Debian Security Advisory 1046-1: several security related problems have been discovered in Mozilla.
c2f0c9e203162fb84f6b688dccec9383a68497b59eb532ef2e5cace16e088da6Debian Security Advisory 1045-1: Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients.
7e56f1abf9d34d6fdbd18f7cf9d97721361848c944083e1ba23c6524ac565f49Gentoo Linux Security Advisory GLSA 200604-17 - Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code. Versions less than 0.99.0 are affected.
274c34275604ba38466f25c5349e68a8a12a9f894906491dc9ee4c7542cf0d1aGentoo Linux Security Advisory GLSA 200604-16 - Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the input data supplied by the user before copying it to an insufficiently sized memory buffer. Versions less than 1.1.2_pre20060328-r1 are affected.
531ceaff9013caccdc626f88d42dcc301d411606a8899d31b399c17c9643a162Gentoo Linux Security Advisory GLSA 200604-15 - Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing. Versions less than 0.99.4-r5 are affected.
598bb82dbb0a13d0345301e976c12e42cb133a68bc17fb557bb5253daa532a58Debian Security Advisory 1044-1: Several security related problems have been discovered in Mozilla Firefox.
b689441635aac4e585b34c93df67a8395721260b7788928c34429803f9cb4f83Debian Security Advisory 1043-1: Erik Sj
24dbde5281a263a3b0505b5c06cea313fd47b3cb6eae947c110dd6b5557834dcMandriva Linux Security Advisory MDKSA-2006-079: A vulnerability in how ruby's HTTP module uses blocking sockets was reported by Yukihiro Matsumoto. By sending large amounts of data to a server application using this module, a remote attacker could exploit it to render the application unusable and not respond to other client requests.
2a4613903a321fd77f236960aaee86901b5194f2ca53df46addbb68198bf1d02Mandriva Linux Security Advisory MDKSA-2006-079: A vulnerability in how ruby's HTTP module uses blocking sockets was reported by Yukihiro Matsumoto. By sending large amounts of data to a server application using this module, a remote attacker could exploit it to render the application unusable and not respond to other client requests.
2a4613903a321fd77f236960aaee86901b5194f2ca53df46addbb68198bf1d02Mandriva Linux Security Advisory MDKSA-2006-078: A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other information. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the program.
5f84e7e68f4ac060eaeb03eb4c2872d421dcf6d6993ff57259ec7a4ae3449829Mandriva Linux Security Advisory MDKSA-2006-078: A number of vulnerabilities have been discovered in the Mozilla Thunderbird email client that could allow a remote attacker to craft malicious web emails that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, or other information. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the program.
5f84e7e68f4ac060eaeb03eb4c2872d421dcf6d6993ff57259ec7a4ae3449829Mandriva Linux Security Advisory MDKSA-2006-077: A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0
2e95063752443adee9e5ceec80c60e69aaabf4074246e81446192a4bf1a3a64fMandriva Linux Security Advisory MDKSA-2006-077: A number of vulnerabilities have been discovered in the Ethereal network analyzer. These issues have been corrected in Ethereal version 0.99.0
2e95063752443adee9e5ceec80c60e69aaabf4074246e81446192a4bf1a3a64fMandriva Linux Security Advisory MDKSA-2006-076: A number of vulnerabilities have been discovered in the Mozilla Suite that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser.
168a1f3d0fc4663f82b500b6b14843de5fdc405aa30aad5679303bb2f2c7c45cMandriva Linux Security Advisory MDKSA-2006-076: A number of vulnerabilities have been discovered in the Mozilla Suite that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser.
168a1f3d0fc4663f82b500b6b14843de5fdc405aa30aad5679303bb2f2c7c45cEMC Insignia has released an update to Retrospect 6.5 and 7.0 Windows to address several recently identified security vulnerabilities.
64c45ce149d42ad3c25dcc9eac64f21f35f2c9559dbccf5aa9e897b26f08a006Multiple vulnerabilities have been identified in IP3 Networks 'NetAccess' NA75 appliance. Vulnerabilities include SQL injection, command execution, and information disclosure.
480eafdfcc9a703dadbe001fe7bfc64ba155dfcf0aade9d2d1ca07bd25fce829Two vulnerabilities was found in the ARI package included in the asterisk@home Distribution versions 0.7.15 and lower. These vulnerabilities allow a user to listen to voicemail from any other users and and to disclose configuration password.
59890f2b941cdebd235dc7cd0cf208a2602022c8cf0d754796a8130687c7ccbfCisco PSIRT's response to the privilege escalation vulnerability in multiple Linux based Cicso products including: Cisco Wireless LAN Solution Engine (WLSE), Cisco Hosting Solution Engine (HSE), Cisco User Registration Tool (URT), Cisco Ethernet Subscriber Solution Engine (ESSE), CiscoWorks2000 Service Management Solution (SMS)
5fed5f29f98f68d37f4b0e34a99ad89ec73549e4955eedd56cf3633347bb56beAssurance.com.au - Vulnerability Advisory: Multiple vulnerabilities in Linux based Cisco products. the "show" application has several vulnerabilities which allow an attacker to "break out" of the shell and execute commands (including /bin/sh) as the root user.
ffd7ec925a08321578c4606c7b0a6bde0583a426858c95a75515779c416b030aThe package SYS.DBMS_LOGMNR_SESSION contains a SQL injection vulnerability in the procedure DELETE_FROM_TABLE. Oracle fixed this problem by using the package DBMS_ASSERT.
1eb412d989006bda131499a0f77fe151a8bbbc7dc287b8e0d7be3dc8c7bd297fSome components of Symantecs LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.
a36f19d2a6ed11d0ffb67d60451dbbfebd2b4a55d7432dc8a62f16c20cc2b9fcphpLister v. 0.4.1 suffers from XSS.
8b1f1255e539096abf589d91e29f48549f7c3a9af76ed4ba68514c56be5bde95A paper discussing the various vulnerabilities in Ad-Aware.
4b6a28f895b49f29af11ab0ad13559dae263a936ed19aedc7e28d7ca632b9ba8open security advisory #16 - Xine Media Player Format String Bug - There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.
d4f570c418c920fa2ace268f9e01803444655bf73c95bb1f9a806e7168cb8848
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed