Gentoo Linux Security Advisory GLSA 200504-30 - The phpMyAdmin installation process leaves the SQL install script with insecure permissions. Versions less than 2.6.2-r1 are affected.
2f14682c3d2c1ce53dc09035ebfa9852d3f37d2162c30a53ce2789161c0d33bdGentoo Linux Security Advisory GLSA 200504-29 - Steven Van Acker has discovered a buffer overflow vulnerability in the add_port() function in Pound. Versions less than 1.8.3 are affected.
508acf6707fea998ce6f61a2d863c2f1364881a6c998ee20d344d408a8cedea3Gentoo Linux Security Advisory GLSA 200504-28 - Buffer overflow vulnerabilities in the slc_add_reply() and env_opt_add() functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Versions less than 0.6.4 are affected.
8f9785ac0de012dcf5e162da16f150a5a3fc8423a3b5bf8c8f0c7332c37b590aphpBB suffers from SQL injection vulnerabilities.
ca458f33b9f3016fe72402ab33dfbbd57fcb02856066cf26233223b8394b26efmyPHP version 3 suffers from some authentication flaws.
7acb86e0cb84d96d1c0a4a8bad9fef5794155e64405dfc6914ef1930d430fdbcNetTerm 5.1.1 is susceptible to a buffer overflow vulnerability.
cbee78841654b8d50513697d3015f26612a2b53278635785bdd9fe04ba84ff51iDEFENSE Security Advisory 04.25.06-3 - Remote exploitation of a buffer overflow vulnerability in Citrix Systems Inc.'s Program Neighborhood Agent allows attackers to execute arbitrary code under the privileges of the client user. The problem specifically exists in the client code responsible for handling the caching of information received from the server.
16507fe3cdb13ec83622e458aa634047d18ca5f69e7fabd2596d8731975803c8iDEFENSE Security Advisory 04.25.06-2 - Remote exploitation of a design error in Citrix Systems Inc.'s Program Neighborhood Agent allows attackers to create arbitrary shortcuts under the privileges of the client user. Citrix Program Neighborhood Agent is a part of the Citrix Presentation Server Client and facilitates access to Citrix published applications. The problem specifically exists in that an attacker who has established a malicious server can create arbitrary shortcuts to the client user's Startup folder.
e2c874a4cddc782ee004130fa3cf0634405553d31dc8949e908cb5c4ed7ef604iDEFENSE Security Advisory 04.25.06-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerabiltiy specifically exists because of a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long 'If' parameter string, a stack-based overflow occurs.
05c5b0f03940866f73bc2159f99ff530a95dc33e323dfd87ee1f15e5782c0aa5iDEFENSE Security Advisory 04.25.05-2 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long Lock-Token string, a stack-based overflow occurs.
de4dd6898b596370190084b4ae7be97a5ec66c778107f7dc4d74f3b5058bea09iDEFENSE Security Advisory 04.25.05-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to improper handling of HTTP GET queries containing a percent sign (%).
3d9df7b8685773ea51dc93936ccdec26e654e422760c6865c9a44369fe2e4c14Sqwebmail is susceptible to a cross site scripting vulnerability.
bbcd1dab317514856e9a775df797f71fdb7a6ea060f85d684815cc2326b35fb7Snmppd is susceptible to a format string vulnerability.
bc5427491a4a901c393b53732a6504c2225b684ae85279588d94c9d19012c901Gentoo Linux Security Advisory GLSA 200504-25 - Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
f1cc8ee77515d1a92862c3012f96550e4889e870b38cf8c6c9c2875d4cdac3ffGentoo Linux Security Advisory GLSA 200504-24 - Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Versions less than 1.0.0.007 are affected.
610d7dee1ebee7161b6c3a758df8fb08c5ed35d5980042002152cd66a9ecb96dMailEnable HTTPMail Enterprise <= 1.04 Professional <= 1.54 is vulnerable to a buffer overflow on a header field definition which would allow an attacker to execute arbitrary code.
020b6ab6e3581762060ba2c2990b16bc68cb8380fa57614477c9506a4bada0d4A local file detection flaw has been found in the Adobe Reader ActiveX control. Adobe Reader versions 7.0 and below are affected.
62e66376041cb0ead9f4c69cac186a4d750f6d7ab4a0b76dad3a4a5b944a91d3Argosoft mail server pro 1.8.7.6 (maybe others) are vulnerable to a cross-site scripting attack due to the mail server not filtering out some HTML tags in email messages.
730284972fd0b3761d247cb3b7dd3853f2ca689faf375d53b1b01457d4281fe0FreeBSD Security Advisory FreeBSD-SA-05:05 - Multiple programming errors were found in CVS. In one case, variable length strings are copied into a fixed length buffer without adequate checks being made; other errors include NULL pointer dereferences, possible use of uninitialized variables, and memory leaks.
0955613e37e271809f7afef6711a84a64f2032dbe02f04eb08d63144b31158faKDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
541b770d166d535ed31873d7fc040185169e96ce83b2851ceec63ccf5120c5feKDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.
15c0b15e1f97fffefbb19b6f2354efaea247f2f23d0219684a0be903991619c5A vulnerability exists in Macromedia ColdFusion 7.0 which allows a remote attacker to execute arbitrary HTML and script code to a users browser session.
b7e5adbb8cca2e19fa11f114f83ccae2400d714542e19d777713e7dbe4d4ba6fBy a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media application.
64c779246d4d9ccbe30d863aa28db22a229e66a2202abdc8598582b09109fb72WebSphere Application Server version 6.0 suffers from a cross site scripting flaw.
f68cc25f25bdda26b2281f384909d577b5ea7ee94e8abe5de53465cf42838c22Debian Security Advisory DSA 713-1 - Several bugs have been found in junkbuster, a HTTP proxy and filter.
e72c5e4ea90565cb61629b1743d0c4d4a8c3617c8103bc58829339968c1ee261
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed