iDEFENSE Security Advisory 06.23.05-3 - Remote exploitation of a denial of service condition in Veritas Software Corp.'s Backup Exec allows attackers to crash the vulnerable service.
0a9c433c89e531d25308929e144ba32635a04db53a759bc07bad31834203b95fiDEFENSE Security Advisory 06.23.05-2 - Exploitation of a buffer overflow vulnerability in Veritas Software Corp.'s Backup Exec allows remote attackers to execute arbitrary code. Veritas Backup Exec uses the standard NMDP protocol to communicate with the listening agents. The vulnerability specifically exists because of improper handling of request packets with an unexpected Error Status value.
34c571e007340cd8773d461ea89bbddc2583feac6bc71d7d8bc24b3d3f6939abiDEFENSE Security Advisory 06.23.05-1 - Exploitation of a buffer overflow vulnerability in Veritas Software Corp.'s Backup Exec allows remote attackers to execute arbitrary code. Veritas Backup Exec uses the standard NMDP protocol to communicate with the listening agents. The NMDP protocol allows multiple authentication types, including support for Windows user credentials. The vulnerability specifically exists because of insufficient input validation on CONNECT_CLIENT_AUTH requests.
7e933c29fc49623bd4988caa2ab27aaf3de8ced4a8dcaa75b645a887c3a92529eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. This specific flaw exists within the vidplin.dll file used by RealPlayer. By specially crafting a malformed .avi movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. This vulnerability can be trigger when a user views a webpage, or opens an .avi file via email, instant messenger, or other common file transfer programs.
847a8e37f9bd046455e0c8e37d152a9ed8be41d8c966b8aced5ac3d1b07ef988Gentoo Linux Security Advisory GLSA 200506-22 - The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of an internal check to be clobbered, leaving sudo vulnerable to a race condition. Versions less than 1.6.8_p9 are affected.
956caac77ca19fcbed67f3307b2e1888a5cfc98178b69387908bec83c22150f3Secunia Security Advisory - Sun has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
2c79d6297dee6c99845926558f29e68ede2cfcd30b3323a4cf1ac0c13b424798Secunia Security Advisory - Elzar Stuffenbach has reported two vulnerabilities in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
0690fac6ae1870b6e2ccaa06cf72cd35c2c9037bec00c58bf3bce5392cd00511Secunia Security Advisory - James has reported a vulnerability in Simple Machines, which can be exploited by malicious people to conduct SQL injection attacks.
cefc153dfd02f993f49fb711a45e2d7b445720fe6704bd1d15ad76eda201aa62Secunia Security Advisory - SGI has acknowledged a vulnerability in IRIX, which can be exploited by malicious people to compromise a vulnerable system.
4ea34ef44b3a59e40bf864693791767592303c7d6e0cfe32c49397af362eca71Secunia Security Advisory - Two vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the other can be exploited by malicious, local users to cause a DoS (Denial of Service).
14e0309e3c71683cd933a14d76ddb237d636e6716bc880cc1c1b79cf035c1eb3Secunia Security Advisory - Multiple vulnerabilities have been reported in VERITAS Backup Exec for Windows and NetWare, which can be exploited by malicious users to gain escalated privileges, or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
f00b7fabe22b59cf9fc63e982275ca337adc3beeab326ebd40e9ac3e9023736eSecunia Security Advisory - A security issue has been reported in HP Version Control Repository Manager (VCRM), which may disclose the proxy server password to malicious people.
903a5b4e6d31cc21f53113953988bc3895203ad8a9cf18863b4c29e3a636359cSecunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUpaypal Pro, which can be exploited by malicious people to conduct SQL injection attacks.
5e41b9773abaae34e5c4088ba2c28cc215f89d8681a589dfa5faf398d8e244f7Secunia Security Advisory - 1dt.w0lf and foster have reported some vulnerabilities in Forum Russian Board, which can be exploited by malicious people to conduct cross-site scripting, script insertion and SQL injection attacks.
62a45f67637a77bcd7b148fbcbe21ea7219dcebbdc28acf67df261039f3bf99bSecunia Security Advisory - Wade Alcorn has reported a vulnerability in Asterisk, which can be exploited by malicious users to compromise a vulnerable system.
4467fa10f743c2fceb5185de140bb0687f4d4e9433c02edd166ba512316163c2Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes multiple vulnerabilities, which can be exploited to gain knowledge of sensitive information, gain escalated privileges, cause a DoS (Denial of Service), overwrite arbitrary files, or to compromise a vulnerable system.
b2e8e4ee489365d108a5d6fd73064f25d77569ec057319bbbf1719093f478a86Secunia Security Advisory - A vulnerability has been reported in VERITAS NetBackup for NetWare Media Servers, which can be exploited by malicious people to cause a DoS (Denial of Service).
f0ad6744e6f533501bd259806a1482e651ebc1df7e0527321401be1cc2040aaeSecunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, conduct directory traversal attacks, extract files to arbitrary directories, or potentially compromise a user's system.
178fb2aefe03ff62fdeecc5afa3f1452502cc205a817b310e9691942ca31ddf7Secunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUamazon Pro, which can be exploited by malicious people to conduct SQL injection attacks.
96868ec133f465a60840cf698278abf670328f45bc0d47cd89f7009ac0e7c64aSecunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUforum, which can be exploited by malicious people to conduct SQL injection attacks.
a3208f67dc50856428f0dc0bc572fd0e410ce54040384d41e4729e5e5f8a40d0Secunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUclassmate, which can be exploited by malicious people to conduct SQL injection attacks.
a2fc219d343bdcdd4f989239bafab09f74cae6cb74e69e0496144303da195c7cSecunia Security Advisory - Secunia Research has discovered a vulnerability in Ipswitch WhatsUp Professional, which can be exploited by malicious people to conduct SQL injection attacks.
7ccc3706d0318636da9a1e700005f7c3e47bb97c695f3cfbf8eb3e8fad557911iDEFENSE Security Advisory 06.22.05-4 - Remote exploitation of a SQL injection vulnerability in IpSwitch Inc.'s WhatsUp Professional 2005 Service Pack 1 could allow a remote attacker to gain administrative access to the application.
6c6767bf836656fe30675b99b71054b7cb6756a771baffbeab51e764a85a2176Gentoo Linux Security Advisory GLSA 200506-21 - Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the id parameter when uploading attachments to the wiki or the bug tracking system. Versions less than 0.8.4 are affected.
0f97ceea0be29a1d8e8d37d870a649c8ee040223a44282a32264d12ce1ba154cA programming error exists in the function that parses commands in the Asterisk 1.0.7 system. This is used by the manager interface if the user is allowed to submit CLI commands. The coding error can result in the overflow of one of the parameters of the calling function.
1a50a0056a74c27fb6eb2b5b5d0116c261912d86824d5d8e0a21b4a8acf36b39
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed