Gentoo Linux Security Advisory GLSA 200504-20 - Gangstuck and Psirac from Rexotec discovered that openMosixview insecurely creates several temporary files with predictable filenames. Versions less than 1.5-r1 are affected.
23bccb90f85bbabb24a271ae05653d64a2d16cae3deeed52271cecd0e763eda1phpBB Auction module version 1.2m suffers from a SQL injection vulnerability.
c795fedacb95b4e3a28134fb0a24bf694c85c044f4193534fbcc7182bdd94779PHPROJEKT 4.2 Chatroom is vulnerable to Cross-Site Scripting (XSS) attacks allowing a broadcast attack to users in the chatroom.
924c24da845df4c0ceb5a3948b17ff81ec7c79bb09b72fb4da784f4f20a07a14Gentoo Linux Security Advisory GLSA 200504-19 - Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP (MMST). Versions less than 1.0_pre6-r4 are affected.
9c210f39c70c4af2a86566d59cbc0461e1c2b3ad20eedb16521f65098d8bf10dRealNetworks RealPlayer, RealOne Player, and Helix Player all suffer from a remote heap overflow that allows for remote code execution.
f5dfc6020b55f720a8cbcc1e223a699e696def7db5ae15407dbb1fa62bf5b52fNeslo Desktop Rover suffers from a remote denial of service vulnerability.
a60e6aaf17789932c5057f3a7942283c9a1bb3e4836d0c355a8b98aa268c362aAZBB versions 1.0.07d and below suffer from arbitrary file deletion and enumeration flaws.
6306c8d12777015f47460895fa5507cfd12177435797106e750bf523bbff3697GreyMagic Security Advisory GM#015-IE - Windows Explorer fails to filter dangerous data in links used in the webview on Windows.
b0e0113b63d7852efda22daf6fc544646e9787e6e936b0d0a0ea9c9fbbfd7063Debian Security Advisory DSA 712-1 - Tim Dijkstra discovered a problem during the upgrade of geneweb, a genealogy software with web interface. The maintainer scripts automatically converted files without checking their permissions and content, which could lead to the modification of arbitrary files.
9a0eca1814872b0a7fcc4dbe92282fa4c5686c5a69ec0ae85a69f55eca060887Gentoo Linux Security Advisory GLSA 200504-18 - New Mozilla Firefox and Mozilla Suite releases fix new security vulnerabilities, including memory disclosure and various ways of executing JavaScript code with elevated privileges. Versions less than 1.0.3 are affected.
3304fb9c0dd2ac34c28c8a52fa2aebb4d38b78bb11517ce76c83bb77926d2156Debian Security Advisory DSA 711-1 - Nicolas Gregoire discovered a cross-site scripting vulnerability in info2www, a converter for info files to HTML. A malicious person could place a harmless looking link on the web that could cause arbitrary commands to be executed in the browser of the victim user.
f5d92d368f4c048858a1635d0ff87da1ce79c1c6e050799059ff22ca3f13f2edGentoo Linux Security Advisory GLSA 200504-17 - Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS (Planetary Data System) image decoder, format string vulnerabilities in the TIFF and PDS decoders, and insufficient protection from shell meta-characters in malformed filenames. Versions less than 3.10a-r11 are affected.
44b8e9e806a61f9df9c12e6362eb8888a7ec7852456c03c0e32f01faa2c9fca8iDEFENSE Security Advisory 04.18.05 - Local exploitation of an insecure permission vulnerability in McAfee Internet Security Suite 2005 allows attackers to escalate non-Administrator privileges or disable protection.
9699f3cb21fa9695d95aac39f442e54d847ade88e201729977ec3782e7a018b7A SQL injection vulnerability exists in the CREATE_SCN_CHANGE_SET procedure for Oracle database server version 10g.
a5212af4697367cfaddf9c5d2eecf257e160ca8ab7b17e47a8d5fbd82766578dA SQL injection vulnerability exists in the ALTER_MANUALLOG_CHANGE_SOURCEDBMS_METADATA procedure for Oracle database server version 10g.
6fe16250b05705d0c21788a7123ad48bf9b396fddbabb93bae3b81090b8ca7ebMultiple SQL injection vulnerabilities exist in the DBMS_METADATA package for Oracle database server versions 9i and 10g.
9c197b54da59422b26a68e8b4cc788a15635ca92f877520ad3c5ec7c525b0aa3Gentoo Linux Security Advisory GLSA 200504-16 - Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow (CVE-2005-0753), memory leaks and a NULL pointer dereferencing error. Versions less than 1.11.18-r1 are affected.
71478e23debfee6f1ab5821db6951480baef1646b37e0cc240ba3d846f7ea1d5Oracle Database Server version 10g has a flaw that allows any low privileged database user to execute functions with DBA privileges.
bd2ea7fcfad3776a3eb567cbc888e2578d0c447e690779f98950f1bccc8ab1dbOracle Database Server versions 9i and 10g suffer from denial of service vulnerabilities in their interMedia system.
6fa9a30526c515903a896294e0fe106983bd5cf8a9bcc4ecab61acd3f4f6e5fcA buffer overflow exists in PMSoftware's Simple Web Server version 1.0.
5fa358e8ae57771eec4d6be7eef2ff8867641bda69d38b8fb79abcb41a1feabcDebian Security Advisory DSA 710-1 - Alan Cox discovered a problem in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a crash due to a null pointer dereference.
048ee5a8b482fb36773879c65429801f0f178b9e9b73fbb13ff5000f630521aaSUSE Security Announcement - Buffer overflow and memory access problems in cvs have been resolved.
4b23470fb0f1f14f3c0b7f6233c3e4361366bfe8d7adeb4be398791764f24e71Many XML/RPC servers based on Python / Ruby seem to be vulnerable to a simple Denial of Service where transmitting a large amount of data (circa 4 MB) results in them utilizing 100% of the CPU and apparently never recovering.
01fddb7df596dbb647f71a14bc8ddf89eda494b127062d87e148e1adfd6216baAppleWebKit XMLHttpRequest arbitrary file disclosure - Apple Safari 1.2+, Apple RSS 2.0 pre-release, OmniGroup OmniWeb 5.1+, as well as other software based on a common engine, are vulnerable to malicious webservers attacking them and retrieving information (arbitrary files on disk).
0ea575297839fdac0e3654c2488db5abe193e71540f91deb28ffc4cd0bd4c886Gentoo Linux Security Advisory GLSA 200504-14 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a double expansion error in monkeyd, resulting in a format string vulnerability. Ciaran McCreesh of Gentoo Linux discovered a Denial of Service vulnerability, a syntax error caused monkeyd to zero out unallocated memory should a zero byte file be requested. Versions less than 0.9.1 are affected.
7f4936472c31f89580293bf38a7962c48bf48a076c611dbcb39c244449785e17
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed