Tuesday, August 31, 2010
Nagios XI: users.php SQL Injection
Users of Nagios XI please be advised of a users.php SQL Injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
NGENUITY-2010-008: [NGENUITY-2010-008] Nagios XI users.php SQL Injection
Technical Description
The records variable on the users.php command is not properly sanitized
and allows for injection of SQL commands. Stacked queries are also
allowed into the postgres database.
Read more at www.criticalwatch.com
Adobe Shockwave Player: Memory Corruption Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a Memory Corruption Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-09: TPTI-10-09: Adobe Shockwave Memory Corruption Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player: Memory Corruption Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a Memory Corruption Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-10: TPTI-10-10: Adobe Shockwave Memory Corruption Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player: tSAC Chunk Pointer Offset Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a tSAC Chunk Pointer Offset Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-11: TPTI-10-11: Adobe Shockwave tSAC Chunk Pointer Offset Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
Read more at www.criticalwatch.com
Adobe Shockwave Player: Integer Overflow Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of an Integer Overflow Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-12: TPTI-10-12: Adobe Shockwave Integer Overflow Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player: tSAC Chunk Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a tSAC Chunk Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-13: TPTI-10-13: Adobe Shockwave Director tSAC Chunk Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player: rcsL Chunk Pointer Offset Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a rcsL Chunk Pointer Offset Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-14: TPTI-10-14: Adobe Shockwave Director rcsL Chunk Pointer Offset Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious fileRead more at www.criticalwatch.com
Adobe Shockwave Player : mmap Trusted Chunk Size Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a mmap Trusted Chunk Size Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-15: TPTI-10-15: Adobe Shockwave Director mmap Trusted Chunk Size Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player : Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-160: ZDI-10-160: Adobe Shockwave Player Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.
Read more at www.criticalwatch.com
Adobe Shockwave Player : PAMI Chunk Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a PAMI Chunk Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-161: ZDI-10-161: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player: rcsL Chunk Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a rcsL Chunk Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-162: ZDI-10-162: Adobe Shockwave Director rcsL Chunk Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player : tSAC Chunk Parsing Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a tSAC Chunk Parsing Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-163: ZDI-10-163: Adobe Shockwave Director tSAC Chunk Parsing Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.Read more at www.criticalwatch.com
Adobe Shockwave Player: Adobe Shockwave Player Remote Code Execution Vulnerability
Users of Adobe Shockwave Player please be advised of a(n) Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-164: ZDI-10-164: Adobe Shockwave Player Remote Code Execution Vulnerability
-- Affected Products:
Adobe Shockwave Player
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Adobe Shockwave Player. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.
Read more at www.criticalwatch.com
Saturday, August 14, 2010
Microsoft Security Bulletin : Vulnerabilities in TCP/IP Could Allow Elevation of Privilege
Users of
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MS10-058: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege
Microsoft Security Bulletin
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Read more at www.criticalwatch.com
Microsoft Security Bulletin :
Users of Microsoft Security Bulletin please be advised of a Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege
Microsoft Security Bulletin
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Read more at www.criticalwatch.com
Microsoft : Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could All
Users of Microsoft please be advised of a Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could All that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could All
Microsoft
This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight.Read more at www.criticalwatch.com
Mozilla Firefox : Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers
Users of Mozilla
Firefox please be advised of a Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Multiple Browsers-SA-08/08/2010: Cross-Site Scripting vulnerability in Mozilla Firefox, Opera and other browsers
Mozilla
Firefox
It allows to bypass protection from
executing of JavaScript code in location-header redirectors (by redirecting
to javascript: URI).Read more at www.criticalwatch.com
Monday, August 9, 2010
FTP Rush : HTB22527 - Directory Traversal in FTP Rush vulnerability
Users of FTP Rush please be advised of a HTB22527 - Directory Traversal in FTP Rush vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22527: HTB22527 - Directory Traversal in FTP Rush
FTP Rush
Vulnerability Details:
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.
Read more at www.criticalwatch.com
DiamondList : XSS vulnerability in DiamondList
Users of DiamondList please be advised of a XSS vulnerability in DiamondList that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22508: HTB22508 - XSS vulnerability in DiamondList
DiamondList
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
BXR : HTB22505 - XSS vulnerability in BXR search
Users of BXR please be advised of a HTB22505 - XSS vulnerability in BXR search that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22505: HTB22505 - XSS vulnerability in BXR search
BXR
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
Open Blog : HTB22498 - XSS vulnerability in Open Blog
Users of Open Blog please be advised of a HTB22498 - XSS vulnerability in Open Blog that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22498: HTB22498 - XSS vulnerability in Open Blog
Open Blog
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
SmartFTP : HTB22525 - Directory Traversal in SmartFTP vulnerability
Users of SmartFTP please be advised of a HTB22525 - Directory Traversal in SmartFTP vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22525: HTB22525 - Directory Traversal in SmartFTP
SmartFTP
Vulnerability Details:
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.
Read more at www.criticalwatch.com
SiteLoom CMS : HTB22516 - XSS vulnerability in SiteLoom CMS
Users of SiteLoom CMS please be advised of aHTB22516 - XSS vulnerability in SiteLoom CMS that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22516: HTB22516 - XSS vulnerability in SiteLoom CMS
SiteLoom CMS
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
Amethyst : HTB22499 - XSS vulnerability in Amethyst
Users of Amethyst please be advised of aHTB22499 - XSS vulnerability in Amethyst that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22499: HTB22499 - XSS vulnerability in Amethyst
Amethyst
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
BXR : HTB22507 - XSS vulnerability in BXR
Users of BXR please be advised of a HTB22507 - XSS vulnerability in BXR that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22507: HTB22507 - XSS vulnerability in BXR
BXR
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
Read more at www.criticalwatch.com
Open Blog : HTB22496 - XSRF (CSRF) in Open blog vulnerability
Users of Open Blog please be advised of a HTB22496 - XSRF (CSRF) in Open blog vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22496: HTB22496 - XSRF (CSRF) in Open blog
Open Blog
Vulnerability Details:
The vulnerability exists due to failure in the "/application/modules/admin/controllers/users.php" script to properly verify the source of HTTP request.Read more at www.criticalwatch.com
Frigate 3 built-in FTP client : HTB22526 - Directory Traversal in Frigate 3 built-in FTP client vulnerability
Users of Frigate 3 built-in FTP client please be advised of a HTB22526 - Directory Traversal in Frigate 3 built-in FTP client vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22526: HTB22526 - Directory Traversal in Frigate 3 built-in FTP client
Frigate 3 built-in FTP client
Vulnerability Details:
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.
Read more at www.criticalwatch.com
BXR : HTB22503 - XSRF (CSRF) in BXR vulnerability
Users of BXR please be advised of a HTB22503 - XSRF (CSRF) in BXR vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22503: HTB22503 - XSRF (CSRF) in BXR
BXR
Vulnerability Details:
The vulnerability exists due to failure in the "/user/update" script to properly verify the source of HTTP request.
Read more at www.criticalwatch.com
Amethyst : HTB22500 - XSRF (CSRF) in Amethyst vulnerability
Users of Amethyst please be advised of a HTB22500 - XSRF (CSRF) in Amethyst vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22500: HTB22500 - XSRF (CSRF) in Amethyst
Amethyst
Vulnerability Details:
The vulnerability exists due to failure in the user updating script to properly verify the source of HTTP request.
Read more at www.criticalwatch.com
DT Centrepiece : HTB22522 - Application Logic Error in DT Centrepiece vulnerability
Users of DT Centrepiece please be advised of a HTB22522 - Application Logic Error in DT Centrepiece vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
HTB22522: HTB22522 - Application Logic Error in DT Centrepiece
DT Centrepiece
Vulnerability Details:
The user can activate an arbitrary account.
The system account is activated, has a predictable URL. This allows the user to activate any account without receiving the activation email.
Read more at www.criticalwatch.com
Red Hat Enterprise Linux : kernel security and bug fix update vulnerability
Users of Red Hat Enterprise Linux please be advised of a kernel security and bug fix update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0606-01: RHSA-2010:0606-01 Important: kernel security and bug fix update
Red Hat Enterprise Linux
Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Read more at www.criticalwatch.com
Red Hat Enterprise Linux : freetype security update vulnerability
Users of Red Hat Enterprise Linux please be advised of afreetype security update vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
RHSA-2010:0607-02: RHSA-2010:0607-02 Important: freetype security update
Red Hat Enterprise Linux
Description:
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4
provide both the FreeType 1 and FreeType 2 font engines. The freetype
packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font
engine.
Read more at www.criticalwatch.com
MantisBT 1.2.2 : MantisBT "Add Category" Script Insertion Vulnerability
Users of MantisBT 1.2.2 please be advised of a MantisBT "Add Category" Script Insertion Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
MantisBT-SA-08/05/2010: MantisBT "Add Category" Script Insertion Vulnerability
MantisBT 1.2.2
Description of Vulnerability
Secunia Research has discovered a vulnerability in MantisBT, which can
be exploited by malicious users to conduct script insertion attacks.
Read more at www.criticalwatch.com
Novell iPrint : Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-05: TPTI-10-05: Novell iPrint Client Browser Plugin Remote File Deletion Vulnerability
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to delete all files on a
system with a vulnerable installation of the Novell iPrint Client. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
Read more at www.criticalwatch.com
Novell iPrint : Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
TPTI-10-06: TPTI-10-06: Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Remote Code Execution
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Novell iPrint client. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page.
Read more at www.criticalwatch.com
Ubuntu Security : USN-968-1 Dell Latitude 2110 vulnerability
Users of Ubuntu Security please be advised of an USN-968-1 Dell Latitude 2110 vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-968-1: USN-968-1 Dell Latitude 2110 vulnerability
Ubuntu Security
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.Read more at www.criticalwatch.com
Ubuntu Security : USN-969-1 PCSC-Lite vulnerability
Users of Ubuntu Security please be advised of an USN-969-1 PCSC-Lite vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
USN-969-1: USN-969-1 PCSC-Lite vulnerability
Ubuntu Security
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
Read more at www.criticalwatch.com
Novell iPrint : Novell iPrint Server Queue Name Remote Code Execution Vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Server Queue Name Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-138: ZDI-10-138: Novell iPrint Server Queue Name Remote Code Execution Vulnerability
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell iPrint Server. Authentication is not
required to exploit this vulnerability.
Read more at www.criticalwatch.com
Novell iPrint : Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-139: ZDI-10-139: Novell iPrint Client Browser Plugin Parameter Name Remote Code Execution
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Novell iPrint Client browser plugin.
User interaction is required in that a target must visit a malicious web
page.
Read more at www.criticalwatch.com
Novell iPrint : Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability
Users of Novell iPrint please be advised of a Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-140: ZDI-10-140: Novell iPrint Client Browser Plugin Remote Code Execution Vulnerability
Novell iPrint
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Novell iPrint Client Browser Plugin.
User interaction is required to exploit this vulnerability in that the
target must visit a malicious page or open a malicious file.Read more at www.criticalwatch.com
Apple Safari : Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability
Users of Apple Safari please be advised of an Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
ZDI-10-141: ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability
Apple Safari
Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari's Webkit. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
Read more at www.criticalwatch.com