Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Ashampoo 3D CAD Professional, which can be exploited by malicious people to manipulate certain data and compromise a user's system.
1e47ee5aa8de7625a5d1f1055e05aa1907fb5ffc08e99ddad6a3daaa5f1b3f23Secunia Security Advisory - Red Hat has issued an update for ruby. This fixes a security issue and two vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
792d2a7bf412a2eab105502254344313f7d2e74c450d45c994c5c6ffb7f9b490Secunia Security Advisory - Two vulnerabilities have been reported in HP OpenView Storage Data Protector, which can be exploited by malicious people to compromise a vulnerable system.
7e5331b3aee37b952932b1726ab85c3b79fe9c6f98fc1940821b5a7e0f2cde2eSecunia Security Advisory - Red Hat has issued an update for ruby. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
79c0dab656afb3a20195b364f6cfd27085def5a324884c1a4d0207c519c9ba6eSecunia Security Advisory - Red Hat has issued an update for ruby. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
5498bea01a7743f6bc1c87a22e711bab5b59b31c1861b0dd97a49af3fce96762Secunia Security Advisory - Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
aca5fe12d3ecec7f73199f4c48543e28dc5b0c8f7d1defeb4083986e159fa9a3Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Winamp Essentials Pack, which can be exploited by malicious people to potentially compromise a user's system.
bb1b3c84a23dbb042ad2b784630dd4f0755a81ffc9bed5ef6ac4c448c6efde6eSecunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious users to bypass certain security restrictions.
d54634d80561ac75bc6641bafcc3cd06e3a82bcdd0b2e84fdb98949a32899fcdSecunia Security Advisory - A vulnerability has been reported in Zope, which can be exploited by malicious users to bypass certain security restrictions.
2cf783ba29a7d86e8b9d002d0d33dcae5d1f042e12846c6af8eb6100c8477d22Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Sybase Adaptive Server Enterprise, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
c08adf89fdf356ad61d92628ccc5328c97814d3f9700636ffb70592ce26dc0d3Secunia Security Advisory - Two vulnerabilities have been reported in Opera, where one has an unknown impact and the other can be exploited by malicious people to bypass certain security features.
69420a5d50844de764e1c68c5421347d1f904cb25d2e55decab95eaacc2c477aSecunia Security Advisory - A vulnerability has been reported in Accela / eAccela BizSearch, which can be exploited by malicious people to conduct cross-site scripting attacks.
e9d5b4d041314f7324374c39d702fead6defd22540987cd86f9e19ed66f726ebSecunia Security Advisory - SUSE has issued an update for libgssglue. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
70e84cbe7ceafc6cb3b012ce52b196bc751031224a61413c96a26fdd4ac11b33Secunia Security Advisory - Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and bypass certain security restrictions.
d9326b01124b9e457c5c1d582003e82c56ff7904d88bb37c0f37cb7d237821b7Asterisk Project Security Advisory - Asterisk may respond differently to SIP requests from an invalid SIP user than it does to a user configured on the system, even when the alwaysauthreject option is set in the configuration. This can leak information about what SIP users are valid on the Asterisk system.
5b60a5f0651dd793f221422ae84407ad379322998ba39d3b47a0a855e825710dRed Hat Security Advisory 2011-0910-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. Various other issues were also addressed.
b8521e93b0e775b84e3f35db91e0131fc1a07983281579055bfabb17311d5037Tomcat versions 7.0.0 through 7.0.16, 6.0.0 through 6.0.32, and 5.5.0 through 5.5.33 suffer from an information disclosure vulnerability. When using the MemoryUserDatabase (based on tomcat-users.xml) and creating users via JMX, an exception during the user creation process may trigger an error message in the JMX client that includes the user's password. This error message is also written to the Tomcat logs. User passwords are visible to administrators with JMX access and/or administrators with read access to the tomcat-users.xml file. Users that do not have these permissions but are able to read log files may be able to discover a user's password.
7a80993fa95b9f47eee4ae0503000895c8bbabe47be709a7b2c40ebbd2b0a13bRed Hat Security Advisory 2011-0909-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. Various other issues were also addressed.
002b2f8388a2f00b13827580ece301527faddf9afd56964bdd2af96e2425291eUbuntu Security Notice 1160-1 - Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc filesystem. A local attacker could use this to increase the chances of a successful memory corruption exploit. Kees Cook discovered that the IOWarrior USB device driver did not correctly check certain size fields. A local attacker with physical access could plug in a specially crafted USB device to crash the system or potentially gain root privileges. Various other issues were also addressed.
934e3131ff453ae37627f4f3e4e27245ba82027abdbac477246bd7efd898fe63Red Hat Security Advisory 2011-0908-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. It was found that WEBrick did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. Various other issues were also addressed.
f764e835cbd3d8a2b23da26618c67f3e646cccf75b019e7a43bc79fbc55d8f1bSAP NetWeaver suffers from a version information disclosure vulnerability.
b22b17c91f8bbca4c55e92c62cfe94d4fcb66501a137984af9813c6c9627064dSecunia Security Advisory - SUSE has issued an update for java-1_6_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), compromise a user's system, and compromise a vulnerable system.
4b365b3b9d2b66f8f95f74fd4815524b96f1193bf665e9f5e9ae55fa1d517182Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Novell File Reporter, which can be exploited by malicious, local users to manipulate certain data.
3d067f17b306d40ba98de81929b54707a26782cc1518496bd2c96c0686d93565Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS.
f98e182fdbdf6d57e475e8bfeaaab69fe77078cfb58a269189e93eef23ab3338Secunia Security Advisory - A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.
12ce45109c72df96f6e2c1e33de82f67903e08b21c57fb307047c73f8ebfa7ec
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed