Red Hat Security Advisory 2012-1482-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A buffer overflow flaw was found in the way Firefox handled GIF images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox.
41d5f0de55056082a8a8a48421ca2ce84dff3fece1e3ed0ffd624553420e353aRed Hat Security Advisory 2012-1483-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was found in the way Thunderbird handled GIF images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird.
ca43e5d3954711196502d1ebc2bf96ded7cdbc12cb4d5d026267d581ed0069a3Red Hat Security Advisory 2012-1481-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction.
d190c8c73baf606f741d2934a23d16de3a149e6a13847d987c788108c50e613bAdobe Reader version 10.1.4 suffers from a WriteAV memory corruption vulnerability.
ed7d42a1bc5af03c0ce74930cfd8ffba1052cad9470fbe8ea6967e3959181afcWordPress Facebook Survey third party plugin version 1 suffers from a remote SQL injection vulnerability.
8ce3162ca5a759c35cd1f80a58eba9b55ff0c6e87d0cf751fcb944e14d7f3795TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability.
043a1aa84308acf95decc9f1014aeb083a38288f260b4a4a40591b9a99af5b82Sites designed by Webthinkers suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
1642ea82db2cb4b918486fb4534c5f4cc8ccdd9d87ad959013a19325c7c9f0d5Sites design by Diseno Internet Chile suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
0fc06ad1c6f997e566e6183aae46b78c07df5840d8471a8dc628c1e7765bdaefSites design by Base Solida suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
d965a0782c1c3cc4f60b24ee78e04c0c8b8c1dd00d1dcb4e4e240854679fa228SonicWALL CDP 5040 version 6.x suffers from cross site scripting vulnerabilities.
d327fc4a15cab77c142b8aedf8542490977dbcef6a6f7679bbe7a160c4a94dccWordPress FireStorm Real Estate third party plugin version 2.06.08 suffer from a remote SQL injection vulnerability.
afee220fc37a19dd1e4636328e01cb5548fc2e617d7f0cd1f863b9b1eac2f164Apple QuickTime versions 7.7.2 and below suffer from a buffer overflow vulnerability in the handling of TGA files.
3c48abe71248d510eb46af93dfcf4cd9068d33680911fdd9c64bf61c9d359d01FormatFactory versions 3.0.1 and below suffer from a profile file handling buffer overflow vulnerability.
0c29efe3ead46ec1b8b8b18717562e87540d38612b3cbe97b146a01d6a7a66c6Various Penske Media Corporation sites such as variety.com, la411.com, newyork411.com, and deadline.com all suffer from reflective cross site scripting vulnerabilities. Note that this finding houses site-specific data. Editor's note 01/04/2013: Per the advisory author, the issues have been resolved in all sites listed and Penske Media have addressed the issue.
0ee5e0affef62932ece9368ee73e2ab61594aecfc2a0ad7e7fc6c30c8d846b00HP Security Bulletin HPSBHF02821 SSRT100934 - A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. Revision 1 of this advisory.
a3c2b7f86eb734492a58588587020421c90fcc98223c0a1d8337f28f934fde6fUbuntu Security Notice 1632-2 - USN-1632-1 fixed a vulnerability in Django. The upstream fix introduced testsuite failures when ADMINS and/or MANAGERS were defined in settings.py. This update fixes the problem. James Kettle discovered Django did not properly filter the Host HTTP header when processing certain requests. An attacker could exploit this to generate and display arbitrary URLs to users. Various other issues were also addressed.
e9f978185e6839c9769dbc29da559ab01669436f085788c08120a80dbc7652f1Ubuntu Security Notice 1634-1 - Dwayne Litzenberger discovered that Python Keyring's CryptedFileKeyring file format used weak cryptography. A local attacker may use this issue to brute-force CryptedFileKeyring keyring files. This issue only affected Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Python Keyring created keyring files with insecure permissions. A local attacker could use this issue to access keyring files belonging to other users. Various other issues were also addressed.
617f521bfd666e63b40586802f675ff86e720d608bb26d70393ac1dbe702adcbPHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.
97fbb815ac4ced6f514bb26830d07de992a85443eddddaf73a6910d944476f4cWordPress Madebymilk theme suffers from a remote SQL injection vulnerability.
53efbb3fb22fea393b7b557a40986a887585d9f65fc7b902c2bd190cec17cc9bWordPress Dailyedition-mouss theme suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
e3b6e86eb2c0347606edadc71a935b17a5439f47d2053f6412d3576c51d782ffMODx versions 1.0.6 and below suffer from brute force and path disclosure vulnerabilities.
3fcdf4269d467ee8f82d84c5299a488fa4bfb70f46049f9d3f6361fd6aa59922Secunia Security Advisory - A weakness and a vulnerability have been reported in Opera, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.
5d1fa409a129f18cc29dcf421def3efff91b58427ac3075e61818b2de5aae03aSecunia Security Advisory - A vulnerability has been discovered in ATutor, which can be exploited by malicious users to disclose certain sensitive information.
0242fa8a2a3d4c876ff98d99942f763199419c74b87c342400f1f61cd4f48c47Secunia Security Advisory - A vulnerability with an unknown impact has been reported in IBM WebSphere Portal.
966eb939721ee249054fa42c6457c80cf9542299815a5c1ee90412ff26d40b4dSecunia Security Advisory - SEC Consult has reported a vulnerability in dotDefender, which can be exploited by malicious people to compromise a vulnerable system.
4503212bba1ad49056b24492894806e368d27c6f3f17e9ee553d8c21d41e5d9a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed