Ubuntu: 1612-1: libgssglue vulnerability
Oct17
on October 17, 2012
at 9:09 am
Posted In: Uncategorized
(Oct 15) Privilege escalation via the GSSAPI_MECH_CONF environment variable with setuidprograms.
Comment
Posts Tagged vulnerability
163 results.
Ubuntu: 1610-1: Linux kernel vulnerability
Oct16
on October 16, 2012
at 9:01 am
Posted In: Uncategorized
(Oct 12) The system could be made to perform privileged actions as an administrator.
Ubuntu: 1598-1: Linux kernel vulnerability
Oct10
on October 10, 2012
at 8:03 am
Posted In: Uncategorized
(Oct 9) Several security issues were fixed in the kernel.
Ubuntu: 1587-1: libxml2 vulnerability
Sep30
on September 30, 2012
at 6:49 am
Posted In: Uncategorized
(Sep 27) Applications using libxml2 could be made to crash or run programs as yourlogin if they opened a specially crafted file.
Ubuntu: 1557-1: Linux kernel vulnerability
Sep15
on September 15, 2012
at 5:15 am
Posted In: Uncategorized
(Sep 6) The system could be made to crash under certain conditions.
Ubuntu: 1554-1: Linux kernel vulnerability
Sep06
on September 6, 2012
at 3:50 am
Posted In: Uncategorized
(Sep 5) The system could be made to crash under certain conditions.
Debian: 2536-1: otrs2: cross-site scripting
Sep05
on September 5, 2012
at 4:09 am
Posted In: Uncategorized
(Aug 30) It was discovered that otrs2, a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting. [More…]
(Aug 28) Applications using libgc could be made to crash or run arbitraryprograms as your login.
(Aug 16) Applications using Off-the-Record messaging plugins could be madeto crash or run programs if it received specially crafted networkmessages.
Ubuntu: 1523-1: NVIDIA graphics drivers vulnerability
Aug09
on August 9, 2012
at 4:27 am
Posted In: Uncategorized
(Aug 6) NVIDIA graphics drivers could be made to run programs as an administrator.
Debian: 2522-1: fckeditor: cross site scripting
Aug07
on August 7, 2012
at 4:34 am
Posted In: Uncategorized
(Aug 6) Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web. For the stable distribution (squeeze), this problem has been fixed in [More…]
Debian: 2509-1: pidgin: remote code execution
Jul29
on July 29, 2012
at 4:04 am
Posted In: Uncategorized
(Jul 8) Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. [More…]
Debian: 2510-1: extplorer: Cross-site request forgery
Jul27
on July 27, 2012
at 3:03 am
Posted In: Uncategorized
(Jul 12) John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. [More…]
(Jul 19) tiff2pdf could be made to crash or run programs as your login if it openeda specially crafted file.
Ubuntu: 1515-1: Linux kernel vulnerability
Jul25
on July 25, 2012
at 2:46 am
Posted In: Uncategorized
(Jul 23) The system could be made to crash under certain conditions.
Security Advisory for Parallels Plesk Panel 10.4
Jul12
on July 12, 2012
at 10:13 am
Posted In: Uncategorized
Parallels has become aware of yet unsubstantiated claims of a Security Vulnerability in Parallels Plesk Panel version 10.4 and earlier. The goal of this communication is to make you aware of the situation.
Impact
Some recent vulnerability claims seem to be based on old vulnerabilities that already have been patched –but possibly where Passwords were not completely reset or where Customers changed back to old and vulnerable passwords. We are currently investigating this new reported vulnerability on Plesk 10.4 and earlier. At this time the claims are unsubstantiated and we are unable to confirm this vulnerability and cannot confirm that this vulnerability is limited to any specific operating system.
As always, Parallels strongly recommends you to keep your software up-to date and upgrade to the latest version of Parallels Plesk Panel. Security has been one of the key areas of focus for Parallels Plesk Panel 11 released in June and we will diligently continue to work on security going forward.
We will update the article http://kb.parallels.com/114330 as we learn more.
Targeted Security Release 2012-05-31 Disclosure
Jun04
on June 4, 2012
at 8:06 pm
Posted In: Uncategorized
The following disclosure covers the Targeted Security Release 2012-05-31. Each vulnerability is assigned an internal case number which is reflected below. Information regarding cPanel’s Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 59634 Summary Arbitrary File Write vulnerability in…
The following bugs were fixed:
[-] Minor security vulnerability has been fixed
[-] qmail-queue-handlers cannot find /usr/sbin/postalias
[-] Automatic key update failures aren’t logged
[-] Incorrect architecture for php53-sqlite2 package for CentOS 5 x64
[-] Plesk key handler returns ‘Invalid locale requested’
The following bug have been fixed:
[-] Minor security vulnerability has been fixed
The following bug have been fixed:
[-] Minor security vulnerability has been fixed
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.3 and all earlier 2.5.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2012-February-3
- Fixed Date: 2012-April-2
Description
Inadequate filtering in update manager leads to XSS vulnerability.
Affected Installs
Joomla! versions 2.5.3 and all earlier 2.5.x versions
Solution
Upgrade to version 2.5.4
Reported by Alex Andreae
Contact
The JSST at the Joomla! Security Center.
[-] XSS injection vulnerability has been fixed in Horda
[-] XSS injection vulnerability has been fixed in Horda
The following bugs have been fixed:
[-] Panel security vulnerability
SQL Injection vulnerability in Plesk API is now completely fixed!
Feb15
on February 15, 2012
at 2:16 pm
Posted In: Uncategorized
Plesk Service team is pleased to inform you the vulnerability has been completely fixed in most versions of the Plesk. Plesk 10.x are completely covered by Micro-updates. Plesk 8.6 and 9.5 on Linux are also fixed by Micro-updates. For other version Custom Fixes are available.
Please refer to http://kb.parallels.com/en/113321.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.
The following bugs have been fixed:
[-] SQL injection vulnerability that allows anonymous attacker remotely compromise Plesk server has been fixed.