Ubuntu Security Notice 1038-1 - Jakub Wilk and Raphael Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
124b7f8c1c05e457c65f82fc182edb95d165faa7814266e2591a6fd193c682aaRoomWizard suffers from a default password and sync connector credential leak vulnerability. Firmware version 3.2.3 is affected.
cd571a6d6eac92710b122e7baf4146e0163348b1c380b890746f3484d6c692d5Debian Linux Security Advisory 2142-1 - Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make it traverse directories. Raphael Hertzog additionally discovered that symbolic links in the .pc directory are followed, which could make it traverse directories too.
8e690f33c7653e56ed9c86a7672e50dbdc177342340cfb3bcb5b75c359559091Debian Linux Security Advisory 2141-3 - DSA-2141-1 changed the behaviour of the openssl libraries in a server environment to only allow SSL/TLS renegotiation for clients that support the RFC5746 renegotiation extension. This update to apache2 adds the new SSLInsecureRenegotiation configuration option that allows to restore support for insecure clients.
79659e879f2786c42feb3eace46bd0eaf37600fbd1d71d910d2b1d1cf02f2b5fDebian Linux Security Advisory 2141-2 - Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed.
9367f429fd7b1e5134a847e38bf501417bb0c2db300ba9b0a1a36f7e56ecbdf6phpMySport version 1.4 suffers from bypass, path disclosure and remote SQL injection vulnerabilities.
369cf723cc0a747ddb78ab1aaf934eaf0b81d0e73bd01834d6b6cd741b7891f5Avaya Aura AES suffers from an authorization bypass vulnerability.
cf596ceb98e9794fe26da9c067cf878a55087a32581760fdc487b617c54a3741Phenotype CMS version 3.0 suffers from a remote SQL injection vulnerability.
836eeb376fb7af4e4600df9da51656c3acd6e8714afcc4e7dd3b953c0d623e13Debian Linux Security Advisory 2141-1 - Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. If openssl is used in a server application, it will by default no longer accept renegotiation from clients that do not support the RFC5746 secure renegotiation extension. A separate advisory will add RFC5746 support for nss, the security library used by the iceweasel web browser. For apache2, there will be an update which allows to re-enable insecure renegotiation. This version of openssl is not compatible with older versions of tor. You have to use at least tor version 0.2.1.26-1~lenny+1, which has been included in the point release 5.0.7 of Debian stable.
e51d87d1ee8b18157edde2e72dde7a519c02a7696a6328d3a164c2b081dd9c27PHP Bexfront suffers from a remote SQL injection vulnerability.
6289383dc8bf95fab2092f29c469325b035638748827ff7838ec29efb8b52cfaCMS Cine version 1.3 suffers from a remote SQL injection vulnerability.
dac3551239920205e51b77cb28b2d09d9d2f7ddeb70d1f21c51deaa24895665fPHP MicroCMS version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
6f4ba29315693d37d833a9efd02ac6148c9e900a593a10f37064f4c7eed0849fWonderCMS version 0.3.3 suffers from a cross site scripting vulnerability.
3facfaacba231371f3f259ba097488238823e277059a582b91c05b6d1ffd7f1cEnzip version 3.00 suffers from a buffer overflow vulnerability.
1722316fe5cfae7aff93d4a12d012e9e36dc07aa331e3ed67a3512834dbe34d9Debian Linux Security Advisory 2140-1 - A vulnerability has been found in Apache mod_fcgid.
aa4566310a428b20f72a1d693f9aa009f25eee03bcf07893810ce4c272bba516Whitepaper called Bypassing Browser Memory Protections.
4bb235b44799001d4a44274262b9d944e99bca3cb5b4c65e5344121784a5e29eWhitepaper called The Evil Karmetasploit Upgrade.
96def36a60d3c657334ad6fffda78a85fce9e8188b594e266aa0b619b9db9561F3Site 2011 Alfa 1 suffers from cross site request forgery and cross site scripting vulnerabilities.
bae36f16965913911abf2957d5d8b0dbc8416e1034b64001bb3b3fe58dd5290bGoverno.it suffers from a remote SQL injection vulnerability.
707519420fd7175ebb27b3fcc9da0a3b508efbd7758c61f9a21e1fd68f006a39Secunia Security Advisory - Jordan Santarsieri has reported some vulnerabilities in SAP KERNEL, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service).
70953dd7f745c1c9007fe468c62835d8ad5ce7cd778ae5cd67c3d19e4727ecdeSecunia Security Advisory - Some vulnerabilities have been reported in TIBCO Collaborative Information Manager and TIBCO ActiveCatalog, which can be exploited by malicious people to conduct session fixation attacks, disclose potentially sensitive information, conduct cross-site scripting attacks, manipulate certain data, and conduct SQL injection attacks.
fdc5b48e2d5157b397062de952b9aa737eebf13af6e43457b1de3be72de9e249Secunia Security Advisory - Some vulnerabilities have been reported in the Pierre's Wordspew plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
8816ededdb1aa20ac5c4702d996b5936c7c4b67547194cbe9c3f66462762ed41Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
874823b582d2b493a37093851db7df3bb7a7f249a21e0822f6a7851dd42e271fSecunia Security Advisory - A vulnerability has been reported in Novell Identity Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
23c14da2c664279babeb045c41a53c0fc2118f6676ccb2e8fa06bb22f05b52c7Secunia Security Advisory - Some vulnerabilities have been reported in Evince, which can be exploited by malicious people to compromise a user's system.
652cbf422f0397207438fca7dfc295820f4411ef9d8bdcad05efa4f03235440f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed