Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64

Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting XSS flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content...

Liferay Portal Privilege Escalation

Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...

Liferay Portal 6.0.x 6.1 - Privilege Escalation

Liferay Portal 6.0.x 6.1 - Privilege Escalation Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserServi...

WordPress Buddypress SQL Injection

Hi, I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST messag...

JVN#36721438: Mozilla Firefox vulnerability in processing content-length header

Mozilla Firefox contains a vulnerability in the processing of content-length header. Impact When a malicious website is viewed, a script may be injected within a response from another domain. Solution Update the software Update to the latest version according to the information provided by the...

USN-1157-3: Firefox regression

USN-1157-1 fixed vulnerabilities in Firefox. Unfortunately, this update produced the side effect of pulling in Firefox on some systems that did not have it installed during a dist-upgrade due to changes in the Ubuntu language packs. This update fixes the problem. We apologize for the inconvenienc...

Fedora 13 : asterisk-1.6.2.17-1.fc13 (2011-2558)

The Asterisk Development Team has announced the release of Asterisk 1.6.2.17. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.6.2.17 resolves several issues reported by the community and would have not been possib...

java-1.6.0-openjdk security update

1.6.0.0-1.36.b17 - removed plugin. How it comes in?! - Resolves: rhbz676295 1.6.0.0-1.33.b17 - bumped release number, it was accidentaly reduced, and now lower version then last one was released. - Resolves: rhbz676295 1.6.0.0-1.22.b17 - Updated to 1.7.9 tarball - removed patch6, fixed upstrream ...

RedHat Update for thunderbird RHSA-2010:0968-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2010:0968-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Solaris LPD Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Solaris LPD...

Dopewars 1.5.12 Server Denial of Service

Description The jet command in Dopewars 1.5.12 is vulnerable to a segmentaion fault due to a lack of input validation. POC ruby -e 'print "foo^^Ar1111111n^^Acfoon^AV65536n"' | nc localhost 7902 Fix This issue is resolved in the SVN version of the application. Discovered by Doug Prostko...

Medium security hole in TekRADIUS

Hi, I've identified a couple of security flaws affecting the TekRADIUS radius server for Windows which may allow privilege escalation. These issues were reported by email to the vendor and have I believe been resolved. Tim -- Tim Brown mailto:[email protected]...

CVE-2009-2186

Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."...

poppler security update

0.5.4-4.4.el53.9 - Another fix of integer overflows. - Adds memory-allocation.patch. - Resolves: 490707 0.5.4-4.4.el53.8 - Change calling of exit to exit. - Adds exit-handling.patch. - Resolves: 490707 0.5.4-4.4.el53.7 - Improve handling of EOF at JBIG2Stream.cc. - Adds eof-handling.patch. -...

CVE-2009-0362

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...

CVE-2009-0362

filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service forced authentication failures via a crafted reverse-resolved DNS name rhost entry that contains a substring that is interpreted as an IP address, a different...

Nortel Business Communications Manager 3.5 / 3.6 Default Password (deprecated)

Binary data 4883.prm...

eZ Publish < 3.9.5/3.10.1/4.0.1 Privilege Escalation Exploit

No description provided by source. ?php / eZ Publish privilege escalation exploit by s4avrd0w [email protected] Versions affected = 3.5.6 Resolved in 3.9.5, 3.10.1, 4.0.1 More info:...

Critical Vulnerability in Apple Quicktime’s Indeo Codec

http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/ Paul Byrne of NGSSoftware has discovered a critical vulnerability in Apple Quicktime's implementation of the Indeo Codec CVE-ID: CVE-2008-3615 which may allow an attacker to execute arbitrary code on a...

Fixed XSS vulnerability at achtsoft.shops-24.com

Security researcher Fabian Fingerle, has submitted on 08/03/2008 a cross-site-scripting XSS vulnerability affecting achtsoft.shops-24.com, which at the time of submission ranked 6401011 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/04/2008...