Ubuntu Security Notice 1691-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.
c12022788231ab722ec0ff37568bbea0399356655e3b6b0008944fa0995e1af1
Ubuntu Security Notice 1689-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.
87da7447cdcc58e1c011de3f09aca77987a1561e2e522ee7655b485e4b57846b
Ubuntu Security Notice 1688-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.
9410264f6fc934cc4b6e55a8421ce6e660fa9a5c59cee780c20d92dcd39b6903
Debian Linux Security Advisory 2608-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).
885c09b10b563f1d09f7b11e89fe4648ad65477609292a1caa73573351a389f0
Debian Linux Security Advisory 2607-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).
cbc6fe2d8705fb44082076cf2f5b84f138b813ca49da1f70ef16a66238fc582d
Red Hat Security Advisory 2013-0164-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
2dc31609e5e28a443a06ee639d65c5c49d48575ef3fe138719bad835aaf0e092
Red Hat Security Advisory 2013-0162-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
32a92f350129341692adc47a732a174b110148665a30503cd55598fe3319ad5b
Red Hat Security Advisory 2013-0163-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.
22cfc2f88b06e62ca4bbbbf1021638fd52e89d13588d9d657cc38ac4cac062e0
Snews CMS suffers from a remote SQL injection vulnerability.
5775ab0b553da86a1cc2826df674d737c2e06a94325bab1d79b587b314e563f1
This is a whitepaper that discusses a reflective cross site scripting issue in *.adspecs.yahoo.com due to sessvars.js not filtering before performing an eval.
ec7a8bcfbe030e87367b8b94832c2b64cdd0550ea279469bf63bb2f775015438
phpLiteAdmin versions 1.8.x and 1.9.x suffer from remote SQL injection and path disclosure vulnerabilities.
0040b2134dfa5935dcd304cb28a4d32278bb7672c063c3ca3bef062b3e1fa1a7
Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Simple Login Log plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct script insertion and SQL injection attacks.
23150256c1be79eb90325cf6e162910c682ac31b8d774e8b0de1c8fdeb9ac676
Secunia Security Advisory - Ubuntu has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
e07fe3d61c370597a2508c00cf7fa0a0827c07dd0b2c61dc1b816d24b67e6b24
Secunia Security Advisory - Inshell Security has discovered a vulnerability in Serva, which can be exploited by malicious people to cause a DoS (Denial of Service).
a53c62ff3e003098017a0019e5a2e19600b73fee89a08eab5a04cf20278d3223
Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
bffade15f67b40ad5b42074a3eabb1d13333a078269a627407a222591c5d601d
Secunia Security Advisory - Ubuntu has issued an update for tomcat. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
8fb7408af57979818d3514803ce34880b6642366a3d8f21bf9cbd8fc76974207
Secunia Security Advisory - Multiple vulnerabilities have been reported in E.M.M.A., which can be exploited by malicious people to conduct script insertion attacks.
47d9c1bb61075444e590766321b74e3d3428fa9ce06ac40d87d9bdd3b8b2ab9e
This Metasploit module exploits a vulnerability found in FreeSSHd versions 1.2.6 and below to bypass authentication. You just need the username (which defaults to root). The exploit has been tested with both password and public key authentication.
0272e1bc1c0f2058ce2f21fa14e3a0637074e73625db7d48068910d45f94ec8d
Secunia Security Advisory - A vulnerability has been reported in IBM Cognos TM1, which can be exploited by malicious people to conduct cross-site scripting attacks.
fc0f3061dcb085abd1f11bcab246088e7ba629672d08a16937f608355ad31272
Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
25d993c27dca3b07e3d2e1d6479478b43b58fbb2414949b7f539ac153b900723
This bulletin summary lists one released out-of-band Microsoft security bulletin for January, 2013.
164b32910c91aaf76a2cf2a7aa765b570c8ea0b5dad172c8f77a42d13ac5dc42
Secunia Security Advisory - A vulnerability has been reported in Juniper JunosE, which can be exploited by malicious people to cause a DoS (Denial of Service).
08b8b6a0e8065ce1da5d3243663e8f8be801cdcc79193e1ced3e6a3cd4df6369
Secunia Security Advisory - A vulnerability has been reported in Condor, which can be exploited by malicious users to compromise a vulnerable system.
6f2776722e6a004b81aeb6f5f6085b59e53674d615d31e60e81ac626e4ae94fd
Secunia Security Advisory - Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
b0742ff0b7d2c554823ad4c235840cc1943caa4d4014d03c4ab5acd748d17528
Secunia Security Advisory - A vulnerability has been reported in Samba, which can be exploited by malicious users to bypass certain security restrictions.
dceb5a4354fb91de550d8c287cd9ad29c7eac6addca8b96bc251c2f4c53c4aa0