Ubuntu Security Notice 1177-1 - Andrew Griffiths discovered that QEMU did not correctly drop privileges when using the 'runas' argument. Under certain circumstances a local attacker could exploit this to escalate privileges.
2db2352dca97c03e93a4de8cf6727155b5bccf0dc86d6436fc53e270444efcddZero Day Initiative Advisory 11-241 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NamedNodeMap::setAttributes method defined within the NamedNodeMap.cpp file distributed with WebKit. The code responsible for copying attributes between DOM nodes does not verify that a mutation may have occurred when an attribute's attributeChanged method is called. By crafting a page that deletes instances of that attribute when the above mentioned method is called the code within setAttributes can be made to operate on freed objects. An attacker can take advantage of this by spraying the heap in a way that will not result in null pointers being referenced. This can lead to arbitrary code execution under the context of the user running the browser.
0748db6d4ee6bfe2651ddbd36ffb116881c9658edb8f896d05ac0dd5e8b67fdbZero Day Initiative Advisory 11-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating its reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.
9955e1a0118de7587b35cc2341eb06299e4d3ea9f28954c95c79d4b5a540588dStunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
21a2bf0337773fa1b7824e556bc80a5730e673c537c9392fd477199d866c6b99This tool was originally written to demonstrate and exploit IE's vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.
50b4283a3e80fa4b4f3f684c4e76348aba8e257cbaa85e4f4cb7a4062cf091d5Zero Day Initiative Advisory 11-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.
9a566a7f048a2f671ae362db0c36d2bb1dc429098ed33eb23dac590c45aba40aRed Hat Security Advisory 2011-1100-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.
1aa0fc44e9203cd83f9e35c5f4c37ec5b68f33d5745644ea51197952cea44e7dMandriva Linux Security Advisory 2011-121 - All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool (SWAT). By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate SWAT. All current released versions of Samba are vulnerable to a cross-site scripting issue in the Samba Web Administration Tool (SWAT). On the Change Password field, it is possible to insert arbitrary content into the user field.
b75ce3ace75fea8d22a279188ef3184449337cf90f4fe3d331c11300c3a6a118SWAT (Samba Web Administration Tool) in Samba versions 3.0.x through 3.5.9 suffers from a cross site request forgery vulnerability.
d475476bb91d90ae8126882c28a969539769386b49ecf8a69ad974db8e791de9Mandriva Linux Security Advisory 2011-120 - Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
c6327c04cc1f8a878340ba858f3e80a09236c75996f3bfb90d9d1f2b2d6c3befRed Hat Security Advisory 2011-1090-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found that allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service.
423b948c96708d1e061b86fbda73740a65a22df850c2554883aadb161b574ff5MinaliC Webserver version 2.0 suffers from a remote source disclosure vulnerability. This is the same issue that was previously discovered in version 1.0.
4cd2e2d5f428953b64047a57af7e3483a0f17db0463847ae0b5095258ad1f9aeSagem 3304 router PPPOE password retrieval shell script exploit that leverages quickconfname_ADSL.html being unprotected.
5f5818a853ad8493bddc99600f04261d0ba53e9df28b02a4a9f29df6634cbd9dChrome Web Solutions suffers from multiple remote SQL injection vulnerabilities.
ab546c65b6b94292215917956d607c8bc1fd250ded586cf97824fc168dd9f86dSolutiontech suffers from a remote SQL injection vulnerability.
6f5ed1c861a9f59c2bfc6fe03beba6ac4e189893a32dc36ba51255b36309dd4aCoherendz suffers from a remote SQL injection vulnerability.
d58e53d49c747ba1cc78c2c148275dff2aefbb315980e5bd8b857eb3f5dc8199iCube Lab suffers from a remote SQL injection vulnerability.
03493aeb1f2f74d778e29a2b67832ff6b050ad49f395db691e9e033a9e3ff669G2webCMS suffers from a remote SQL injection vulnerability.
59746a12a14bae7f46fb81b37011ce2b45ecb7070d8287cbd937031e9d1440e4Football CMS suffers from a remote SQL injection vulnerability in view_table_lig.php.
c991bad7bd0fd1a8a3f00bf43db29ba0fd32f898d6baf82eeb6e91c9bb48c982As a part of its ongoing Hacker Intelligence Initiative, Imperva's Application Defense Center (ADC) observed and categorized attacks across 30 applications as well as onion router (TOR) traffic, monitoring more than 10 million individual attacks targeted at web applications over a period of six months. This report discusses and analyzes their findings.
d8446dc2813a8f3f673ae8f51f4af9ade74f8848efa267da16853c3e1e98f85fSecunia Security Advisory - Fedora has issued an update for oprofile. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
1d7579d43a3490a65046f7913ec3b31995a7f50f355cdbebb461d3952f8f170fSecunia Security Advisory - A security issue has been reported in GLPI, which can be exploited by malicious users to disclose potentially sensitive information.
e49f48a6868ff46c9366d4d8ac553e8ce01f6bf543d47c9085f4c38c302525acSecunia Security Advisory - OpenVZ has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and to potentially gain escalated privileges and by malicious, local users in a guest virtual machine and by malicious people to cause a DoS (Denial of Service).
3ed48a9e8b08d7472bb628078372c541b60ca2a9bae503aefff36a6665fbf283Secunia Security Advisory - Ubuntu has issued an update for libsndfile. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
8cbb81bf45d122007e2cf6f5a6b7f68e32e4cf5780b76463aa7b3e054aac6f14Secunia Security Advisory - Ubuntu has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
68b7c98c9ad580fd045add831c990484d4a69246a21e77c2f7dae1cad5978743
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed