Statcounter is susceptible to a script injection user session hijacking flaw.
2f8b0a24361026c281e96ee3041e21b8b9c0a48c33866ddddd38ba3d356683b6Every user with CREATE JOB privilege can switch the SESSION_USER to SYS by executing a database job via dbms_scheduler on Oracle 10g.
89a141519dcef0c60eb5caae4118b9350bed9c359a49fba7854f155c388e595cFine grained audit (FGA) is disabled for all users if the user SYS runs a SELECT statement on a FGA object in Oracle 9i / 10g.
ef0e69af9d00f437ba72ca0fee630f111a4921211bcba924fef4da010fb8148cThe Gamespy cd-key validation system allows for multiple use of the same key.
8139c1152cfd8033b373585e5ec3187e22c4c9b4dcd050934cf1cccab4456a1diDEFENSE Security Advisory 05.04.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X allows attackers to execute arbitrary code. vpnd is the system daemon which manages IPSEC or PPTP connections. The vulnerability specifically exists due to insufficient bounds checking on the value given to the Server_id parameter.
0237606ce969824dc940b7a556542ba770756a2abb6a8d17d8aad8742cfb0a93A local file detection bug exists in Adobe SVG Viewer version 3.0.
b56516177838b137c11f376de8fc95ba5e4906d2d1a019f2e5bd11efb8f5d84bLeafnode versions 1.9.48 to 1.11.1 suffer from a denial of service vulnerability.
30b6c7c1e8d7eeb30cd82999c84bd5e80690a1a2b8ceede25323b0633cea4b3dUbuntu Security Notice USN-118-1 - Postgresql suffers from multiple vulnerabilities.
d115508980e6b35c51f9fb331119affaab6ae7c99bb8434b6050362aa9206618vpnd on Mac OSX versions 10.3.9 and below suffers from a stack buffer overflow.
cf228ea2cc508d49888b67af2c4fca70d0985d71b8d036276387de3ca4f74d36Apple OSX suffers from multiple bluetooth vulnerabilities.
1f2d239e36a2a11e6998d72399a7c9b0cdc8dcabb42c9fdd577e9c7bfc8b81824 security vulnerabilities surfaced for Mac OS X.
611e1fc379bf33b3470bd4abb0a5b34beb52d4121d4c97e7eda23652c5314c91iDEFENSE Security Advisory 05.03.05 - Local exploitation of a buffer overflow vulnerability in Apple Computer, Inc.'s Mac OS X Server default install allows attackers to execute arbitrary code. NeST is the NetInfo Setup Tool for Mac OS X. The vulnerability specifically exists due to insufficient bounds checking on the argument passed to the '-target' command line parameter. Local attackers can supply an overly long value to overflow the buffer and execute arbitrary code.
0c4cd80a8e3d38cb59c61f0869356ce10010ac85f79bb0f97bfe1f1caf72ece0Secure Science Corporation Advisory CSA-056 - LibTomCrypt is a fairly comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. A vulnerability was found by the author within the signature scheme used with the Elliptic Curve Cryptosystem routines that will allow arbitrary signatures to be created by an attacker.
b8ad4e6b033d01b8ddf58a423ef32c097bcb846cc0417058b55c70ae4bb633adUbuntu Security Notice USN-126-1 - A denial of service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing sanity check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory access which could crash the application. It was not possible to exploit this to execute any attacker specified code.
a3972f42ed956bc21421985a05fa3e50b0ab0cf627ca6abfbcee3c37549995aeFreeBSD Security Advisory FreeBSD-SA-05:09 - When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread.
5e666245ff6f81ff72f602f77622595ea80e3cf57ceb0ef27419e4e10cfa5986Gentoo Linux Security Advisory GLSA 200505-20 - infamous41d discovered several vulnerabilities in GNU Mailutils. imap4d does not correctly implement formatted printing of command tags (CVE-2005-1523), fails to validate the range sequence of the FETCH command (CVE-2005-1522), and contains an integer overflow in the fetch_io routine (CVE-2005-1521). mail contains a buffer overflow in header_get_field_name() (CVE-2005-1520). Versions less than 0.6-r1 are affected.
c2fb67e7ef5e9d7869519665523ab1b56b6a1f13618b8118efd53ef25ee92044Gentoo Linux Security Advisory GLSA 200505-19 - Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Versions less than 0.4.4 are affected.
ff8bdf466cde935fabc1f41a965e7bcc0c76a699d5691dbb519735aab32494e5Gentoo Linux Security Advisory GLSA 200505-18 - The fixproc application of Net-SNMP creates temporary files with predictable filenames. Versions less than 5.2.1-r1 are affected.
55ae58d4091c9513eec1db8f4df5e6697cdf1f1e7a159b4294f30dc6b5b91720Gentoo Linux Security Advisory GLSA 200505-17 - Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users (CVE-2005-1151). The upstream developers discovered that Qpopper can be forced to create group or world writeable files (CVE-2005-1152). Versions less than 4.0.5-r3 are affected.
5f79ff0a88cc0ec2c54f6ceed5e00a22614019b40a6b651f22b9fb0d59a11434Gentoo Linux Security Advisory GLSA 200505-16 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a Denial of Service vulnerability in the XWD decoder of ImageMagick and GraphicsMagick when setting a color mask to zero. Versions less than 6.2.2.3 are affected.
7cd890831c972168a96e842608bd68f5ae3853773f99cba71d5868a21d6da6e4Gentoo Linux Security Advisory GLSA 200505-15 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory. Versions less than 6.3-r3 are affected.
a438150f4f7635d000ccf3b00ec02b17b42aa4f822c4d5404b56c1e3ee3fa395Gentoo Linux Security Advisory GLSA 200505-14 - Brian Bird discovered that Cheetah searches for modules in the world-writable /tmp directory. Versions less than 0.9.17-rc1 are affected.
853bd930b30b1dc75326033673188777ab4477db6183a979bd5d53e35f1ff993Gentoo Linux Security Advisory GLSA 200505-13 - Primoz Bratanic discovered that the sql_escape_func function of FreeRADIUS may be vulnerable to a buffer overflow (BID 13541). He also discovered that FreeRADIUS fails to sanitize user-input before using it in a SQL query, possibly allowing SQL command injection (BID 13540). Versions less than 1.0.2-r3 are affected.
f0e8ee31b44589588be2f25ad27a3e4ee5e6a3d3ebf3acbeef7867a4d0644570Gentoo Linux Security Advisory GLSA 200505-12 - PostgreSQL gives public EXECUTE access to a number of character conversion routines, but doesn't validate the given arguments (CVE-2005-1409). It has also been reported that the contrib/tsearch2 module of PostgreSQL misdeclares the return value of some functions as internal (CVE-2005-1410). Versions less than 8.0.2-r1 are affected.
f343524cabdc8563fd558ecf9418e6857706907df010ed93fb9711dc15817069Gentoo Linux Security Advisory GLSA 200505-11 - The Mozilla Suite and Firefox do not properly protect IFRAME JavaScript URLs from being executed in context of another URL in the history list (CVE-2005-1476). The Mozilla Suite and Firefox also fail to verify the IconURL parameter of the InstallTrigger.install() function (CVE-2005-1477). Michael Krax and Georgi Guninski discovered that it is possible to bypass JavaScript-injection security checks by wrapping the javascript: URL within the view-source: or jar: pseudo-protocols (MFSA2005-43). Versions less than 1.0.4 are affected.
6b81a217ce3f87b99e5aadf53821e66be801d2bc37dc498629b18c3918b3ad7c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed