rssh versions below 2.2.2 suffer from a format string vulnerability that may allow for privilege escalation.
4e71754c1ea5a52d4e553addf2ba481fd95acd61c1c8fb641f366430dbdfc6a1An information disclosure flaw in AOL Journals allows any remote attacker to increment BlogIDs in order to reveal other user email addresses.
02d5f5dd347c2ac7772bcb3d661d9a6de4bf662b8460563f0fcc4e1d311b4c14Secunia Security Advisory - An vulnerability has been reported in HP Serviceguard, which potentially can be exploited by malicious people to compromise a vulnerable system.
13336a2214baaa7315b1c34b36225ac10e3adbd8c3588e66ba9057ee676a10f8Addendum to previous post regarding browser inabilities to render HTML securely. It appears that problems thought not to also include MSIE do affect that product as well.
1d3da6813efc5cf470fc248ce32c43c281b284739d7147da3b335d2b2b2b9074iDEFENSE Security Advisory 10.22.04 - An exploitable heap overflow in the handling of malformed tiff files has been discovered in the latest version of libtiff when JPEG support has been enabled. An attacker can exploit the above-described vulnerability to execute arbitrary code under the permissions of the target user. Successful exploitation requires that the attacker convince the end-user to open the malicious tiff file using an application linked with a vulnerable version of libtiff.
47aee7e32dd02f1b2f485dc27406d68b8725b9b7b347564a5a4988fe9d0cf4d9Two very serious security vulnerabilities in Java technology for mobile devices (Java 2 Micro Edition) affects about 250 million mobile phones coming from Nokia, Siemens, Panasonic, Samsung, Motorola and others. Sun has refused to release an alert regarding these issues. Information about these flaws has been published at Hack In the Box Security Conference earlier this month in Kuala Lumpur, Malaysia.
b5205c34f95361edb616b9b5160c4caade01ca0f30aebdbc019a5cfb22606cd6A specially crafted WAV file can cause the WAV file property handler to consume all available CPU resources on Windows XP.
8e05ffb1b09efaeebd8f0714bf6ea2a5918b97d04c49938779f57d86f6f1093cMandrake Linux Security Update Advisory - Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.
38339c35eb37ea1704d38fa5c8d7a983c7db524a7de177b38224327194a45663Gentoo Linux Security Advisory GLSA 200410-21 - A flaw has been found in mod_ssl where the SSLCipherSuite directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites.
06b3bc6d3391335b9f299d76aa4089572536a66060eb87668867cda8b1c74110A HTTP Response Splitting vulnerability has been reported in Serendipity 0.7-beta4.
58300abb3a8f54c654e8bb78e7f9e9f9aed80d29f1a932dd5a829debdf95141bDebian Security Advisory 573-1 - Chris Evans discovered several integer overflows in xpdf, that are also present in CUPS, the Common UNIX Printing System, which can be exploited remotely by a specially crafted PDF document.
fccd60e1ee2c1f5d58c88b7adbad22ccf6bfc7d8205b115e2d78c67cf9a77704Gentoo Linux Security Advisory GLSA 200410-19 - The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.
835983120856de9672d4df3fb055de82c29e15b525d53729dc1c1c36bbb07587Altiris Deployment server versions 5.x, 6.x, and possibly others are susceptible to a design flaw that allows an attacker to take complete control over all Altiris clients on a network with relative ease.
00d5a12abb42d0cde16860ee9706a4629ff21bb5c256745a947f93f021230767Secunia Security Advisory - A vulnerability has been reported in Speedtouch USB Driver, which potentially can be exploited by malicious, local users to gain escalated privileges.
76aee022b1a8f1207b62499507352f2a7c3a5d59d5d9b0fed33a0c8447865092Secunia Security Advisory - A vulnerability has been reported in Serendipity, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks.
acaf97d26f5c01f38152bba85d86498a319af52914e14d0c75a3836386bf5901Debian Security Advisory 572-1 - A problem has been discovered in ecartis, a mailing-list manager, which allows an attacker in the same domain as the list admin to gain administrator privileges and alter list settings.
36b123e8f91130593a23746179cc31188a931abe1aa176fa668aa789f53529ceSUSE Security Announcement - An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.
e8301b42ffb03cdc6751cdb3ee2fdc50c54950362f4ed8890cebbeb5d51eed2bNSFOCUS Security Advisory SA2004-02 - NSFOCUS Security Team found a security vulnerability in the program stmkfont of an HP-UX system. Exploiting this vulnerability, local attackers could gain group bin privileges.
893e2f01859a0283754f25f425a601354a817bdeb90c88bb389baec21e86d022Interesting write up of using an eSlate3000 made by Hart Intercivic. Due to their early arrival, Honolulu County has already started using them for walk-in absentee ballots.
a94ccface40aab35840874046f32a77457b342f433d07a5ecbe7eb0fc80c1bc4Gentoo Linux Security Advisory GLSA 200410-17 - OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.
1df7a419056dc3a76a8cc525b8bf1ff0456f157199aa85e9c76acf6ebbad899bSecunia Security Advisory - Roger Sylvain has reported a vulnerability in Nortel Contivity VPN Client, potentially allowing malicious people to open a VPN tunnel to the client.
085e2d54838dc160aad7aa3c8c3e791d8e939db60c78bc63517389c90a090974Linux 2.6.9 fixes a set of race conditions in the Linux terminal subsystem which are believed to go back to 2.2 kernels if not earlier. The race shows up problematically in two places.
f8cf3fc98aeca152c71b95cb20b1eee7b1b018c5a67a7c7a13854854c7bb8043Privateer's Bounty: Age of Sail II versions 1.04.151 and below is affected by a buffer overflow occurring when an attacker joins on the server using a nickname at least 144 bytes in length.
156853fe0bb73128ae6aa68202b9b9e09c23cb39d915de7147217d58394c8ba8Debian Security Advisory 570-1 - Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
4ce3f32f49c7c105105e734adf7ddc6a695daaa8719946a1415780421bcb8cc3Debian Security Advisory 571-1 - Several integer overflows have been discovered by its upstream developers in libpng, a commonly used library to display PNG graphics. They could be exploited to cause arbitrary code to be executed when a specially crafted PNG image is processed.
cab10b0b64c9f9a3b975a8b2f2ae1125c69ef475cdc6985d53e7236239040c0a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed