Gentoo Linux Security Advisory GLSA 200505-10 - phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follow a posted link triggering the vulnerability. Versions less than 2.0.15 are affected.
9d4330f075d84b5e3a57149a41002a7d4ac072e81cac2868e4e27c0b7a6f36d4Gentoo Linux Security Advisory GLSA 200505-09 - Stu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very long URL (CVE-2005-1261). Siebe Tolsma discovered that Gaim is also vulnerable to a remote Denial of Service attack when receiving a specially crafted MSN message (CVE-2005-1262). Versions less than 1.3.0 are affected.
52d6d35d922abc92a5c62a156c06b0a964358c9c04b130bca8c8ab047e64a971Gentoo Linux Security Advisory GLSA 200505-08 - Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has been discovered in the PE parser. Versions less than 0.8.0-r2 are affected.
bb50f3d10e9687ec9e2dcff2d81fd8f709c3bc9465d6ba8708274ced00dc0797Gentoo Linux Security Advisory GLSA 200505-07 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Versions less than 3.7.2 are affected.
10f00fb5875050a3e524daa001dab1ae2df6cb0acba56164a9325e4481f90dbfGentoo Linux Security Advisory GLSA 200505-06 - TCPDump improperly handles and decodes ISIS, BGP, LDP (CVE-2005-1279) and RSVP (CVE-2005-1280) packets. TCPDump might loop endlessly after receiving malformed packets. Versions less than 3.8.3-r2 are affected.
a2cf59b4e83e454badf30debfb23789a1f353e476a026ec94eebb61caf1cd136Gentoo Linux Security Advisory GLSA 200505-05 - The gzip and gunzip programs are vulnerable to a race condition when setting file permissions (CVE-2005-0988), as well as improper handling of filename restoration (CVE-2005-1228). The zgrep utility improperly sanitizes arguments, which may come from an untrusted source (CVE-2005-0758). Versions less than 1.3.5-r6 are affected.
bd30667e24319d75118ffff528625889ca28f3ba03b3c3934b3f15254e632bbeGentoo Linux Security Advisory GLSA 200505-04 - A vulnerability has been discovered in the record packet parsing in the GnuTLS library. Additionally, a flaw was also found in the RSA key export functionality. Versions less than 1.2.3 are affected.
4367f6f4f4a9cca17b42c22f96db7b4d5b8ccaeed30a7af93631a736be833653Gentoo Linux Security Advisory GLSA 200505-03 - Ethereal is vulnerable to numerous vulnerabilities potentially resulting in the execution of arbitrary code or abnormal termination. Versions less than 0.10.11 are affected.
a26776eb1c7835cbb35a709b2d1757ad42b522596f9b97def3ae1df077db3f43Gentoo Linux Security Advisory GLSA 200505-02 - A format string flaw has been detected in the my_xlog() function of the Oops! proxy, which is called by the passwd_mysql and passwd_pgsql module's auth() functions. Versions less than 1.5.24_pre20050503 are affected.
0f028926c2b6984017260ab49e64ba8baf626503c44ba96c4c6e14044bb240cbUbuntu Security Notice USN-114-1 - Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio. If an attacker tricked a user into loading a malicious PCX image with a KDE application, he could exploit this to execute arbitrary code with the privileges of the user opening the image.
5b672afe6bfe6eceaca93fc9e09ac4a32198dbf982c23ce5f1d0682d23231d01Ubuntu Security Notice USN-113-1 - Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with known content.
6526ce93a2477fd95b98489f0a9b55226a3bdb19f8544bd6fd8375ad35d3a71fMtp-Target versions 1.2.2 and below suffer from a format string vulnerability.
b533f39ee3339482cad277314807e4bb7605fbf83427483a58ca5319e4968a1fGentoo Linux Security Advisory GLSA 200505-01 - Cross-site scripting vulnerabilities have been discovered in various modules of the Horde Framework. Versions less than 2.2.2 are affected.
1baa308cfe8ce40a51237f494070d2c09f6593d59f8091ac488009da5579d136Secunia Security Advisory - Some vulnerabilities have been reported in NewLife Blogger, which can be exploited to conduct SQL injection attacks.
d55b04a2e77c79715e5c30eb2f0db67e04264680c11db2a7884f3e79a8661d6fSecunia Security Advisory - Soroush Dalili has reported a vulnerability in Hosting Controller, which can be exploited by malicious users to conduct SQL injection attacks.
b942f24500ef4964958bcd9ea233776d599bd309d03274e794f38bc8b5299cbfSecunia Security Advisory - Rapigator has reported a vulnerability in Invision Power Board, which can be exploited by malicious users to gain escalated privileges.
3c236d3d41fee4e5bb2d3db3f161aaba5e7c7ecf33f0b704b4501b2866b58a11Secunia Security Advisory - Dennis Elser has reported a vulnerability in PicoWebServer, which can be exploited by malicious people to compromise a vulnerable system.
7580af5656bc612ff2234a05a9c4d9e674bd6ec6aca9430261fa0bd2eb2cd188Secunia Security Advisory - A security issue has been reported in Fast n Furious DtDNS Updater, which may disclose sensitive information to malicious, local users.
aa167d72fad86440a626ecc3b61ad13ed6ac3f20e8b34a22a5b0752438ed6528Secunia Security Advisory - NTA-Monitor has reported a vulnerability in Nortel VPN Routers, which can be exploited by malicious people to cause a DoS (Denial of Service).
c685c69b7df081ea7d7c0f734da050813f61eeb2a59bf788fad059bc721e5c8fSecunia Security Advisory - Paulino Calderon has reported a vulnerability in Jaws, which can be exploited by malicious people to conduct cross-site scripting attacks.
9d36a8de5f0bbd401711a8aa270bc16ce335cd45277a0d94014cd499082b0d79Secunia Security Advisory - A vulnerability has been reported in NikoSoft WebMail, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.
fd53f2d366efc85f16676c09297f56181e7fbdec794c5dc8ef706f63e00d538aSecunia Security Advisory - Tim Morgan and Kevin Amorin have reported a vulnerability in Clam AntiVirus, which potentially can be exploited by malicious, local users to gain escalated privileges.
62a495dad89392846d99065ec7fba8a3da53c65707054971c932e8928679d965Secunia Security Advisory - A vulnerability has been reported in WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
a4fe639d9203891b1081fa299874a6c21e4d041b39b5406be6f7bd518d27b503Secunia Security Advisory - Piotr Bania has reported a vulnerability in SoftICE, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
9dbc906e445becdba54588aea73456af5e5560cd2fc2675f9b9faa92767866a9Secunia Security Advisory - James Bercegay has reported a vulnerability in PeerCast, which potentially can be exploited by malicious people to compromise a vulnerable system.
e8dbab318368e7026b13bb61f4cfe9a73d2485fdd51dc0891c0e7936e4ed0839
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed