Blogs

WordPress PHP Code Execution and Cross-Site Scripting in v2.5 and prior

http://secunia.com/advisories/29965/ - Two vulnerabilities have been discovered, one which can lead to authentication bypass (if account registration is enabled) and another which can lead to arbitrary HTML and code execution on the clients web browser. This could appear to be a defacement, but is executed locally on the users computer, not on the server itself. Test and update to v2.5.1 when possible.

Sun Solaris Apache Modules Cross-Site Scripting Vulnerabilities

http://secunia.com/advisories/29988/ - Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks. This affects Apache 1.3.x and 2.0.x running on Solaris 8, 9 and 10 on SPARC and x86. Some vendor patches are available. Please test and apply these patches when available.

Sun Solaris Apache Modules Cross-Site Scripting Vulnerabilities

http://secunia.com/advisories/29988/ - Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks. This affects Apache 1.3.x and 2.0.x running on Solaris 8, 9 and 10 on SPARC and x86. Some vendor patches are available. Please test and apply these patches when available.

Adobe Products BMP Handling Buffer Overflow Vulnerability

http://secunia.com/advisories/29838/ - Adobe Photoshop Album Starter Edition 3.2 and Adobe After Effects CS3 (and possibly other Adobe products) are vulnerable to a buffer overflow vulnerability that could lead to system compromise. An update is not yet available. Users should avoid opening untrusted BMP files.

Poppler Embedded Fonts Processing Vulnerability

http://secunia.com/advisories/29836/ - Poppler is a PDF rendering engine used by xpdf, evince and other tools. There is a system compromise vulnerability that can be exploited by processing malicious PDF files. RedHat has released poppler-0.5.4-4.4 to fix this vulnerability. It is suggested to test and update to this version during the next outage window.

Poppler Embedded Fonts Processing Vulnerability

http://secunia.com/advisories/29836/ - Poppler is a PDF rendering engine used by xpdf, evince and other tools. There is a system compromise vulnerability that can be exploited by processing malicious PDF files. RedHat has released poppler-0.5.4-4.4 to fix this vulnerability. It is suggested to test and update to this version during the next outage window.

Nagios Plugins Long Location Header Buffer Overflow Vulnerability

http://secunia.com/advisories/27124/ - A vulnerability in the plugins for Nagios could lead to system compromise. Successful exploitation requires that a connection is made to a malicious web server. This affects versions prior to 1.4.10. Fedora just released updates for nagios-plugins for Fedora 7 and Fedora 8.

Pages