Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
501fee417fe6ba2b16a422f5cde669441ffad8611bba304f314fbdf49e7846e3
Red Hat Security Advisory 2012-1130-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain.
42dc7fc7f4242c34b5fee2c87659f3b6aa1715f04f6efce9032ba41dce31257a
Red Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.
a5d84dba4b2247a80c32799c231d8fc28d3b015060f969744e150eb90894b4b2
Red Hat Security Advisory 2012-1131-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind.
fc644b1cb9cf0a8750b9b22679610ad70952fe4b170e2844397d3cea0bd64a5a
Red Hat Security Advisory 2012-1129-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
6c0b4a58bbe502f34d3cdba3053094775341e381fd60d5e809bd0de7e804b918
Ubuntu Security Notice 1520-1 - Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.
230d2bccf2e221f779ebacf8edcc34a5fd7d0176f42f3af106b6b41e010163fd
Red Hat Security Advisory 2012-1125-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0 Release Notes.
b8d763d67a55bbd9739b6389ec7a18b563c208224d53204c1a9cca5f0d61037e
This perl script attacks pBot by leveraging a hidden .eval command to delete and kill the bot.
19d0cd2419b1ba8636cb8720f58807484e2cd5fe55c43028edb94c4dfbfc419f
Limny version 3.3.1 suffers from a remote blind SQL injection vulnerability.
afe1728c22b27e47b419699f63dbddefc56b99cc5a392d1aa6cf7d85188cf1ef
Arora version 0.10.0 with Windows Qt 4.5.3 suffers from cross site scripting and denial of service vulnerabilities.
418fbd0402132cfbdaaa90d41a9d3c5238d1cebdaed4fc5ee7aecbc4333d37fa
Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in Citrix Access Gateway Plug-in for Windows, which can be exploited by malicious people to compromise a user's system.
07d58c8854e7f3255cc40544ea9e0bbfc67f592ba11f516d1ed5f2d4697aa452
Secunia Security Advisory - Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
7de256b024c9b60822698f9eba0d0f63e7593cfe90fc35e3d7a1038e34ffa08e
Secunia Security Advisory - SUSE has issued an update for xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.
e98c080a38b886135728ae0d267f316a3e83e46d10581cf165ef148e90b9d970
Secunia Security Advisory - A vulnerability has been reported in Ipswitch WhatsUp Gold, which can be exploited by malicious people to conduct SQL injection attacks.
d608b62cbeace30a1b81b60edce36f6ef49cf2f75e03dd19ef5654f953051769
Secunia Security Advisory - Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
2f50abd6cbd957060f39a5165ca9746a52b4236ce6cd5622d6074fa80683ea4e
Secunia Security Advisory - A vulnerability has been reported in some Siemens SIMATIC S7-400 products, which can be exploited by malicious people to cause a DoS (Denial of Service).
7e6de2ddf3fb5ed462927c692e3498ebfefceb678564ff4a79eebd1f01044e88
Secunia Security Advisory - Two vulnerabilities have been discovered in the Simple Video Flash Player for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.
9df20f91497034cf913395b05a7fb43d08018c030260a70ebd99396fa8c979e2
Red Hat Security Advisory 2012-1123-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.
d67eb1d04442b76dec0ff69b83fdb0f30a725174eb0d94f934f1d7da947fb2e9
Red Hat Security Advisory 2012-1122-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon will be restarted automatically.
bc3bb796ff58730e45372a3e38552b96f6be5def156cd38934dca68b517bfc15
Secunia Security Advisory - Two vulnerabilities have been reported in SocialEngine, which can be exploited by malicious users to conduct script insertion attacks.
a97ca29acf0391a400db8256682379a894ac51298a22a1e4838fbd6c2fa0892f
Secunia Security Advisory - Red Hat has issued an update for bind97. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
0920cbe6ef2320aa0cdc3b02f1585076e3d63f31f75ee622e6c5512995dbfcc8
Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious users to bypass certain security restrictions.
fd192c27c1a662c3c39472fc60c7ce046c6de1f5d8d69b9e0bf62ba894f90934
Secunia Security Advisory - Matt Andreko has discovered a vulnerability in Sysax Multi Server, which can be exploited by malicious users to compromise a vulnerable system.
71fe00730c13e486b11af93f71da030e282f264f8d07e2095ab2d8eaaf66fbbf
Secunia Security Advisory - A security issue has been reported in IBM Rational Directory Server, which can be exploited by malicious people to conduct spoofing attacks.
81d8fa4b238559d713ead309f268dca7c154ced8fef132a7488b38bcd2c022da
Secunia Security Advisory - Multiple vulnerabilities have been reported in Ushahidi, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and conduct SQL injection attacks.
99a8f203d06f8c164f18a7097ffea0575a473da502c270efe5c79dacfd5a7671