Gentoo Linux Security Advisory GLSA 200501-29 - Mailman is vulnerable to cross-site scripting attacks.
e8700ac7b17001a222f2051663d0de6a449083d1f25943b98f6ae1fd551ac955Gentoo Linux Security Advisory GLSA 200501-28 - A stack overflow was discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issue.
6d3333856e42b7c6ad1eb56d1005d508fb653af894b3fb5d1b523cf052b14bb7GroupWise 6.5 suffers from a flaw where an unauthenticated user can get read access to various data.
39413578d2bf2ff35b828532fffd5974f3692be8c07c037819c3e88ee3e24666DivX player versions 2.6 and below allow for arbitrary file overwriting via a flaw in handling skins.
e0b91ab213ef109d3e7d5ee589275919f9cf35746ad3daa9a71e452a7be88ebeComersus ASP shopping cart version 6.0 is susceptible to administrator login bypass, SQL injection, and cross site scripting attacks.
fa4955168f9fcd7c71beff76ff8d521cc4ebd0d3663310ad159a5f3893552497NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in the Microsoft NetDDE service which can allow a remote attacker to execute arbitrary code on a system without authentication. This vulnerability can also be used by any low privileged local user to gain Local System privileges. Systems Affected: Microsoft Windows NT/2000/XP/2003 Server.
7fe7b3cd43a05089bc18d0500d8382f190e1c29289808a9a8cd64afe62566c0dDebian Security Advisory 654-1 - Several security problems have been discovered in enscript.
5d28208ac57d5625dda59adf9f8c04c2de000131ef1678db9a147c58c7f214a7Gentoo Linux Security Advisory GLSA 200501-27 - Multiple vulnerabilities exist in Ethereal, which may allow an attacker to run arbitrary code, crash the program or perform DoS by CPU and disk utilization.
0828975659f7baf994aa7d61bb99530dfcd6577a681f5c5fc41c6cac7b15ba5biDEFENSE Security Advisory 01.20.05 - Remote exploitation of an input validation vulnerability in 3Com Corp.'s OfficeConnect Wireless 11g Access Point allows attackers to glean sensitive router information.
20d6f9dae34c3b4c99c46cf39adab6cad55fcb5b45259ad5e2453aaf25d2108cThis advisory covers nine of the 23 vulnerabilities recently discovered in various versions of Oracle's database server.
05f58b02101062b1f57e0de5e3166ee29294c50e446a28ff4adfd2aaf99ca936Secunia Security Advisory - A vulnerability has been discovered in the Apache check_forensic script that allows for local privilege escalation.
d4bd5c4ffda2aac9e74cafa67e43fbd8f1658d51600f2cb56c42471205d50f78Secunia Security Advisory - A vulnerability has been reported in 3Com OfficeConnect Wireless 11g Access Point, which can be exploited by malicious people to gain knowledge of sensitive information.
4f592f511c62e88075d0e9e04e3a75eada218e949fe02b570f10602507ec9b6fDebian Security Advisory 651-1 - A couple different overflows have been discovered in Squid. One is in the parser for Gopher and another is in the receiver for WCCP messages.
836558daf3b8225ee83be23b5502e47ecb6c82c7286dfd447db0ca184d7f8ab5Secunia Security Advisory - Some vulnerabilities have been reported in AntiGen for Domino, which can be exploited by malicious people to cause a DoS (Denial of Service) and by malware to bypass certain scanning functionality.
32287f8e52ff5ebe7d2934853f6926bea12e4cabc6b4437b3b9719960dec2988Debian Security Advisory 650-1 - Sword, a package for making a bible web site, is susceptible to a remote command execution flaw due to a lack of sanitizing input. Not even your god can save you now.
286c2640651ad4437f0111a699bc755f9e50d7537c9e72161cbab7ce90041134Sun Security Advisory - A vulnerability in the Java Plug-in may allow an untrusted applet to elevate privileges through JavaScript calling into Java code. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet to inappropriately interfere with another applet in the same web page which may include causing it to incorrectly load non-code resources such as files and web pages.
fff12819e999f2aa04fd9023287b35be822c905487fcb22420f818a51a1e653fGeCAD NET Security Advisory - The HTML Help Control patch issued from Microsoft may be subverted via other known vulnerabilities that are left unpatched in Internet Explorer.
d32c5cf90c2bbe8ef625797db1169224db31dcd4ce0d0477dd0575f3454eb37fDebian Security Advisory 649-1 - A buffer overflow has been discovered in xtrlock, a minimal X display lock program which can be exploited by a malicious local attacker to crash the lock program and take over the desktop session.
61962f41f5e7339d97af3a6ced5488ce1a0da7b3ca851f38ddf0359b7a4f2d92KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.
6b15ccf0b7bec83aa5472d69ac47e0982d0440956056b53788eaaf87744463e3Konversation versions below 0.15.1 suffer from various flaws that allow for shell command injection amongst others.
1878ab58f77ea098da55b04d4e3cac28e5c15f51bc0bce5aed916d6b27a0de19Integrigy Security Advisory - Oracle has released the its first Critical Patch Update (January 2005) and fixes 23 vulnerabilities in the Oracle Database, Oracle Application Server, and Oracle E-Business Suite - Integrigy discovered 5 of these vulnerabilities. The vulnerabilities in the Oracle Database and Oracle E-Business Suite should be considered high risk and organizations should work to apply the necessary patches at the earliest possible opportunity.
2d1a3adf02a15d6881976646e7fb047d6f0e021ee82168b3c88b84ea0793d9acSecunia Security Advisory - A security issue has been reported in Squid 2.x, which can be exploited by malicious users to bypass certain security restrictions. The issue is caused due to some LDAP implementations ignoring leading/trailing whitespaces in usernames. This can be exploited to bypass certain ACLs based on usernames or trick some log analysis by supplying a username with a whitespace in the beginning or end during the authentication process.
c0421bab66434fc8af2056b83c40c2ac1991466832dae520213f099b4877fe65iDEFENSE Security Advisory 01.19.05 - Two remotely exploitable denial of service conditions have been found to exist in MySQL MaxDB and SAP DB Web Agent products. MaxDB 7.5.00.21 fixes these issues.
41d6628bc065fa8e77e30ed2f6500b691ce1330b4cd9302a821d8f957a190e6eNGSSoftware Insight Security Research Advisory - Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.
5c0369393320c3bc4942c495e3418f09710027a42e9c22a5dd5a498b9a15bf83NGSSoftware Insight Security Research Advisory - A vulnerability has been discovered in RealPlayer which can allow an attacker to delete arbitrary files from a users system through a specially crafted webpage with little user interaction. RealPlayer 10.5 (6.0.12.1040) and older versions are affected.
b462f3260253fe793321c8e2dfeaaaa00172ff31bc7e9284b32f1a9c98fb0224
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed