dotclear version 1.2.2 and below suffer from a remote SQL injection flaw.
420ac553343837f9e66b25995423fc34b88ba28115063849dfae6069552f4f03Debian Security Advisory DSA 912-1 - Wernfried Haas discovered that centericq, a text-mode multi-protocol instant messenger client, can crash when it receives certain zero length packets and is directly connected to the Internet.
34bde91ed18d0ad5496b08c686733064e1b3adea3ce86a9b8c3c508d0ba33b81Gallery versions below 2.0.2 are susceptible to cross site scripting, arbitrary file viewing, and more.
2c5393607259ccfb2aa2a700aa8d219403e22be70086c84c95060151911f5edbApple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.
e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984aOpera 8.50 is susceptible to a denial of service condition via an applet.
935a51472ab3bd6c59b138c3c68c739c9d4623061a00d164c3b0f659f1aea147The Panda Antivirus Library is vulnerable to a heap overflow during decompression of ZOO files.
ea22e4e269fb66345e42e902825a2d91721aad2de4c5e442047261800048dc5fCisco Security Advisory - A vulnerability exists in CSA agents that can allow a privilege escalation through locally executed software, providing a normal user or attacker with local system level privileges on a Windows workstation or server running managed or standalone CSA 4.5.0 or 4.5.1 agents.
febe0c6b9274bd114b3212a125344054bb05edeadfb6cd8c69a40ebc7a6fcf7bDebian Security Advisory DSA 911-1 - Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library.
0d5ed830406babebe25083fcc93d593770fdad8eeeb5fd4497183b0f633f5597The Webmin miniserv.pl code suffers from a format string vulnerability.
97ebba960f457a58ad0e761322199ad5c6c0a070121c559a0100561ad97b67fcIt is possible to mount a denial of service attack against Windows 2000/2003 hosts where the SYN attack protection has been enabled.
5aff64df96ecc852c2daff2bb5ddea80c392c2a30780ca25b8aab68fefc3bfcbWebCalendar 1.0.1 is susceptible to SQL injection attacks.
23e27c95c7836fb9ed4b91fc3f6d56dabd8ce00e2c70c418b4563aabab3e4fb9PHP Web Statistik version 1.4 suffers from injection vulnerabilities.
1254628e2da8b1b1b6f411da297d1ea9e16f19f55e843ac8d21250c14532a6efAPC PowerChute Network Shutdown's web interface only supports HTTP, forcing credentials to be passed in the clear.
8885c9bf6f4b2c0fa09d301f83d4ae9733e49fd941dbcba894109c631117a434Google Talk Beta Messenger stores all credentials in clear text in the process memory.
77351e323ebc2b62b46a2bc7cd97d4de54156ea418e6b6aeaadbc17bf1698b51Gentoo Linux Security Advisory GLSA 200511-23 - Sven Tantau reported about a buffer overflow vulnerability in chmlib. The function _chm_decompress_block() does not properly perform boundary checking, resulting in a stack-based buffer overflow. Versions less than 0.37.4 are affected.
10a6863941e87eadffa30c1303d11e9570df290bbbbeb18eec9fbea63602217cGentoo Linux Security Advisory GLSA 200511-22 - Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file being opened is specially crafted. Versions less than 0.43 are affected.
a7669a0dd35190be7d3d5b83cb38276e22d7b4013be27e72517c71d8ee9ae345ktools versions 0.3 and below suffer from a buffer overflow vulnerability.
918ef9d4641780120c240699cc4f252ce1d302824630f5a0f13b19568aefca5dGentoo Linux Security Advisory GLSA 200511-21 - When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier stored in the SWF file which is used as an index to reference an array of function pointers. A specially crafted SWF file can cause this index to reference memory outside of the scope of the Macromedia Flash Player, which in turn can cause the Macromedia Flash Player to use unintended memory address(es) as function pointers. Versions less than 7.0.61 are affected.
7794dc431b1b1bc5fb9a5c00d3bcdf6e49016beb9a07d8735fa3b99fd90c66d4Secunia Research has discovered two boundary error vulnerabilities in various SpeedProject products, which can be exploited by malicious people to compromise a user's system.
40fcd4925c69b8512716ccb146a61281115a9d0d9c4924ad8db2a33fbfbe07b6Debian Security Advisory DSA 910-1 - A vulnerability has been discovered in zope 2.7, as Open Source web application server, that allows remote attackers to insert arbitrary files via include directives in reStructuredText functionality.
a625631b09773f257c81b3e4f2c444e8b57051762929bbda759db6e1af9c5268Mandriva Linux Security Advisory - Integer overflows in various applications in the binutils package may allow attackers to execute arbitrary code via a carefully crafted object file.
540de918934afc0fe9611a3320d8ad6d2edb153fd397148b8e79442f1afb750cDebian Security Advisory DSA 909-1 - Daniel Schreckling discovered that the MIME viewer in horde3, a web application suite, does not always sanitize its input leaving a possibility to force the return of malicious code that could be executed on the victim's machine.
2d43888a7680004331964aaed90cc0be49571ea724e23dcf3f8b74b8f0647243Debian Security Advisory DSA 908-1 - Colin Leroy discovered several buffer overflows in a number of importer routines in sylpheed-claws, an extended version of the Sylpheed mail client, that could lead to the execution of arbitrary code.
29d408151eb11090fb050627bb55902fc991f5c7420a64610b896162d6885fe8Debian Security Advisory DSA 907-1 - Akira Yoshiyama noticed that ipmenu, an cursel iptables/iproute2 GUI, creates a temporary file in an insecure fashion allowing a local attacker to overwrite arbitrary files utilising a symlink attack.
4cc891873340cf15ce5cf14c61cc397de1079521272b8a092b531faa709c0ab9Gentoo Linux Security Advisory GLSA 200511-20 - The Horde Team reported a potential XSS vulnerability. Horde fails to properly escape error messages which may lead to displaying unsanitized error messages via Notification_Listener::getMessage() Versions less than 2.2.9 are affected.
7ebef673b27c012b971fcbae4070ca3b871054fb16b88431d3559f21f4d41b6f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed