It is possible to crash Ventrilo 2.3.0 by sending a malformed status packet.
6cb018997e473aaa91fd732430eed0e401f4cd1feee78f164f7540daf14e6263Secunia Security Advisory - Phuket has discovered some vulnerabilities in PHPKit, which can be exploited by malicious people to conduct SQL injection attacks.
d82f266f336a74620fb5e0beb194c3a5184abbbc6196aca3831ddab467dc340bSecunia Security Advisory - Ubuntu has issued an update for libpcre3. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
ff26acd3f887f68ec0a47bcc150cfaf7e28cf56ecefd9c186d683ce6fe3af904Secunia Security Advisory - Red Hat has issued an update for elm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
3e08750339bfda75bf38c6c8de95a2442dfb29828bcaf345f66061158c428530A buffer overflow has been discovered in the PCRE, a widely used library that provides Perl compatible regular expressions. Specially crafted regular expressions triggered a buffer overflow. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library.
90dedc2182e9f13fe60b58ffaaf6d0166a5497e077ce7855d8e3d7e2c6b8fd3bGentoo Linux Security Advisory GLSA 200508-12 - Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers (CVE-2005-2549). He also discovered that Evolution fails to handle special calendar entries if the user switches to the Calendars tab (CVE-2005-2550). Versions less than 2.2.3-r3 are affected.
c3c0a5ca715423ba57ad0ed3bb8e8b0cddf7444a0020c4349015ede584102d19Javier Fernandez-Sanguino Pena noticed that the pwmconfig script created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges since pwmconfig is usually executed by root.
376f85a08e46d04bd581a85bbc2d275ce2e2f13f3f55865875c59d8ef2fb241fDebian Security Advisory DSA 782-1 - Due to missing input sanitization in the bluez-utils package, it is possible for an attacker to execute arbitrary commands supplied as the device name from the remote device.
fb543879e70119f5254b5ca8165f6a8b1c313acc9fee8d0bba01a49d6da69e9cdsidentity on Apple OS X 10.4 allows any user on the system to add accounts to Directory Services.
9a589fe2fcf5a4e2c8797a0b1bd8fe9ec95ad4366d0ccffadf8656195041becdDuring a recent internal audit, CA discovered several vulnerability issues in the CA Message Queuing (CAM / CAFT) software. CA has made patches available for all affected users. These vulnerabilities affect all versions of the CA Message Queuing software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on the platforms specified below.
d5bbb6c6ef69369d57bffbc7b601ba4afb4ce1009bb13cdc9ffd06f706f43207Cisco Security Advisory: Cisco Intrusion Prevention Systems (IPS) are a family of network security devices that provide network based threat prevention services. A user with OPERATOR or VIEWER access privileges may be able to exploit a vulnerability in the command line processing (CLI) logic to gain full administrative control of the IPS device. Vulnerable Products: Cisco Intrusion Prevention System version 5.0(1) and 5.0(2).
4c94afaddf19c9eb20203fe958a6da48230347365872adb7c394201d86b31f03Cisco Security Advisory: A malicious attacker may be able to spoof a Cisco Intrusion Detection Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a vulnerability in the SSL certificate checking functionality in IDSMC and Secmon. Vulnerable Products: IDSMC version 2.0 and version 2.1. CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) version 1.1 through version 2.0 and version 2.1.
a5385d17f8941372698a734b6a53fcd1a3048bb8c2bcf8f5600a8287611824d4It is possible to remotely spoof the Microsoft Internet Information Server 5.0, 5.1 and 6.0 SERVER_NAME variable by doing a modified HTTP request. This allows for the revealing of sensitive ASP code through the IIS 500-100.asp error page.
9265062b769c12c9797d72a61a3d47995803db86c2d1079cb92eaf33f0bc6113Traceroute and ping suffer from buffer overflows and a user spoofing vulnerability exists in Mac OS X versions up to 10.3.9 and 10.4.2.
ee042c25fc12d8e97cbd7e655a28d07129f44192331cb3d7682b49791c571b91Debian Security Advisory DSA 780-1 - A bug has been discovered in the font handling code in xpdf, which is also present in kpdf, the PDF viewer for KDE. A specially crafted PDF file could cause infinite resource consumption, in terms of both CPU and disk space.
ce6384e72221bfe424ed552304717cf159ac00f8e1405d6926e72bc9d892ac06Debian Security Advisory DSA 779-1 - Several problems have been discovered in Mozilla Firefox, a lightweight web browser based on Mozilla.
509c3a848c567a6d3fa6ef5cceee0837f1aca869dc269e3704521d3917a85261Elm versions 2.5 PL5 through PL7 suffer from a remotely exploitable buffer overflow when parsing the Expires header of an e-mail message. Patch Included.
a0048706263ba22986c98fc1ac407ea2c9fe958fe2e09c38222c4cd1ea0a4505End users can bypass the mandatory installation of the Cisco Clean Access Agent by changing the User-Agent string of their browser. This allows them to connect to the network without the host-based checks being run. If configured, remote checks are still run. Versions affected: This works in at least 3.5.3.1 and 3.5.4.
dfbfb8c209ba68e8a2cde2af75fd0af1b5df01de4618948be2c9d2437020a94bUbuntu Security Notice USN-170-1 - Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called 'quick scan'; this can quickly check whether the key that is used for decryption is (probably) the right one, so that wrong keys can be determined quickly without decrypting the whole message.
316285c5e7f8da83ca9ff2f4241d200e0ee398d878390031e94125fecbe5ba34Debian Security Advisory DSA 778-1 - Two security related problems have been discovered in Mantis, a web-based bug tracking system. The bugs related to arbitrary HTML and SQL injection flaws.
66399fa36baef0dcd20bb6617eaab029be6ba7317c605800b6806bbc09cceee5Gentoo Linux Security Advisory GLSA 200508-11 - A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Versions less than 7.0.1.1 are affected.
800cdc7844284ff08d581c460b2eb7a0d29fe49cbfecaface8aca3efbd6d6a37Ubuntu Security Notice USN-169-1 - Ubuntu has released a kernel update for over a half dozen vulnerabilities in linux-source-2.6.10.
5cd2d578e4b7d2e227646dbfc111a595499f5221319dc24028ffa0c15ec23991Gentoo Linux Security Advisory GLSA 200508-10 - Kismet is vulnerable to a heap overflow when handling pcap captures and to an integer underflow in the CDP protocol dissector. Versions less than 2005.08.1 are affected.
0e3fa2762fdbc60f882db944357ae0a917d405f887d5a1d29def503aefb9f148Secunia Security Advisory - Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to write files to arbitrary directories.
811f38e7e422bc3f7ecfef6f11b8c129189a96ac25d6449e4c9638372b0b9f43Secunia Security Advisory - Roger Dingledine has reported a vulnerability in Tor, which potentially can be exploited by malicious people to disclose or modify certain sensitive information.
7b99e1119b2ee39d8b01982687d8c6519b86d35d4f6a622fef47cac19b6012ab
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed