Sony's Instant Video Everywhere Service is susceptible to a replay attack due to passing credentials over an insecure connection.
e411ec2ce0ca7bfaff8b07af72e19f12795d3e954c3ab8a63ed6f90810b8e1d0Mandriva Linux Security Advisory - newbug discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges.
63337b10e654694bdf95adae6bbbc6d53c122f70a7b8bc340fb5146e29276a61Electric Sheep version 2.6.3 suffers from a stack overflow in the windows-id parameter. Note that it is not setuid by default.
637e767deb9f57a0e6465433adc14495207554e9f117a7669575c6eaa7b3f610Electric Sheep version 2.6.3 suffers from network related vulnerabilities due to libcurl issues.
5ddfb3f618c3702bf4ddd8b34b5e16e3b176e0879d1427707009924438082225Max Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and non-trusted users on that system have access which is not protected by rssh (i.e. they have full shell access), then they can use rssh_chroot_helper to chroot to arbitrary locations in the file system, and thereby gain root access. Versions of rssh below 2.3.0 are affected.
e0400de36fd827a4ed316391ce7f793e1db1e6ed15f917f0dbbe692281d94f10Secunia Research has discovered a vulnerability in TUGZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling an ARJ archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows arbitrary code execution when a malicious ARJ file is opened. The vulnerability has been confirmed in version 3.4.0.0. Other versions may also be affected.
90fe454dcc4e972332b2273b3e29b2723f41e8dc0a3162a8d3b8c341ab5f210fLotus Notes uses the same vulnerable shimgvw.dll graphics rendering engine file implicated in the Microsoft WMF file handling vulnerability.
29b636686315c58735d0610c7bca6c8b5cc3272d4a75f859ecf334370e5f21e7Gentoo Linux Security Advisory GLSA 200512-18 - Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for IA32 used the DT_RPATH field insecurely, causing the dynamic loader to search for shared libraries in potentially untrusted directories. Versions less than 1.70-r1 are affected.
5419778abf1281f4d52f3a5a7ad6287dc73c3a659653c6a61a9bc863212e11e0Hardened-PHP Project Security Advisory - TinyMCE Compressor versions 1.0.5 and below suffer from an unchecked user input vulnerability that can allow for cross site scripting and disclosure of arbitrary files.
5ba9a1a6b5a7b435020260334850fe74a866e04070aad02a7a81f636e1114fd9Gentoo Linux Security Advisory GLSA 200512-17 - Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates command-line parameters to a scp or rsync command. Versions less than 4.2 are affected.
7d3b8b8e673a150ac59bf9f575a2aa0f0761ff52bc5581fff2170616a3a2b959Debian Security Advisory DSA 927-2 - The last update of tkdiff contained a programming error which is fixed by this version. The Debian Security Audit project discovered that tkdiff, a graphical side by side "diff" utility, creates temporary files in an insecure fashion.
04ddb92216231252d15a068f89a4eb20ca1ed709cdfa916c563a4426b39cca12Technical Cyber Security Alert TA05-362A - Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the the Windows operating system may be at risk as well.
f6f83f4c62f88b1b8f28ccf5bd55c11ca01db6be417a1c42f07ba65cd3f93cf3Secunia Security Advisory - Secunia Research has discovered a vulnerability in TUGZip, which can be exploited by malicious people to compromise a user's system.
b364b860ef94f4949037e0bc2690db50dbda522bd90bdcff53afb6fb0b4c37b8Secunia Security Advisory - Lostmon has discovered a vulnerability in GFHost and GmailSite, which can be exploited by malicious people to disclose sensitive information.
03ad6b9ec14ae394f2b2e45bfeaa50b730247ebb8be004af5ed4b300911b66a8Secunia Security Advisory - David Maciejak has reported a vulnerability in NetScreen Security Manager (NSM) which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
cc0fb1d2d09125311a007192e3db1a440c9e8c3147d0094bf3adf90b00c3cc08Secunia Security Advisory - nelchael has discovered a vulnerability in XnView / NView, which can be exploited by malicious, local users to gain escalated privileges.
0910edea1b1a3987212f8af085e5818c07a58f29987fb298e6aafd0a356bacecSecunia Security Advisory - Gentoo has issued an update for scponly. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, or by malicious users to bypass certain security restrictions.
a85b098896fd9bb1414816f406e86c057578391c80fa96f72c6ee399744e1546Secunia Security Advisory - Gentoo has issued an update for xnview. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
2835d900d4c357c1a600aeaa1f398b3730519da06a89681999ee48ebbf634203Secunia Security Advisory - r0t has discovered a vulnerability in iPei Guestbook, which can be exploited by malicious people to conduct script insertion attacks.
2a3b947e21d7c3bfc805f9353049eb2dd00d4fe64a327dd6782c5d5df8f640a7Secunia Security Advisory - r0t has discovered a vulnerability in OOApp Guestbook, which can be exploited by malicious people to conduct cross-site scripting attacks.
03132cc79d10d09ab8d54187d07fbe788e90b9e070a73a20d5908fbbf685311bSecunia Security Advisory - r0t has discovered a vulnerability in AdesGuestbook, which can be exploited by malicious people to conduct cross-site scripting attacks.
7b741ba64e7c71da1e97a8610dd1b2431662cb95f492235e1910d99931222cceSecunia Security Advisory - rgod has discovered two vulnerabilities in phpDocumentor, which can be exploited by malicious people to compromise a vulnerable system.
4013e5308f79abdcbf29c4031124da207b966a62c785bd7895a29162b3fb4018Secunia Security Advisory - A vulnerability has been reported in VMware ESX Server, which has an unknown impact.
8a6594fa6d41bd1186e1a621ba0877316e477854ea14eac6edf482bfc8468d9cSecunia Security Advisory - Florian Weimer has discovered a vulnerability in ImageMagick, which potentially can be exploited by malicious people to compromise a user's system.
4c677cc8b90c5f03a8d58f39b9178c39a81d1526cb0c71968472950132360a8eSecunia Security Advisory - Stefan Esser has reported some vulnerabilities in TinyMCE compressor, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
b9ef81d0e909b6af47093e5c0b55362a275dee33553063e9e9c7fcf5e05cf005
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed