Secunia Security Advisory - Mandriva has issued an update for tetex. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a vulnerable system.
938b3b1613efc6b3747a1aa738585ebbe2704835cddfe9071cbf1f546e05578aSecunia Security Advisory - Slackware has issued an update for arts. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
c1b5fb56a750328850e00c21e3bf532ef86b73268c5914cb5c335cfac816d96eSecunia Security Advisory - Slackware has issued an update for kdebase. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.
c082e3e7d2ecb73b7a4bb4b3ff44cf1f9903401141b58edee02e2c6c4c208d11Secunia Security Advisory - Ubuntu has issued an update for mysql-server. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
d6827f0e053c4517946a4f2cd6350d11e6a1ccbc8304db2a8e9f2fa92b33c4a5Secunia Security Advisory - luny has reported a vulnerability in Metalhead Usenet Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
6cd3f6feb4c9cbaadd7c2cf1073f3aaab024fa12893dc0d245ee05304b74481cDebian Security Advisory 1103-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
0a2c54ad196f2cfa9218116b3bb0c6f5563fc7cba60ca178312a91393ea19b11Gentoo Linux Security Advisory GLSA 200606-26 - A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Versions less than 3.0.2 are affected.
9c1a77a9cc04b7dbab3b6df2d779d889c43fd9253d25127bbb48610c3c38eaa4Gentoo Linux Security Advisory GLSA 200606-25 - Andreas Seltenreich has reported a possible heap overflow in the array_push() function in hashcash.c, as a result of an incorrect amount of allocated memory for the ARRAY structure. Versions less than 1.21 are affected.
0794e1216598192b7faa2e37b6d5c7afd1e45d142030ef613239d3cadef0a55bClaroline version 1.7.7 suffers from cross site scripting vulnerabilities.
527e9653b808b6e4a406c0d9068e7977f88f686cc4e2f86849c34574150a37a9Ubuntu Security Notice 304-1 - Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicious GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.
8ce403909a08d5842575ce2c355e64f139717df41eaa70e0dc91eebc2d07d874Planetnews suffers from a php shell upload vulnerability.
ef667306450c5b8bd9a3d7cf601f6fbcfb6711e350fbe2e22f6ca46b1872f3abThe Online Registration Facility of Algorithmic Research PrivateWire VPN Software does not do proper bounds checking handling normal GET requests. Sending an overly long page or script name, it causes a buffer overflow and an attacker can control the EIP to run arbitrary code on the victims machine.
ed57108705046fce7f0788c8851c13a21b39073e06a3b2e3cc8860b156e305ddOpenPKG Security Advisory OpenPKG-SA-2006.010 - According to a vendor security release note, a memory allocation attack possibility exists in the GnuPG cryptography tool, versions 1.4.3 and earlier.
ea3e7fc582b6e512e44abc057870fae611e22a2034321248199f5314e97c3c3bDebian Security Advisory 1102-1 - Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.
d71066c86798b30c24f5675f615a795a5fbdaaa5cf3fa7a86a19717324d08dcaIt appears that there may be a safe mode bypass via error_log() in PHP versions 5.1.4 and 4.4.2.
c6f9c7254b26d331e6110e668cae4d3caae2f637d4f4cd180b3663b45d4a142dIn previous kernel 2.6 versions, systems that use the SCTP protocol are vulnerable to remote denial of service attacks including remotely-triggered kernel crashes, and all systems are vulnerable to local denial of service including locally-triggered kernel hangs.
0a184d8c9cd14cdfc29f7f2d78a66c38915f67721aee3a75be265bfc14048501Mandriva Linux Security Advisory MDKSA-2006-111 - Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue.
f8ed87c094831924481b8145d31f992ec2b91591761234bc0da068928d88502dGentoo Linux Security Advisory GLSA 200606-24 - A boundary checking error was found in wv2, which could lead to an integer overflow. Versions less than 0.2.3 are affected.
64c9f199bfac9b81f814694c184b26d870f4a30569c979370e170a6f4452da03A vulnerability has been identified in the Cisco Secure ACS session management architecture which could be exploited by an attacker to obtain full administrative access to the web interface and thus all managed assets (routers, switches, 802.1x authenticated networks, etc). Cisco Secure ACS 4.x for Windows is affected. Legacy versions may also be affected.
fbf80693021296569355b9ad54cadd3aa96fd503cd199519dd68a9b42c2c781eThe Trend Micro Control Manager is vulnerable to a persistent, unauthenticated cross site scripting attack. Version 3.5 is affected. Earlier versions may also be affected.
c3d1d3bbbf78085ec649a55ccb2a77773e6db22a4402d09da1ae786cd449f05eTrustix Secure Linux Security Advisory #2006-0037 - The Linux kernel and netpbm suffer from multiple vulnerabilities.
2ab7cabaece150fe0d10045a5d14e6a9a1218dd00b173df156c9b9a3bccb3719HP Security Bulletin - A potential security vulnerability has been identified with the HP-UX kernel. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).
def959faafdb89cbcff7d3a5223705c8886842668bc2b66d9bb3c994a9f32926Webmin versions 1.270 and below are susceptible to a directory traversal attack.
fa59e3fa0d86976493acec052efc7ea7a7449bd1611072cdf0f932ece26afa50Debian Security Advisory 1101-1 - A bug has been discovered in the Courier Mail Server that can result in a number of processes to consume arbitrary amounts of CPU power.
389186208da6b5240aafa0008549f543ce3ebfb99d8aae6417ce2ea108185b3cA remote buffer overflow condition in Real Helix's RTSP service could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed HTTP header. A second vulnerability of equal criticality was also discovered. This bug involved the parsing of HTTP URLs. Affected versions include Real Networks Helix DNA Server 11.0.x and Real Networks Helix DNA Server 10.0.x.
4022b34c3349145110e125c8bc13def3346578012e5faac7c27a6d60fc1afa73
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed