iDEFENSE Security Advisory 06.23.05-3 - Remote exploitation of a denial of service condition in Veritas Software Corp.'s Backup Exec allows attackers to crash the vulnerable service.
0a9c433c89e531d25308929e144ba32635a04db53a759bc07bad31834203b95f
iDEFENSE Security Advisory 06.23.05-2 - Exploitation of a buffer overflow vulnerability in Veritas Software Corp.'s Backup Exec allows remote attackers to execute arbitrary code. Veritas Backup Exec uses the standard NMDP protocol to communicate with the listening agents. The vulnerability specifically exists because of improper handling of request packets with an unexpected Error Status value.
34c571e007340cd8773d461ea89bbddc2583feac6bc71d7d8bc24b3d3f6939ab
iDEFENSE Security Advisory 06.23.05-1 - Exploitation of a buffer overflow vulnerability in Veritas Software Corp.'s Backup Exec allows remote attackers to execute arbitrary code. Veritas Backup Exec uses the standard NMDP protocol to communicate with the listening agents. The NMDP protocol allows multiple authentication types, including support for Windows user credentials. The vulnerability specifically exists because of insufficient input validation on CONNECT_CLIENT_AUTH requests.
7e933c29fc49623bd4988caa2ab27aaf3de8ced4a8dcaa75b645a887c3a92529
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. This specific flaw exists within the vidplin.dll file used by RealPlayer. By specially crafting a malformed .avi movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. This vulnerability can be trigger when a user views a webpage, or opens an .avi file via email, instant messenger, or other common file transfer programs.
847a8e37f9bd046455e0c8e37d152a9ed8be41d8c966b8aced5ac3d1b07ef988
Gentoo Linux Security Advisory GLSA 200506-22 - The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of an internal check to be clobbered, leaving sudo vulnerable to a race condition. Versions less than 1.6.8_p9 are affected.
956caac77ca19fcbed67f3307b2e1888a5cfc98178b69387908bec83c22150f3
Secunia Security Advisory - Sun has acknowledged two vulnerabilities in Solaris, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.
2c79d6297dee6c99845926558f29e68ede2cfcd30b3323a4cf1ac0c13b424798
Secunia Security Advisory - Elzar Stuffenbach has reported two vulnerabilities in Whois.Cart, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
0690fac6ae1870b6e2ccaa06cf72cd35c2c9037bec00c58bf3bce5392cd00511
Secunia Security Advisory - James has reported a vulnerability in Simple Machines, which can be exploited by malicious people to conduct SQL injection attacks.
cefc153dfd02f993f49fb711a45e2d7b445720fe6704bd1d15ad76eda201aa62
Secunia Security Advisory - SGI has acknowledged a vulnerability in IRIX, which can be exploited by malicious people to compromise a vulnerable system.
4ea34ef44b3a59e40bf864693791767592303c7d6e0cfe32c49397af362eca71
Secunia Security Advisory - Two vulnerabilities have been reported in the Linux kernel. One has an unknown impact, and the other can be exploited by malicious, local users to cause a DoS (Denial of Service).
14e0309e3c71683cd933a14d76ddb237d636e6716bc880cc1c1b79cf035c1eb3
Secunia Security Advisory - Multiple vulnerabilities have been reported in VERITAS Backup Exec for Windows and NetWare, which can be exploited by malicious users to gain escalated privileges, or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
f00b7fabe22b59cf9fc63e982275ca337adc3beeab326ebd40e9ac3e9023736e
Secunia Security Advisory - A security issue has been reported in HP Version Control Repository Manager (VCRM), which may disclose the proxy server password to malicious people.
903a5b4e6d31cc21f53113953988bc3895203ad8a9cf18863b4c29e3a636359c
Secunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUpaypal Pro, which can be exploited by malicious people to conduct SQL injection attacks.
5e41b9773abaae34e5c4088ba2c28cc215f89d8681a589dfa5faf398d8e244f7
Secunia Security Advisory - 1dt.w0lf and foster have reported some vulnerabilities in Forum Russian Board, which can be exploited by malicious people to conduct cross-site scripting, script insertion and SQL injection attacks.
62a45f67637a77bcd7b148fbcbe21ea7219dcebbdc28acf67df261039f3bf99b
Secunia Security Advisory - Wade Alcorn has reported a vulnerability in Asterisk, which can be exploited by malicious users to compromise a vulnerable system.
4467fa10f743c2fceb5185de140bb0687f4d4e9433c02edd166ba512316163c2
Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes multiple vulnerabilities, which can be exploited to gain knowledge of sensitive information, gain escalated privileges, cause a DoS (Denial of Service), overwrite arbitrary files, or to compromise a vulnerable system.
b2e8e4ee489365d108a5d6fd73064f25d77569ec057319bbbf1719093f478a86
Secunia Security Advisory - A vulnerability has been reported in VERITAS NetBackup for NetWare Media Servers, which can be exploited by malicious people to cause a DoS (Denial of Service).
f0ad6744e6f533501bd259806a1482e651ebc1df7e0527321401be1cc2040aae
Secunia Security Advisory - SGI has issued a patch for SGI Advanced Linux Environment. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, conduct directory traversal attacks, extract files to arbitrary directories, or potentially compromise a user's system.
178fb2aefe03ff62fdeecc5afa3f1452502cc205a817b310e9691942ca31ddf7
Secunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUamazon Pro, which can be exploited by malicious people to conduct SQL injection attacks.
96868ec133f465a60840cf698278abf670328f45bc0d47cd89f7009ac0e7c64a
Secunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUforum, which can be exploited by malicious people to conduct SQL injection attacks.
a3208f67dc50856428f0dc0bc572fd0e410ce54040384d41e4729e5e5f8a40d0
Secunia Security Advisory - Dedi Dwianto has reported some vulnerabilities in DUclassmate, which can be exploited by malicious people to conduct SQL injection attacks.
a2fc219d343bdcdd4f989239bafab09f74cae6cb74e69e0496144303da195c7c
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Ipswitch WhatsUp Professional, which can be exploited by malicious people to conduct SQL injection attacks.
7ccc3706d0318636da9a1e700005f7c3e47bb97c695f3cfbf8eb3e8fad557911
iDEFENSE Security Advisory 06.22.05-4 - Remote exploitation of a SQL injection vulnerability in IpSwitch Inc.'s WhatsUp Professional 2005 Service Pack 1 could allow a remote attacker to gain administrative access to the application.
6c6767bf836656fe30675b99b71054b7cb6756a771baffbeab51e764a85a2176
Gentoo Linux Security Advisory GLSA 200506-21 - Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the id parameter when uploading attachments to the wiki or the bug tracking system. Versions less than 0.8.4 are affected.
0f97ceea0be29a1d8e8d37d870a649c8ee040223a44282a32264d12ce1ba154c
A programming error exists in the function that parses commands in the Asterisk 1.0.7 system. This is used by the manager interface if the user is allowed to submit CLI commands. The coding error can result in the overflow of one of the parameters of the calling function.
1a50a0056a74c27fb6eb2b5b5d0116c261912d86824d5d8e0a21b4a8acf36b39