Trustix Secure Linux Security Advisory #2005-0059 - Multiple vulnerabilities in apache, lynx, mod_php4, openssl, php4, php, squid, texinfo, and wget.
b4197c01fe5f684fdb98b3e5b534d68a67f885d006e32bc2b7bb8fef99c8c5f0Hardened-PHP Project Security Advisory - And audit of phpMyAdmin revealed a design flaw in the way phpMyAdmin includes it's register_globals compatibility layer, that allows inclusion of arbitrary local files, which usually leads to remote code execution.
07c39621998dfc6ec31c6e8cee28b68e1549bc5e4f8dd5cf117ed955de7ddbc5Gentoo Linux Security Advisory GLSA 200510-21 - Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grab_globals.lib.php security model and overwrite the $cfg configuration array. Systems running PHP in safe mode are not affected. Furthermore, Tobias Klein reported several cross-site-scripting issues resulting from insufficient user input sanitizing. Versions less than 2.6.4_p3 are affected.
bdc34b73151d595048e983ee59c1ac6b53aeef0310b18852111bdc00a67958ecGentoo Linux Security Advisory GLSA 200510-20 - Zope honors file inclusion directives in RestructuredText objects by default. Versions less than 2.7.8 are affected.
fa3508d05860a34beb4eaf6ad27147ade6dd88c2ba2ef0d5255a87e4300bf526Gentoo Linux Security Advisory GLSA 200510-19 - iDEFENSE reported that insufficient bounds checking on a memcpy() of the supplied NTLM username can result in a stack overflow. Versions less than 7.15.0 are affected.
b403869cb001836a2a8f8c3b58aa4ab7d808f737aa05a63af0cbcdbbd522b133BMC's Control M enterprise scheduling facility creates temporary files insecurely.
10159e46cbab518398523ed1786a87cbc0d512a8f648293114d56d7015f86202[KAPDA::#8] Domain Manager Pro Vulnerability - A remote user can conduct cross-site scripting attacks.The 'panel' script does not properly validate user-supplied input at the 'err' parameter.So remote user can inject html script to fake login form and steal admin's password.
884d2c7cab6a1fb8491aefd45b26685f951bc1ff50e09b9c0295fdebbf165705aRCHILLES Newsworld versions less than 1.5.0-rc1 suffer from multiple vulnerabilities including login bypass and information disclosure. POC and workarounds included.
9227656086e77f731c91ef4311c8666b9482d7c9442c448649307de93e6d155cF.E.A.R. (First Encounter Assault and Recon) 1.01 is still vulnerable to a bug discovered in December 2004.
1bd561f56fa4976f859ecef647720e1eb9ae93c82482cbb22ccd4ed2d2c48187Nuked klan 1.7 suffers from multiple XSS vulnerabilities.
007b2b8e0fea92b9aae3119a716f437e8d9879ce0387de9d16846c550ce487a8SEC-CONSULT Security Advisory 20051021-0 - Since april 2005 SEC-Consult has found 5+ serious vulnerabilities within Yahoo's webmail systems. All of them have been fixed in the production environment. Nevertheless SEC-Consult believes that input-validation thru blacklists can just be a temporary solution to problems like this. From our point of view there are many other applications vulnerable to this special type of problem where vulnerabilities of clients and servers can be combined.
7a64cb8ab3b8e5a8f4156e727abc3f37614cab2407e89b76e8fa54c19d9a2919SNS Advisory No.85 - Software XOOPS for building community websites contains multiple cross-site scripting vulnerabilities.
42ef2f7b204282e9348d3748062f73c7a8d9049e88f398ad78a5f593de24a6d8SNS Advisory 84 - Oracle Application Server has vulnerabilities of HTTP Response Splitting. This makes possible to represent an unreal content as if it is real or to cause Cross Site Scripting attacks.
d2593262db3bce5fcc290a10c71016c69956f1b4127c661c1b9c404cf7abd8d5SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Openserver backupsh. The backupsh utility is a standard binary distributed with Openserver 5.0.7 and earlier.
05597ecea3d8a0bd926b0282d3c7164ffc0d5a812b5296d3da2b44ba717b8f45SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Unixware ppp prompt. Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges.
52844b9a3101e4ce8cadab981c41468ce7e578544ae531927abae4e4d937634biDEFENSE Security Advisory 10.20.05 - Local exploitation of a design error in the DiskMountNotify component of Symantec Corp.'s Norton Antivirus 9.0 for Macintosh may allow a user to gain elevated privileges. The vulnerability specifically exists in failing to specify an explicit PATH for the "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/DiskMountNotify.app/Contents/MacOS/DiskMountNotify" binary.
ebecbb36ea10c4ab83e03fc878e06f2189ffdd7121fc3cc14da3f15fa860cb0aiDEFENSE Security Advisory 10.20.05 - Local exploitation of a design error in the LiveUpdate component of Symantec Corp.'s Norton Antivirus 9.0 for Macintosh may allow a user to gain elevated privileges.
e72e0eb45f151aca7593af2915144cd93a7044b126e87bd6a8c95dd626e2649bSecunia Security Advisory - Some vulnerabilities have been reported in Mantis, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
984383cb421f6ccc88debbc3effe23d50a2f4c813b2109e8256b605222bee8caSecunia Security Advisory - Lostmon has reported some vulnerabilities in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks.
7813a1bb45483efb82a4beeea157e1e4712a362555b9703db218839e78e87797Secunia Security Advisory - Debian has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
f3dcfa0b2e2c44da5fe7a3c3230d5da81f06c0df070029a412480997de7dfa79Secunia Security Advisory - Steve Kemp has reported two vulnerabilities in GNOME-DB libgda, which potentially can be exploited by malicious people to compromise a user's system.
784ed426b2a20fd88333e7e13e598e99aef92184ede969415d15c8abd89ba3a6Secunia Security Advisory - Sven Tantau has reported a vulnerability in CHM Lib (chmlib), which potentially can be exploited by malicious people to compromise a user's system.
d1e5397d7a5037f693318cd1593ce85656f991647c895a98748375b7aa278ee4Secunia Security Advisory - Red Hat has issued an update for ethereal. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1afcc5ea7c95bfa6218a9f5f430fbe16097ad6e4452bf9207adca05b8530a4adSecunia Security Advisory - Francesco aScii Ongaro has discovered a vulnerability in PHP iCalendar, which can be exploited by malicious people to compromise a vulnerable system.
22354fbd1b4ed30e79a706a3378a1d1594bf495433d59b32a509b1336a1ad0b8Secunia Security Advisory - Daniel Fabian has discovered a vulnerability in Snoopy, which can be exploited by malicious people to compromise a vulnerable system.
9a0237dbfdcab60f26953b5153a546608d7cb40a910d17da10405cc0b8864f44
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed