Debian Security Advisory 1883-2 - The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.
aea50dbf0f0cc940482bdf833e1a6968c13cf817e8c311dd451e904dd17e6204Gentoo Linux Security Advisory GLSA 200601-15 - Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator sa. Versions less than or equal to 3.2.5 are affected.
872f21d9d135884bad3393b867af39b9e71bfca1f5d2f1edcdb2b44e8329b03dGentoo Linux Security Advisory GLSA 200601-14 - Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Versions less than 0.7 are affected.
6f389af4b0b1137bc30a424b2e0a3668b49c50e0fa1ac4a67aa39e45af48e512Multiple vulnerabilities in the LDAP component of CommuniGate Pro Server version 5.0.6 have been uncovered.
c122b73e3f2aa436f247e447fbdaab96d30da06836b9880f9e41cca5aa1015edDebian Security Advisory DSA 958-1 - Several security related problems have been discovered in Drupal. Several cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML. When running on PHP5, Drupal does not correctly enforce user privileges, which allows remote attackers to bypass the 'access user profiles' permission. An interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension.
6617ce3617d2df0765157c99bbfed6ac6846cdb4e42aa4be13ef98569b0ff189The CA iGateway common component, which is included with several CA products for UNIX/Linux/Windows platforms, contains a buffer overflow vulnerability that can allow arbitrary code to be executed remotely with SYSTEM privileges on Windows, and cause iGateway component failure on UNIX and Linux platforms.
8409e14595803164e947c37dd2dfbb346cd4de292b503ce34d26b1d3bf7dc40dArgeniss Security Advisory - Oracle Database Server provides the DBMS_XMLSCHEMA and DBMS_XMLSCHEMA_INT Packages that include procedures to register and delete XML schemas. These packages contain the public procedures GENERATESCHEMA and GENERATESCHEMAS that are vulnerable to buffer overflow attacks.
367ed9eab6261d53ec2bfcaf1f65901f75fa8a8fa1f0d9139fb4c8389da1b9d7A severe problem with the way browsers translate the soft-hyphen (alt + 0173) character has been brought to light which malicious users could utilise alongside a multitude of injection methods as a way to gain unauthorized access and or to spoof content on websites. Both Microsoft Internet Explorer and Mozilla Firefox are affected.
d09b0df55ff9047753e2601a5303cfff7be219ab1bd6e4197197029d5cb00843Secunia Security Advisory - A vulnerability has been reported in nfs-server, which can be exploited by malicious users to compromise a vulnerable system.
fbca3d6ee86bbcfbddc7f8c6ba9a720c21b94869788de4359d9e8a7cbbed5645Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in My Little Forum, My Little Guestbook, and My Little Weblog, which can be exploited by malicious people to conduct script insertion attacks.
344d3fb945bd3946f912f84232a8917390b808ff9e765e9e606fb2d98c73b444Secunia Security Advisory - A vulnerability has been reported in Cisco VPN 3000 Concentrator, which can be exploited by malicious people to cause a DoS (Denial of Service).
4568d050e5cfefb96e48d76ba5d84c33e6158ef076bf79f0b804ec3582976dabSecunia Security Advisory - Debian has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks.
47721504723aafd407f6fb93d45d5980d9b8de189f6090026b86f68a4fa3cf69Secunia Security Advisory - Mandriva has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, or by malicious users to cause a DoS (Denial of Service).
2bc09eb6f72bb160255b32ea3674458c8e32283a9db1ea05b6e7a1f08ce38916Secunia Security Advisory - SUSE has issued an update for nfs-server. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
16043c0ade4414add7ee0fdd67efa41f1f01b0ce10a39c794a690ea73b29f98dSecunia Security Advisory - Mandriva has issued an update for perl-Net_SSLeay. This fixes a vulnerability, which can be exploited by malicious, local users to weaken certain cryptographic operations.
d87e25d0023e1938a8cfcd5290126201c0ad35971f9029ae395aca8cdeab484dSecunia Security Advisory - imei has discovered two vulnerabilities in MyBB, which can be exploited by malicious people to conduct cross-site scripting attacks.
49f482d71066c4671746d0f62f37379eb5b9ac5d0595562ccdb48a98cacc84e3Secunia Security Advisory - Gentoo has issued an update for gallery. This fixes a vulnerability, which potentially can be exploited by malicious people to conduct script insertion attacks.
762f514b6ccc9b6e308cb7534e19ef95dd6b73ab96553f10faae573f32cf687fSecunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in AndoNET Blog, which can be exploited by malicious people to conduct SQL injection attacks.
d6e421f5c2a2c168a0a74bb597c32eb3d8b86027941b2ff4b6fc7bc2261168b8Shareaza, a P2P file sharing product, suffers from a remote vulnerability that allows code execution.
558bf79d1a63a228c41dc5ef9d31ba2a50943261248d81c328532ac0382442f9my little homepage v2004.04.20 is vulnerable to XSS
1f4add3286c8cddc52e3bf32b4fb4eed5aed6a45025b94327903ae42cb12bf55AndoNET Blog v2004.09.02 suffers from SQL injection in comentarios.php via the "entrada" variable.
35de2be590011ca4ae3c5500ad351361ba23ea930ca874bfa319fda0c05cf41eCisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
461ce98665d8f47f2c4e32ab8228adbebd8310fd525df37e500bbe1acc7a7692Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).
b64f32086896128a7524972310d015e83c678f8cf9b97ebf8fd1a79eba34f537Mandriva Linux Security Advisory - GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
897c333ce70a20c6f2d9149f352916147e4429b477261025fe5234bb08e37eaaMandriva Linux Security Advisory - The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
ee52fbcb65d41969cad44c59a4feafd7aa491068d721040497fb1b1c9b92ccd9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed