O WatchMouse controla as notícias sobre segurança e os relatórios de vulnerabilidades mais recentes. Confira este site regularmente para obter atualizações ou se inscreva, usando o formulário à direita, para receber nossas atualizações de notícias sobre segurança via e-mail.

Veja uma lista completa das mais recentes vulnerabilidades aqui.

 

7 Fev 2012
phpShowtime is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Successfully exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks.
Securityfocus.com
 

6 Fev 2012
Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to Cacti 0.8.7g are vulnerable.
Securityfocus.com
 

6 Fev 2012
Mozilla Firefox and SeaMonkey are prone to an insecure file-permission vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.
Securityfocus.com
 

6 Fev 2012
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a cross-domain security bypass vulnerability.

A remote attacker can exploit this vulnerability to bypass the HTML5 frame navigation policy and launch spoofing or phishing attacks against other sites.

These issues are fixed in:

Firefox 10.0
Thunderbird 10.0
SeaMonkey 2.7
Securityfocus.com

6 Fev 2012
Ghostscript is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application.
Securityfocus.com

  próximo »