WatchMouse recibe continuamente las últimas noticias de seguridad y los informes de vulnerabilidades más recientes. Consulte aquí regularmente las actualizaciones o inscríbase por medio del formulario de la derecha para recibir nuestras actualizaciones de seguridad por correo electrónico.

Vea una lista completa de las vulnerabilidades más recientes aquí.

 

7 feb 2012
phpShowtime is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Successfully exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Securityfocus.com
 

6 feb 2012
Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to Cacti 0.8.7g are vulnerable.
Securityfocus.com
 

6 feb 2012
Mozilla Firefox and SeaMonkey are prone to an insecure file-permission vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
Securityfocus.com
 

6 feb 2012
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a cross-domain security bypass vulnerability.

A remote attacker can exploit this vulnerability to bypass the HTML5 frame navigation policy and launch spoofing or phishing attacks against other sites.

These issues are fixed in:

Firefox 10.0
Thunderbird 10.0
SeaMonkey 2.7
Securityfocus.com

6 feb 2012
Ghostscript is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.
Securityfocus.com

  siguiente »