Ubuntu Security Notice 1079-2 - USN-1079-1 fixed vulnerabilities in OpenJDK 6 for non-armel (ARM) architectures. This update provides the corresponding updates for OpenJDK 6 for use with the armel (ARM) architectures. Multiple openjdk-6 vulnerabilities have been addressed. It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program. It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. Konstantin PreiBer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. It was discovered that the JNLPClassLoader class when handling multiple signatures allowed remote attackers to gain privileges due to the assignment of an inappropriate security descriptor. Various other issues were also addressed.
c5c18368e20b050d150d2c53891f0010937af3d0d826c64263852fc25e700d30
Ubuntu Security Notice 1085-2 - USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files. This update fixes the problem. Multiple vulnerabilities related to tiff have been discovered and addressed. Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. Sauli Pahlman discovered that the TIFF library incorrectly handled TIFF files with an invalid combination of SamplesPerPixel and Photometric values. Nicolae Ghimbovschi discovered that the TIFF library incorrectly handled invalid ReferenceBlackWhite values. Sauli Pahlman discovered that the TIFF library incorrectly handled certain default fields. It was discovered that the TIFF library incorrectly validated certain data types. It was discovered that the TIFF library incorrectly handled downsampled JPEG data. Various other issues were also addressed.
55b184ba540a99b97525111479f1fba5ff77334bf3690f72abffaa068a8706f7
Windows Credentials Editor (WCE) allows you to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes). This can be used, for example, to perform pass-the-hash on Windows and also obtain NT/LM hashes from memory (credentials not stored locally including domain credentials from interactive logons, services, remote desktop connections, etc.) which can be used in further attacks.
d5947a1b05bc5936dec425b3b826c1e9cea6c3295335bf93a05f071088349b99
Secunia Security Advisory - Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data.
94427441774f8e8c621ff598b3958f7b5622b90a1a4901a6453dd1e535bfb65b
Secunia Security Advisory - A vulnerability has been discovered in Nucleus CMS, which can be exploited by malicious people to conduct script insertion attacks.
2f831c54bc22e3fc20edd1133b4e7c42c91e2b7ef4ba6e41fc2387ddb09e1e62
Secunia Security Advisory - A vulnerability has been discovered in Foxit Phantom PDF Suite, which can be exploited by malicious people to compromise a user's system.
ab0878477d249fd8d0cda1c0fc56c2c6e56b762cec5a795ff7aed003bfe025f0
Secunia Security Advisory - Fedora has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
6ba4a1a43a4848f53d0a86d4c9bca525e8f0061da45c92bcbc9e2e8b6fd06dfc
Secunia Security Advisory - Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to compromise a user's system.
4fa457728bc98e95f6eb93c6fcf93cec6f14afe823e2404cdbc40cf36d9eb80f
Secunia Security Advisory - A vulnerability has been discovered in ABBS Audio Media Player, which can be exploited by malicious people to compromise a user's system.
79c0ae37907bdab437282d4423a127f91f9b06e2459b78f3339dafefe8e8ea43
Secunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have an unknown impact while others can be exploited by malicious people bypass certain security restrictions, disclose system information, and compromise a user's system.
82065ae73a35bb5a06d6df49a4559778f4d969cb77fb4314c09e4468b14145a7
Secunia Security Advisory - A vulnerability has been reported in Unik Scripts Cover Vision, which can be exploited by malicious people to conduct SQL injection attacks.
4f401c63a98c3e266a4f56f1926cb6ed1085d1cc278d4023e9cb35f7b845b24a
Secunia Security Advisory - Debian has issued an update for wordpress. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.
0c56ed571d56f132145418f2ec84f8fcce94586e604dcb95dc943eb119ab73ba
Secunia Security Advisory - Two weaknesses have been reported in Ibid, which can be exploited by malicious, local users and malicious users to disclose potentially sensitive information.
a776044095d8d0a6dacabd13fe7802ccd42f537c78bc195bd04a1455694918ad
Secunia Security Advisory - ITSecTeam has reported a vulnerability in Qualitynet CMS, which can be exploited by malicious people to conduct SQL injection attacks.
237e7b88d4b903f5a1c3daf1eedd4ffecd6eb2a137cb87410d5036b47f889d7d
Secunia Security Advisory - Some weaknesses have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
28759cd6d82272a2a2b53efc24e198c9c129bc6c2671a20de2cc77c2c34a6828
Qualitynet CMS remote change administrative password exploit.
5e99a5005c3d73c54869a97a49773e97f86129efcdb8ce82354df53ed67ffec4
RealPlayer version 11.0 local crash exploit that creates a malicious .avi file.
5fcde7902ae0fea8b5af642406c4a824b35e8289ad7a375e4aad8a3f184a024b
Secunia Security Advisory - A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system.
df66275207c738d2f12c12599f66db6bb8a92677733d88957f881cee9e84bc1f
Secunia Security Advisory - A vulnerability has been reported in SAP GUI, which can be exploited by malicious people to compromise a user's system.
d30fedecb1b9c34388d15c7f68e07333d3d17160919ad08876904dc22d34747a
Secunia Security Advisory - Two vulnerabilities have been reported in the Direct Mail extension for TYPO3, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.
5838775ff11a08d81065458227cc6c752d57d3bd0028c939cffe7b45aa3e36fb
Secunia Security Advisory - A vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.
415cbe29cf9c58ed818448e767cd8937d2da2701fd7ecdd8ccb50515ebeed25f
Secunia Security Advisory - A vulnerability has been discovered in ABBS Electronic Flash Cards, which can be exploited by malicious people to compromise a user's system.
f0ab884c8b39fb472996a26189b67af8ad11056c2e02fe07763efaefe7ecd84c
Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
80f8f8af78e8484f2493a310f3407721eee5043a7d4d65fb18e2a113718f547b
Secunia Security Advisory - A weakness and multiple vulnerabilities have been discovered in LotusCMS, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system and by malicious people to conduct cross-site scripting and request forgery attacks, disclose sensitive information, and compromise a vulnerable system.
54d618bb2cdf94c9499d51739075584986322d04f62c330cab56e5f7f800c8b4
Secunia Security Advisory - Some vulnerabilities have been reported in feedparser, which can be exploited by malicious people to cause a DoS (Denial of Service) and conduct script insertion attacks.
a3762c6fc35faac1300249a27f282eac09e7457d7704ea3ccfed4e61cdda97d5