Tuesday, August 31, 2010
Nagios XI: users.php SQL Injection
Users of Nagios XI please be advised of a users.php SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
NGENUITY-2010-008: [NGENUITY-2010-008] Nagios XI users.php SQL Injection
Technical Description
The records variable on the users.php command is not properly sanitized
and allows for injection of SQL commands. Stacked queries are also
allowed into the postgres database.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bVvhpD
Adobe Shockwave Player: Memory Corruption Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a Memory Corruption Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-09: TPTI-10-09: Adobe Shockwave Memory Corruption Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/d4JpDB
Adobe Shockwave Player: Memory Corruption Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a Memory Corruption Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-10: TPTI-10-10: Adobe Shockwave Memory Corruption Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/a2F4dM
Adobe Shockwave Player: tSAC Chunk Pointer Offset Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a tSAC Chunk Pointer Offset Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-11: TPTI-10-11: Adobe Shockwave tSAC Chunk Pointer Offset Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/901bmd
Adobe Shockwave Player: Integer Overflow Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of an Integer Overflow Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-12: TPTI-10-12: Adobe Shockwave Integer Overflow Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/d1INFg
Adobe Shockwave Player: tSAC Chunk Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a tSAC Chunk Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-13: TPTI-10-13: Adobe Shockwave Director tSAC Chunk Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/csWuQG
Adobe Shockwave Player: rcsL Chunk Pointer Offset Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a rcsL Chunk Pointer Offset Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-14: TPTI-10-14: Adobe Shockwave Director rcsL Chunk Pointer Offset Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious fileRead more at www.criticalwatch.com
See this Amp at http://bit.ly/9GWrez
Adobe Shockwave Player : mmap Trusted Chunk Size Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a mmap Trusted Chunk Size Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-15: TPTI-10-15: Adobe Shockwave Director mmap Trusted Chunk Size Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cZuUoq
Adobe Shockwave Player : Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-160: ZDI-10-160: Adobe Shockwave Player Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bTIzmn
Adobe Shockwave Player : PAMI Chunk Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a PAMI Chunk Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-161: ZDI-10-161: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cYV3Dm
Adobe Shockwave Player: rcsL Chunk Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a rcsL Chunk Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-162: ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/96kRcz
Adobe Shockwave Player : tSAC Chunk Parsing Remote Code Execution Vulnerability http://bit.ly/92ipKf
Adobe Shockwave Player : tSAC Chunk Parsing Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a tSAC Chunk Parsing Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-163: ZDI-10-163: Adobe Shockwave Director tSAC Chunk Parsing Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/92ipKf
Adobe Shockwave Player: Adobe Shockwave Player Remote Code Execution Vulnerability http://bit.ly/96h9ih
Adobe Shockwave Player: Adobe Shockwave Player Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a(n) Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-164: ZDI-10-164: Adobe Shockwave Player Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/96h9ih
Saturday, August 14, 2010
Microsoft Security Bulletin : Vulnerabilities in TCP/IP Could Allow Elevation of Privilege http://bit.ly/aXqgSV
Microsoft Security Bulletin : Vulnerabilities in TCP/IP Could Allow Elevation of Privilege
Users of
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MS10-058: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege
Microsoft Security Bulletin
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aXqgSV
Microsoft Security Bulletin :
Users of Microsoft Security Bulletin please be advised of a Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege
Microsoft Security Bulletin
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/a3C4yG
Microsoft : Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could All http://bit.ly/aC7Ui9
Microsoft : Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could All
Users of Microsoft please be advised of a Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could All that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could All
Microsoft
This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aC7Ui9
Mozilla Firefox : Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers http://bit.ly/9SXLy1
Mozilla Firefox : Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers
Users of Mozilla
Firefox please be advised of a Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
Multiple Browsers-SA-08/08/2010: Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers
Mozilla
Firefox
It allows to bypass protection from
executing of JavaScript code in location-header redirectors (by redirecting
to javascript: URI).Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9SXLy1
Monday, August 9, 2010
FTP Rush : HTB22527 - Directory Traversal in FTP Rush vulnerability
Users of FTP Rush please be advised of a HTB22527 - Directory Traversal in FTP Rush vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22527: HTB22527 - Directory Traversal in FTP Rush
FTP Rush
Vulnerability Details:
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bYVa7F
DiamondList : XSS vulnerability in DiamondList
Users of DiamondList please be advised of a XSS vulnerability in DiamondList that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22508: HTB22508 - XSS vulnerability in DiamondList
DiamondList
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/btF4Fy
BXR : HTB22505 - XSS vulnerability in BXR search
Users of BXR please be advised of a HTB22505 - XSS vulnerability in BXR search that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22505: HTB22505 - XSS vulnerability in BXR search
BXR
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/a6AKu4
Open Blog : HTB22498 - XSS vulnerability in Open Blog
Users of Open Blog please be advised of a HTB22498 - XSS vulnerability in Open Blog that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22498: HTB22498 - XSS vulnerability in Open Blog
Open Blog
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aDgEu9
SmartFTP : HTB22525 - Directory Traversal in SmartFTP vulnerability
Users of SmartFTP please be advised of a HTB22525 - Directory Traversal in SmartFTP vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22525: HTB22525 - Directory Traversal in SmartFTP
SmartFTP
Vulnerability Details:
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bQ9sWT
SiteLoom CMS : HTB22516 - XSS vulnerability in SiteLoom CMS
Users of SiteLoom CMS please be advised of aHTB22516 - XSS vulnerability in SiteLoom CMS that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22516: HTB22516 - XSS vulnerability in SiteLoom CMS
SiteLoom CMS
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cBbNmd
Amethyst : HTB22499 - XSS vulnerability in Amethyst
Users of Amethyst please be advised of aHTB22499 - XSS vulnerability in Amethyst that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22499: HTB22499 - XSS vulnerability in Amethyst
Amethyst
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bQ4ZlB
BXR : HTB22507 - XSS vulnerability in BXR
Users of BXR please be advised of a HTB22507 - XSS vulnerability in BXR that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22507: HTB22507 - XSS vulnerability in BXR
BXR
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aiy93M
Open Blog : HTB22496 - XSRF (CSRF) in Open blog vulnerability
Users of Open Blog please be advised of a HTB22496 - XSRF (CSRF) in Open blog vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22496: HTB22496 - XSRF (CSRF) in Open blog
Open Blog
Vulnerability Details:
The vulnerability exists due to failure in the "/application/modules/admin/controllers/users.php" script to properly verify the source of HTTP request.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aExsgC
Frigate 3 built-in FTP client : HTB22526 - Directory Traversal in Frigate 3 built-in FTP client vulnerability http://bit.ly/aejDes
Frigate 3 built-in FTP client : HTB22526 - Directory Traversal in Frigate 3 built-in FTP client vulnerability
Users of Frigate 3 built-in FTP client please be advised of a HTB22526 - Directory Traversal in Frigate 3 built-in FTP client vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22526: HTB22526 - Directory Traversal in Frigate 3 built-in FTP client
Frigate 3 built-in FTP client
Vulnerability Details:
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aejDes
BXR : HTB22503 - XSRF (CSRF) in BXR vulnerability
Users of BXR please be advised of a HTB22503 - XSRF (CSRF) in BXR vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22503: HTB22503 - XSRF (CSRF) in BXR
BXR
Vulnerability Details:
The vulnerability exists due to failure in the "/user/update" script to properly verify the source of HTTP request.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/ch9Jqi
Amethyst : HTB22500 - XSRF (CSRF) in Amethyst vulnerability
Users of Amethyst please be advised of a HTB22500 - XSRF (CSRF) in Amethyst vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22500: HTB22500 - XSRF (CSRF) in Amethyst
Amethyst
Vulnerability Details:
The vulnerability exists due to failure in the user updating script to properly verify the source of HTTP request.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9sbF3M
DT Centrepiece : HTB22522 - Application Logic Error in DT Centrepiece vulnerability http://bit.ly/aRSqu4
DT Centrepiece : HTB22522 - Application Logic Error in DT Centrepiece vulnerability
Users of DT Centrepiece please be advised of a HTB22522 - Application Logic Error in DT Centrepiece vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
HTB22522: HTB22522 - Application Logic Error in DT Centrepiece
DT Centrepiece
Vulnerability Details:
The user can activate an arbitrary account.
The system account is activated, has a predictable URL. This allows the user to activate any account without receiving the activation email.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aRSqu4
Red Hat Enterprise Linux : kernel security and bug fix update vulnerability
Users of Red Hat Enterprise Linux please be advised of a kernel security and bug fix update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RHSA-2010:0606-01: RHSA-2010:0606-01 Important: kernel security and bug fix update
Red Hat Enterprise Linux
Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bYan6O
Red Hat Enterprise Linux : freetype security update vulnerability
Users of Red Hat Enterprise Linux please be advised of afreetype security update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
RHSA-2010:0607-02: RHSA-2010:0607-02 Important: freetype security update
Red Hat Enterprise Linux
Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4
provide both the FreeType 1 and FreeType 2 font engines. The freetype
packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font
engine.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cFLTtG
MantisBT 1.2.2 : MantisBT "Add Category" Script Insertion Vulnerability
Users of MantisBT 1.2.2 please be advised of a MantisBT "Add Category" Script Insertion Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MantisBT-SA-08/05/2010: MantisBT "Add Category" Script Insertion Vulnerability
MantisBT 1.2.2
Description of Vulnerability
Secunia Research has discovered a vulnerability in MantisBT, which can
be exploited by malicious users to conduct script insertion attacks.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9ei7ww
Novell iPrint : Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability http://bit.ly/aegHyN
Novell iPrint : Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-05: TPTI-10-05: Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to delete all files on a
system with a vulnerable installation of the Novell iPrint Client. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aegHyN
Novell iPrint : Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution http://bit.ly/9K8kDv
Novell iPrint : Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
TPTI-10-06: TPTI-10-06: Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Novell iPrint client. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9K8kDv
Ubuntu Security : USN-968-1 Dell Latitude 2110 vulnerability
Users of Ubuntu Security please be advised of an USN-968-1 Dell Latitude 2110 vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
USN-968-1: USN-968-1 Dell Latitude 2110 vulnerability
Ubuntu Security
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cNjT1C
Ubuntu Security : USN-969-1 PCSC-Lite vulnerability
Users of Ubuntu Security please be advised of an USN-969-1 PCSC-Lite vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
USN-969-1: USN-969-1 PCSC-Lite vulnerability
Ubuntu Security
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/97J3So
Novell iPrint : Novell iPrint Server Queue Name Remote Code Execution Vulnerability http://bit.ly/aHke80
Novell iPrint : Novell iPrint Server Queue Name Remote Code Execution Vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Server Queue Name Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-138: ZDI-10-138: Novell iPrint Server Queue Name Remote Code Execution Vulnerability
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Server. Authentication is not
required to exploit this vulnerability.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/aHke80
Novell iPrint : Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution vulnerability http://bit.ly/9X6Her
Novell iPrint : Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-139: ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Novell iPrint Client browser plugin.
User interaction is required in that a target must visit a malicious web
page.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9X6Her
Novell iPrint : Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability http://bit.ly/d2Onx5
Novell iPrint : Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-140: ZDI-10-140: Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Novell iPrint Client Browser Plugin.
User interaction is required to exploit this vulnerability in that the
target must visit a malicious page or open a malicious file.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/d2Onx5
Apple Safari : Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability http://bit.ly/bG1DgX
Apple Safari : Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability
Users of Apple Safari please be advised of an Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
ZDI-10-141: ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability
Apple Safari
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari's Webkit. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/bG1DgX
Subscribe to:
Posts (Atom)
