Red Hat Security Advisory 2011-0910-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. Various other issues were also addressed.
b8521e93b0e775b84e3f35db91e0131fc1a07983281579055bfabb17311d5037Trixbox versions 2.8.0.4 and below suffer from a remote user enumeration vulnerability via the Flash Operator Panel.
5fe530b38bbe1264123805cbd691c7f4036091c2a5950c46258181987161b42aThis Metasploit module triggers an unauthenticated denial of service condition in Smallftpd server versions 1.0.3-fix and earlier with a few dozen connection requests.
4cafbd9967c27dd7e3374f189dbe20b767a84f155ab18c6d219c6d2a95f5aba6Tomcat versions 7.0.0 through 7.0.16, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. When using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.
7a80993fa95b9f47eee4ae0503000895c8bbabe47be709a7b2c40ebbd2b0a13bJira Atlassian 3.x remote file attachment download exploit.
7ad8e8fab6783bce9a388662b290fbecc693cce3723ddecd0ab25d2185d18e41Red Hat Security Advisory 2011-0909-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. Various other issues were also addressed.
002b2f8388a2f00b13827580ece301527faddf9afd56964bdd2af96e2425291eUbuntu Security Notice 1160-1 - Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.
934e3131ff453ae37627f4f3e4e27245ba82027abdbac477246bd7efd898fe63Red Hat Security Advisory 2011-0908-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. It was found that WEBrick did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. Various other issues were also addressed.
f764e835cbd3d8a2b23da26618c67f3e646cccf75b019e7a43bc79fbc55d8f1bRGBoard version 4.2.1 suffers from a remote SQL injection vulnerability.
57aa2d47fef865a72f348d580009d0555b652717cfa8d71f352148bed98e7683Douran Portal suffers from local file inclusion, SQL injection, cross site scripting, and various other vulnerabilities.
c45cc4651417864ce3441187f06f72232833051414c9bd188743398d0bbbf2f5The Joomla CSVUploader component suffers from a remote SQL injection vulnerability.
a8af8e6faded09aa118b8557bb2432e44342784bfa5b67733eee3b99f272c42dDrupal versions 6.22 and below suffer from brute forcing and cross site scripting vulnerabilities.
1eaf996a094a3644698c4b0c8591e44ba2fae4746290b3b7d1beca556b732e0dSAP NetWeaver suffers from a version information disclosure vulnerability.
b22b17c91f8bbca4c55e92c62cfe94d4fcb66501a137984af9813c6c9627064dThis Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
91af7c5cfe8ce35ecd823c6e368888d7bb8600a2aae160caf061754e6ac544daSecunia Security Advisory - SUSE has issued an update for java-1_6_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), compromise a user's system, and compromise a vulnerable system.
4b365b3b9d2b66f8f95f74fd4815524b96f1193bf665e9f5e9ae55fa1d517182Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Novell File Reporter, which can be exploited by malicious, local users to manipulate certain data.
3d067f17b306d40ba98de81929b54707a26782cc1518496bd2c96c0686d93565Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS.
f98e182fdbdf6d57e475e8bfeaaab69fe77078cfb58a269189e93eef23ab3338Secunia Security Advisory - A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
12ce45109c72df96f6e2c1e33de82f67903e08b21c57fb307047c73f8ebfa7ecSecunia Security Advisory - A vulnerability has been reported in Novell File Reporter, which can be exploited by malicious people to compromise a vulnerable system.
cbb1e85fadd18c20b10122a563bd317ced001dba6c5dfb6da9480d9ddee7e16eSecunia Security Advisory - A vulnerability has been reported in Trend Micro Data Loss Prevention Management Server, which can be exploited by malicious people to disclose sensitive information.
69f1085a04b7a5ad05a039de23018e72aa6ea1f0e0af22ec41b750bde9530835Secunia Security Advisory - SUSE has issued an update for glibc. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to potentially compromise a vulnerable system.
7e601b21cbf11ed342ae70069daad8a92581fcb162d131f629de1409994e4b3dSecunia Security Advisory - A vulnerability has been reported in Parodia, which can be exploited by malicious people to conduct SQL injection attacks.
3f37c2ca81f5fdd6fa9a859d8a965bed7d43212c535180d378575274ca472d4aSecunia Security Advisory - SUSE has issued an update for glibc. This fixes multiple vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system.
c190d7a3a6525a9f1f023ff6a25aa59f30dfe2aecd84d840b915ab004d3539a3Secunia Security Advisory - SUSE has issued an update for glibc. This fixes multiple vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system.
b0120350c43f955ef69187aab5dacae5e9110d5508fa79671fa30ea10a8f04b7Secunia Security Advisory - Gjoko Krtic has discovered multiple vulnerabilities in NetServe Web Server, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
d0c5a8cf000729453ae6fff7891cbaa978ce6a2d7946fb576efc84079a72c1ad
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed