Ubuntu: 1612-1: libgssglue vulnerability
(Oct 15) Privilege escalation via the GSSAPI_MECH_CONF environment variable with setuidprograms.
(Oct 15) Privilege escalation via the GSSAPI_MECH_CONF environment variable with setuidprograms.
(Oct 12) The system could be made to perform privileged actions as an administrator.
(Oct 9) Several security issues were fixed in the kernel.
(Sep 27) Applications using libxml2 could be made to crash or run programs as yourlogin if they opened a specially crafted file.
(Sep 6) The system could be made to crash under certain conditions.
(Sep 5) The system could be made to crash under certain conditions.
(Aug 30) It was discovered that otrs2, a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting. [More…]
(Aug 28) Applications using libgc could be made to crash or run arbitraryprograms as your login.
(Aug 16) Applications using Off-the-Record messaging plugins could be madeto crash or run programs if it received specially crafted networkmessages.
(Aug 6) NVIDIA graphics drivers could be made to run programs as an administrator.
(Aug 6) Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Jul 8) Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. [More…]
(Jul 12) John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. [More…]
(Jul 19) tiff2pdf could be made to crash or run programs as your login if it openeda specially crafted file.
(Jul 23) The system could be made to crash under certain conditions.
Parallels has become aware of yet unsubstantiated claims of a Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier. The goal of this communication is to make you aware of the situation.
Impact
Some recent vulnerability claims seem to be based on old vulnerabilities that already have been patched –but possibly where Passwords were not completely reset or where Customers changed back to old and vulnerable passwords. We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated and we are unable to confirm this vulnerability and cannot confirm that this vulnerability is limited to any specific operating system.
As always, Parallels strongly recommends you to keep your software up-to date and upgrade to the latest version of Parallels Plesk Panel. Security has been one of the key areas of focus for Parallels Plesk Panel 11 released in June and we will diligently continue to work on security going forward.
We will update the article http://kb.parallels.com/114330 as we learn more.
The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below. Information regarding cPanel’s Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 59634 Summary Arbitrary File Write vulnerability in…
The following bugs were fixed:
[-] Minor security vulnerability has been fixed
[-] qmail-queue-handlers cannot find /usr/sbin/postalias
[-] Automatic key update failures aren’t logged
[-] Incorrect architecture for php53-sqlite2 package for CentOS 5 x64
[-] Plesk key handler returns ‘Invalid locale requested’
The following bug have been fixed:
[-] Minor security vulnerability has been fixed
The following bug have been fixed:
[-] Minor security vulnerability has been fixed
Inadequate filtering in update manager leads to XSS vulnerability.
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Upgrade to version 2.5.4
Reported by Alex Andreae
The JSST at the Joomla! Security Center.
[-] XSS injection vulnerability has been fixed in Horda
[-] XSS injection vulnerability has been fixed in Horda
The following bugs have been fixed:
[-] Panel security vulnerability
Plesk Service team is pleased to inform you the vulnerability has been completely fixed in most versions of the Plesk. Plesk 10.x are completely covered by Micro-updates. Plesk 8.6 and 9.5 on Linux are also fixed by Micro-updates. For other version Custom Fixes are available.
Please refer to http://kb.parallels.com/en/113321.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
60 queries. 8.75 mb Memory usage. 1.285 seconds.