HP Security Bulletin HPSBUX02876 SSRT101148 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
8b167f87f0c9355815506c7eeefa983f0028d1289171609aacb0fef7b45c84a6Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.
cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
a78332ea4de870009fc30bdc04b1f2fa7b6f440fb098751e6ebd707f31d07f7eFacebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.
07268c0e796ea6d21e794a4db3101dd9e38d23de66ebb9b581bb627fba66c532Google Translate suffers from a cross site request forgery vulnerability.
12c75e42342e2b5192e105b93d358210a34123108e4400ed7ac334119313f625Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .lst file.
bcb66ae72f4f684291f8faab4d2e165bb61d7ebc318e13bb1313b5ccd967ad9bMediaCoder PMP Edition version 0.8.17 buffer overflow exploit that generates a malicious .m3u file.
9fd7b6968573c582ace30ac22503f1f40315d198996d216a15f72fecb865e032Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .m3u file.
88cbe9f71bdd8f65081de116b10e0c8cff528229002bfcafc93c7a4c0255f52eThe Slash theme for WordPress suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.
a99cba04e795f7b79896872c6d6ff57f05ad21de70d7e533d95a3ebf48628267Prestige Software CMS suffers from a local file disclosure vulnerability.
a65103527976d07ca5756e57a286810cd917abeeb166383e9e823692a7ffbab9Ubuntu Security Notice 1887-1 - Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift's XML. Various other issues were also addressed.
5b0ad4a79955b664e4b569e89066b103b2e70a89a066264da404f903535c5dfaUbuntu Security Notice 1889-1 - David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.
170292e05c69610f96572ca3fc5b216de334532198eb00640de7931e0985c857Ubuntu Security Notice 1888-1 - It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code.
fb7ddb2e13b7cbcbdd9feed3cb6af9c5992db485bff28fb98a834c152dcbdaedRed Hat Security Advisory 2013-0963-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
fa788ed6640724a39a9d27888724662f9a0a62c5a8c9253349f00f832be6d023Red Hat Security Advisory 2013-0964-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.
d96b4622d35295cb0cd295bda0028994ae0856b43e509797204db45817e27fea
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed