Red Hat Security Advisory 2011-1243-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Thunderbird; however, affected certificates issued after this date cannot be re-enabled or used. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.
a84407a2016081e8bda7c4f9f45b00c24167470f9687e5c422f4821fa7e4a5fbRed Hat Security Advisory 2011-1242-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Firefox; however, affected certificates issued after this date cannot be re-enabled or used. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect.
a28c903f93557adfc798a97fc4731fe8bfcf56033b4aaa1c0fb1a1b29bf89b4bRed Hat Security Advisory 2011-1241-01 - eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the "ecryptfs" group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory.
6c5fc7a1ef62462fd1abff6cb7503e6efebb23451416bf6378dfd2e8325605e1Sardus suffers from a remote SQL injection vulnerability.
3d9758b4ebeab7c68c11877d78ad853f93bc7c269ac8132ebbb9f2d78574ace3iProv CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
5ecfb8fead18ac73ec45e6348b1144b943f6225a580bc148128329575e71f4ecD-Tekweb suffers from a remote SQL injection vulnerability.
41178f6717b6147faf73694c64afcee14f054c45e86b95dbd7502666f8caba3cDream Factory suffers from cross site scripting and remote SQL injection vulnerabilities.
83855ed3c865d27b7ad806365861ac6411c9acce9f08a695965b36dc3dd03325Red Hat Security Advisory 2011-1240-01 - This is the 6-month notification of the End Of Life plans for Red Hat Enterprise Linux 4.
87858e568387be167f20a2f83ba5f89860586a61271a595d820c76dfcc53b921Red Hat Security Advisory 2011-1239-01 - This is the End of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 4.7.
23eea8e167d4d7de5ea83163a19f1c04538d056c856eb093cb6f719d6adfd0acWordPress Redirection plugin version 2.2.8 suffers from a cross site scripting vulnerability.
214354ab38d00bd33e36679b5e431e91ba439e3d7efe3b68452e36a28851d734Zero Day Initiative Advisory 11-277 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles 'mp4v' codec information. When parsing the video description table it will read the size field preceding the 'mp4v' tag and use that size to create an allocation to hold the data. It will then copy the correct amount of data into that buffer, but then does some endian changes on a fixed portion of the buffer without checking its size. The resulting memory corruption could result in remote code execution under the context of the current user.
a8598a8dd78e944633f17973eabb78630fc2d2bc0e142ec4979cc064eb1bd91bDebian Linux Security Advisory 2300-1 - Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries.
88447320d17198b74f9bc3124e1ce5f1ee288bf0f1bc1bce82542640bc3bad22Debian Linux Security Advisory 2299-1 - An unauthorized SSL certificate has been found in the wild issued the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in its ca-certificates bundle.
901a4c373aed4d29e2788dd76a69feec112f18b77226050ddcea0edbcb0f0459SLADS CMS suffers from a remote blind SQL injection vulnerability.
1181a6378cdbd8c699f00da9336a6ab7e0f7615782e38c9172c9bed29e568158Make Art CMS suffers from a remote blind SQL injection vulnerability.
3231f68be7478620faa4e6e7dba64b7efcdf8667b0b30e1bb1250ec052a7ff49AR Solutions suffers from a remote SQL injection vulnerability.
a5ad1aad3091a3fabacaf69e5bdaf68a054c802bfd7de5a770b65d7707a068b4Web Professional suffers from a remote SQL injection vulnerability.
19e561e1a2c61346d3f63d05cfcc3f35252514fbb944e0c1d44d50931dd7fa0eOfficine Digitali suffers from a remote blind SQL injection vulnerability.
a843294707c999ad0df9b06c88df6bc039a3bc4aa64012a46829e951f0db9a92Idea Web Agency suffers from a remote blind SQL injection vulnerability.
2f35520c1cd2f1cd090790802f9c98cbadc689ec6451891098365c11beab6951GMDS CMS suffers from a remote SQL injection vulnerability.
2c7eaf38a539e3df084c91820fcb2e3f8e838cfd6af481cf8a7e25f313e84cceDifferent Web suffers from a remote SQL injection vulnerability.
20f27b41a474ce3e2345a8a25ffc7ba5a2b14d9c583ee4c8b0d9d58cdfba8d39SQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.
74ae2dd9a5dbeecf672c223648b93cc3b3ea5aeb23766d4edca33c4cbbb332c1Cisco Security Advisory - Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs that are running software versions prior to TC4.0.0 or F9.1 contain a vulnerability that could allow an attacker to cause a denial of service. Cisco has released free software updates that address this vulnerability.
d046775df4a222ab70f9a6dd8997e978c24f6aed99fd5b6420b1c55eb73c47dd98 bytes small DragonflyBSD portbinding shellcode that spawns on tcp/31337.
9dd6095b0152bb25cfc0be89391f9e2853e1d558b93b0a02668b5b8705044484Serendipity Weblog suffers from a remote blind SQL injection vulnerability.
3ee14203657cdaad5c83df4556a13e6048baaec71db6ef057974fc67a93b89e2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed