NetBSD Security Advisory 2005-001 - The Pentium CPU shares caches between HyperThreads. This permits a local process to gain a side-channel against cryptographic processes running on the other HyperThread. Testing for cached data can be accomplished by timing reads. Under some circumstances, this permits the spying process to extract bits of the key. This has been demonstrated against OpenSSL.
1b841f93dab7671b35f142bbbc58e744bd20646981c20572bd1835e0628b395cAn error in Microsoft Windows NTFS driver code causes the file system to incorrectly assign disk blocks to files before they have been initialized. Following a recovery from a system shutdown, uninitialized data may be visible in files from previously allocated disk blocks.
19a6813bec80b15a790ba4bf91503c452214f0dd11e222e2104658130b26d1f5Debian Security Advisory DSA 733-1 - Justin Rye discovered that crip, a terminal-based ripper, encoder and tagger tool, utilizes temporary files in an insecure fashion in its helper scripts.
eb99e39c5b9424f5d9cdb42cb81a156c69a61f9565b939d18a9e3c5e1a1d041cFreeBSD Security Advisory FreeBSD-SA-05:15 - Two problems have been discovered in the FreeBSD TCP stack. First, when a TCP packets containing a timestamp is received, inadequate checking of sequence numbers is performed, allowing an attacker to artificially increase the internal "recent" timestamp for a connection. Second, a TCP packet with the SYN flag set is accepted for established connections, allowing an attacker to overwrite certain TCP options.
30663ff4e4d6e6643116559b25a849f751e84dc20b68d90c0261a28842688ff7FreeBSD Security Advisory FreeBSD-SA-05:14 - Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions.
81c864494c3fb7c1777f84c50d2ea5e1bb96b674001417c3e3f9e573fb1005a0FreeBSD Security Advisory FreeBSD-SA-05:13 - The ipfw tables lookup code caches the result of the last query. The kernel may process multiple packets concurrently, performing several concurrent table lookups. Due to an insufficient locking, a cached result can become corrupted that could cause some addresses to be incorrectly matched against a lookup table.
6b7aa2a12074c968569303a922ef2f40cc26ef0aef04894d3fd3b9ebce0d5e08A flaw has been discovered in the third-party XML-RPC library included with Drupal. An attacker could execute arbitrary PHP code on a target site.
c23af80afccc28c6e386c2d9c57c08cb7dcd67c51b1bdbfd76ab901c28db1291Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed.
3cde9b7af7d34c526f434457021465af93437a68f76031f5ab71ab278732d190Soldier of Fortune II versions 1.02x and 1.03 suffer from a bug where a large client ID will crash the server.
8ddaa82d73fdc0f5738eb8b83782e62101712c849ad4142742b60c42b8d9948dTechnical Cyber Security Alert TA05-180A - The VERITAS Backup Exec Remote Agent for Windows contains a buffer overflow that may allow an unauthenticated, remote attacker to compromise a system and execute arbitrary code with administrative privileges.
eaac8acdce7b92b8ead88d0bfef9700c835095ef8bb557efd10b66541593117eSerendipity version 0.8.2 and below suffer from a remote command execution flaw.
2a4ee8e7ada42a56b8aed38fe317912c764aad12ca30260dd372fba5c27cd442Cisco Security Advisory - Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.
7a0b623fec59b13f3dec999eb730c1223315a71bc5bc62293b4b742f42a009eeiDEFENSE Security Advisory 06.29.05-2 - Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The vulnerability specifically exists due to improper behavior during exceptional conditions.
6f82f5a9d5aed250a0160bb6d9ffa7df155d91e9930691c922a15d570a55ad36iDEFENSE Security Advisory 06.29.05-1 - Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition. The cabinet file format is a Microsoft archive format used for distributing Microsoft software. The vulnerability specifically exists due to insufficient validation on cabinet file header data. Versions below 0.86 are vulnerable.
9239cca4d7dad988a5e239ca3b6875dec49832bee391c6ca9f2440684a7fb63bGentoo Linux Security Advisory GLSA 200506-24 - It has been reported that the getterminaltype function of Heimdal's telnetd server is vulnerable to buffer overflows. Versions less than 0.6.5 are affected.
8e702bc904b1100eb9c2188886fc6c79e3c64561199e48ade9e79f194a87619eUbuntu Security Notice USN-146-1 - Nobuhiro IMAI discovered that the changed default value of the Module#public_instance_methods() method broke the security protection of XMLRPC server handlers. A remote attacker could exploit this to execute arbitrary commands on an XMLRPC server.
9a01c06f07b7a6790057fbdc7b2db4db082ec300bd7883e13b24bb2ecadad95cphpBB versions 2.0.15 and below suffer from a code injection bug.
e63c27994d926ee62e1c03f0e7bd1e6fea2f6e0145830a3405271c8bdd821969Raritan console servers come with two unpassworded accounts. Vendor has confirmed these versions are vulnerable: DSX16, DSX32, DSX4, DSX8, DSXA-48 (MIPS and Intel).
a63dcd7bd7ce637bcc43dbf76f25c87cfd83a34f77d282079809573e2cc872f5Secunia Security Advisory - A vulnerability has been reported in Serendipity, which can be exploited by malicious people to compromise a vulnerable system.
752cf7474bcc4eeea70676f4d08e14d5be18cbd861469815084b02a1128a7515Secunia Security Advisory - Secunia Research has discovered a security issue in Adobe Reader for Linux, which can be exploited by malicious, local users to gain knowledge of sensitive information.
17a86c88f193252e1858c78cde8bc43f6cbdd709eab8429a23a9ca34162c9572Secunia Security Advisory - A vulnerability has been reported in phpMyFAQ, which can be exploited by malicious people to compromise a vulnerable system.
42f609ce3692d089d52b87fb28683f47030fd1269c93651ebcc2d508a9e10004Secunia Security Advisory - Park Gyu Tae has reported a vulnerability in NateOn Messenger, which can be exploited by malicious users to disclose system information.
724b7ff7741d266709ae3e96e74b86b5e5ad7a882c69418f937e9db5a0df6620Secunia Security Advisory - Nortel Networks has acknowledged an old vulnerability in Communication Server 1000 (CS1000), which can be exploited by malicious people to cause a DoS (Denial of Service).
d11e9a90eb43e73931b116294f2fea1b5709927248958356626f5a79005dd05aSecunia Security Advisory - James Bercegay has reported some vulnerabilities in Wordpress, which can be exploited by malicious people to manipulate mail messages, conduct cross-site scripting and SQL injection attacks, and by malicious users to compromise a vulnerable system.
06951da128192304c6c8f1c79b25798a71ff882d176c4e121efce27ac18f2f45Secunia Security Advisory - Przemyslaw Frasunek has reported a vulnerability in Solaris, which can be exploited by malicious, local users to gain escalated privileges.
0eb7561ea97d5702173b76e88e758e63bfa51848ab2b287782753baa54d6ad5d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed