9dbb1d2cfd589442d1740e15b170e29291e302ad08d24fCollabtive version 0.6.5 suffers from cross site request forgery, cross site scripting, and directory traversal vulnerabilities.
d2c5bc279c635ee10b524daef2da96cdde8272b3fefdcde49f0ea0499ea410c6Debian Linux Security Advisory 2208-2 - The BIND, a DNS server, contains a defect related to the processing of new DNSSEC DS records by the caching resolver, which may lead to name resolution failures in the delegated zone. If DNSSEC validation is enabled, this issue can make domains ending in .COM unavailable when the DS record for .COM is added to the DNS root zone on March 31st, 2011. An unpatched server which is affected by this issue can be restarted, thus re-enabling resolution of .COM domains.
f731e91d3be36cf5817c4082103d78fb8988f511662f8a796e0adbc0d8384d82Ubuntu Security Notice 1099-1 - Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges.
d514ab3fe4b1a1fc21f19d2440ed651da9ef009bb9076b19c86d194bffa0846fSecunia Security Advisory - A vulnerability has been reported in Cisco Secure Access Control System, which can be exploited by malicious people to bypass certain security restrictions.
7f70a634fa64a380bdcc4eb0d1148099ca41fde73533c68a3fc73d78cd260363Secunia Security Advisory - Multiple vulnerabilities have been reported in the Translation Management module for Drupal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
7abc02772be82cbccd871453ca125bd663ced4ccd104195d2f5dc8daffc1984fSecunia Security Advisory - A weakness has been discovered in PHPBoost, which can be exploited by malicious people to disclose sensitive information.
13163ff7aa9f81c688f26f45f546b8de3c627b8963e1f9b23ed786f0da30a646Secunia Security Advisory - SUSE has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
9aad6c995bd098a7957c9d61bc240d56c8025998c67f53c0d14e7fa313bb2a67Secunia Security Advisory - A security issue has been reported in VMware Workstation, which can be exploited by malicious, local users to gain potentially escalated privileges.
be6cd4acffee4a7abd81f0165b9e698ada31eab61bbc7d3dae1bcda8d8a6e99cSecunia Security Advisory - Debian has issued an update for mahara. This fixes two vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
8615c84a0ecdeacc8953a88a3b16defa598f8b4af3546a56d95ea0cdaa4ac633Secunia Security Advisory - Oracle has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service).
a733c7a7f705b2bbb383c00919f2b1ef29f3f656b6f2c6d55e5388246ce925ddSecunia Security Advisory - Fedora has issued an update for wordpress. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
218059dbe6f8a6bedb9aaeb60c7258ed0fa4bf53e4980f54022993768608b313Secunia Security Advisory - A security issue has been reported in VMware VIX API, which can be exploited by malicious, local users to gain potentially escalated privileges.
07e61602571d009a8c1b6e3b0b8530f6983e04111eef89654ef80ce775888b5eSecunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Spitfire, which can be exploited by malicious people to conduct cross-site scripting attacks.
c1d37795f57f4a7ae3b5fbec1caca690ed85418b04fb55902f32522d08af83f7Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in RunCMS, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system and by malicious people to conduct cross-site scripting and request forgery attacks.
d07958d980219d5ab8990c96a177fed52a1661e29d3b96472c672e2be1310e83Secunia Security Advisory - Ubuntu has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
b67d24f01a679ff2f0d476c508d2ec133aa3e35ca21d9426e9b66d7ab9957aa4Secunia Security Advisory - Debian has issued an update for tomcat5.5. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious users to disclose sensitive information and manipulate certain data and by malicious people to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
b32785b886596f1ca523adfff672fc6f0ad0fc484d2f2a38f71688f417ea5180Secunia Security Advisory - Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
aa610583e94c39fa444831e618e087917782462880fa8ff0e17b340713d7b472Secunia Security Advisory - Mesut Timur has discovered a vulnerability in Tracks, which can be exploited by malicious people to conduct cross-site scripting attacks.
2cef57f61ec9ea0c61f12f6d346d40ca8f2b113ea1aebdc5f6cfac02a8b87f2b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed