HP Security Bulletin HPSBMU02764 SSRT100827 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 2 of this advisory.
309e442bfe4de81d1da4a903beb9bb3ce130e05b0ec3c99ada2e50debacf94afHP Security Bulletin HPSBMU02764 SSRT100827 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 1 of this advisory.
ef4dc6d5c693e4d1488186aa6471a0d6ae5ab0b725cd9a055f4101f928dcf379Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.
913a13e39a2c89b9d6470dae0fbd06dbbb46dd11bfc6b11630757c337688701fMandriva Linux Security Advisory 2010-255 - Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. The updated packages have been upgraded to php-intl-1.1.2 and patched to correct this issue.
edc34bdf1e37b1b74c1522707bbedfbc6f011dc71937ac68a416c0d7ded14024Mandriva Linux Security Advisory 2010-254 - This is a maintenance and security update that upgrades php to 5.3.4 for 2010.0/2010.1. Paths with NULL in them are now considered as invalid. Other fixes were also added.
f73228b7526719b17858daba587571787c621c8e2bd9a419e23f3e9ae7dc7bccPHP version 5.3.3 suffers from a NumberFormatter::getSymbol integer overflow vulnerability.
1df59e17c946c51528d4029507cbbbe55391b84ff9525a5af9000a7bc64461a6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed