Secunia Security Advisory - Ubuntu has issued an update for imagemagick. This fixes two vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
a585bd16f0fc8e07f0369902f7367112739ffa5e85c1cc445c551c4eae6388b2Secunia Security Advisory - HP has acknowledged some vulnerabilities and security issues in HP OfO (Oracle for Openview), which can be exploited with unknown impact, to gain knowledge of certain information, overwrite arbitrary files, and to conduct SQL injection attacks.
4a471693ca5f81d6581a4cc37b97b16d4cdcb0f0553f492a8bbc70dd28a8ecbaSecunia Security Advisory - A vulnerability has been reported in FreeBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
bfc309ae880f4799c3fd038ad380327708056837d47e11795e4e3195ad702350Mandriva Linux Security Advisory - Multiple vulnerabilities in the Linux Kernel.
f468cdd7dfeed0b5b4989e9bdcd1832a1eaf9a9aadbfc1f53b306faa7a863d69Mandriva Linux Security Advisory - A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpreter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site.
a4e3db0d7cbc15065d6f7c0d106d497a16f801a95430aff03ea5c448310faa4dGentoo Linux Security Advisory GLSA 200601-11 - Maksim Orlovich discovered an incorrect bounds check in kjs when handling URIs. Versions less than 3.4.3-r1 are affected.
c904c497c5dad9cab2a264f5a8a334230ae4a1b2b269ebfac4e39c913da8321bDebian Security Advisory DSA 954-1 - H D Moore that discovered that Wine, a free implementation of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.
fb2479bedb36ebf34a7eeb07278cc6e02076b72527694a66f01a0707ed60bfccDebian Security Advisory DSA 953-1 - Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitrary script code into the index page.
6ae1ee4a8fa58e4b0a3fd26d6153a9b27598deb1f5615d2559b5c71308d2d61aSeveral vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identified the following problems:
eea1f4792b9dce39ed16b066bb511324dfa93aa54b14989457397accc5cbf420Debian Security Advisory DSA 952-1 - "Seregorn" discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code.
297dc39eab131945d3dda20db04a279ff46455cbc3ffd7563053874594bbad70Debian Security Advisory DSA 950-1 - "infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
894517cfbbce2917dba48f8516ba50e796b97b4643208e86422375191b1f6838Ubuntu Security Notice USN-246-1 - Multiple vulnerabilities in imagemagick.
2c932a143e5c6db4068bb308eb07016d50b4791ae71c7affa3c4b64147c4a086Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a web site with malicious JavaScript code, a remote attacker could exploit this to execute arbitrary code with user privileges.
137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability - Maksim Orlovich discovered an incorrect bounds check in kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE, that allows a heap based buffer overflow when decoding specially crafted UTF-8 encoded URI sequences.
de2920898469668b8477e01dd441a86ad76defc9f97dee827f74e04b4fc113f6IRM Security Advisory No. 015 - IRM has discovered an information leakage vulnerability in TYPO3 that allows remote users to disclose the file system path of the application when requesting certain files.
b385aa7f32f1b3f660c029e843151ccaf36a908f5c9b73246ebe93270c894671Technical Cyber Security Alert TA06-018A - Various Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
c32012a8e44781f8409f9639566c1b108afe0366c6ed838709ba52283cf0c8caFortinet Security Advisory: FSA-2006-07 - Fortinet Security Research Team (FSRT) has discovered a URI buffer overflow Vulnerability in the BitComet P2P Client software. It indicates a possible exploit of buffer overflow vulnerability in BitComet. BitComet is one of the most popular P2P Client for file sharing, which uses bittorrent protocol. There is a bug in BitComet, a remote attacker could construct a special .torrent file and put it on any bt publish web site. When a user downloads the .torrent file and clicks on publishers name, BitComet will crash. An attacker can run arbitrary Command on victims host by specially crafted .torrent file.
219c9ec0eded6976a100d7e6ae91e416fcf26afd6ecfcd75a5dc11de98fb928eCisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager versions with Multi Level Administration (MLA) enabled may be vulnerable to privilege escalation, which may result in read-only users gaining administrative access.
e665fa1c49678a873fbea395221a9b83f27ece918f989d91591c2e9f5d0dc978Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting.
526b6fe76e55d3f5c29d34c72b425c4259e171e9c336c5a68e64b5de33d68420The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
893bdafb33b0995fdf5d4d369fdc534ec823c50ba74e4af414716e55597bbcb8The following security vulnerability issues have been identified in the DM Primer part of the DM Deployment Common Component being distributed with some CA products.
3bb77b73a739e829a3825d2e8abbaa2acbef94cd5a8a75f892c2a5e96d8e7d82Blogger's personal page redirection mechanism contains a classic HTTP response splitting vulnerability in the "Location" HTTP header. The problem occurs due to use of unsanitized user-supplied data in the "Location" HTTP header, which enables attacker to inject CRLF(%0d%0a) characters thus splitting server's response taking full control over the contents of second HTTP response. Exploitation of the vulnerability can lead to cross-site scripting (XSS), cache poisoning and phishing attacks.
b1bba7cc5beca200d483fb1ac898c490176fc394f70bf51480e8ff51ed266fc0The package SYS.KUPV$FT contains 3 SQL injection vulnerabilities in the functions ATTACH_JOB, OPEN_JOB, HAS_PRIVS. Oracle fixed these vulnerabilities with the package dbms_assert.
cacfccadb67c767daee94524725fa95624e17dcb4d30045bcd1abbb1c25e6f85iDefense Security Advisory 01.17.06 - Remote exploitation of a denial of service vulnerability in EMC Corp.'s Legato Networker allows attackers to crash the nsrd service.
3dd9e50232b3ed57286616217dd334d37e267dd9f103b98f1d2c925be61ba489iDefense Security Advisory 01.17.06 - Remote exploitation of a input validation vulnerability in Cisco Systems, Inc.'s IOS 11 HTML package can allow attackers to execute arbitrary scripting code.
15d83441eb0f4eca8a5f6e181b29e10704aa00bd1be6c0248814846fe57036e6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed