Yahoo Instant Messenger suffers from a remote flaw that allows a browser to be launched.
3664cbddcc34785d915a40ed0743f9f1bca1614515aebb46884146fb317f77a9Secunia Security Advisory - Some vulnerabilities have been reported in Dokeos, which can be exploited by malicious people to conduct cross-site scripting attacks.
0f4c03f8a14b19bd04f8d087758f1ec10b2e08b45f6c4f72c831664a4fa6436dSecunia Security Advisory - A vulnerability has been reported in Sun Java System Application Server (SJSAS) and Sun Java System Web Server (SJSWS), which can be exploited by malicious people to gain knowledge of sensitive information.
a5b21a2201907f7b53a0e0183bc4668082c153259b0a2de730355d7b89a7c949Ubuntu Security Notice USN-328-1 - Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling for Apache 2.
5d77a8775e2b6a5bbfe4f64cd313a26d5c76928cd971164d7d08fbd0b0aa3655Ubuntu Security Notice USN-327-1 - A multitude of javascript related vulnerabilities have been patched in Firefox.
a86d624fcd8df7fc620b513f3e6fe047d4d853bda7e7a3cb1a90dbc9c55e4fbcTechnical Cyber Security Alert TA06-208A - The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
86ea302741e04f7adec9c59cfe0f6d1c012d7ce705526cc004e3a7bf46a8a996Ubuntu Security Notice USN-326-1 - Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment. A local attacker could exploit this to render the heartbeat service unavailable causing a denial of service condition.
7600556aac7c37b758cd243710ba9b13c441db44370096f4c00c8749f5352e97Ubuntu Security Notice USN-325-1 - ruby1.8 suffer from flaws where the alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations.
9c1a6992c54e44376d86b629d30ceea887c1f54569b11165a6763e0d35aa4d22Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events resulting in the use of a deleted timer object. Successful exploitation allows execution of arbitrary code. Versions below 1.5.0.5 are susceptible.
762ec07c76ea414272e2b2b553bef57a62f2f3d3ca6502c14d0ca71ffef11f14A stack-based buffer overflow has been discovered in Winlpd version 1.26.
6417117d987bd7535b592edb12b8f55e974a45f5b19effd46b1948d79d789f97Debian Security Advisory 1126-1 - A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause a crash of the Asterisk server.
ed97b618f3fe640d0a39f1848913ff8349dbea8a91798c9f7875aaae2036c1d8The NSFocus Security Team discovered a remote denial of service vulnerability in ISS RealSecure/BlackICE product lines' detection of the MailSlot Heap Overflow as discussed in MS06-035.
5dfdf3223765450a2bdc73337631272e27ef28cafd53ac721bfcaa511b04ccf4Yahoo! Mail suffers from a cross site scripting flaw.
53aa1dbba6ce325a55d608e20fde59636f71ead1fd1dfcdde26ec3e0a8a77207A vulnerability exists in Firefox versions 1.5.0 through 1.5.0.3 and SeaMonkey versions 1.0 through 1.0.2 that allows attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
92ff76589f52b7f12a99064f622ee16a1fcf346cee16f9c98a1edf93b848a97cDebian Security Advisory 1125-1 - Several remote vulnerabilities have been discovered in the Drupal web site platform, which may lead to the execution of arbitrary web scripts.
d33d79b369ff9056d0cb5795b4f5bb0d5be992bd5fb933073859c9c6f9010aeeDebian Security Advisory 1111-2 - It was discovered that a race condition in the process filesystem can lead to privilege escalation for the Linux 2.6 kernel series. The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.
29d04f30390e5c6a5457d0a7c7fb811303f7b8c1e81d94df734664be018dbfadSUSE Security Announcement SUSE-SA:2006:042 - A slew of kernel related vulnerabilities has been fixed in SUSE Linux for the 2.6 series.
4c8c22343a9c6f45ba441423e790535d6fa953e7a4733a9309a92d7c98856860NTA Monitor discovered a denial of service vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer in July 2005. The vulnerability affects Phase-1 of the IKE protocol. Both Main Mode and Aggressive Mode over both UDP and TCP transports are affected. The vulnerability allows an attacker to exhaust the IKE resources on a VPN concentrator by sending a high rate of IKE requests, which will prevent valid clients from connected or re-keying. The attack does not require a high bandwidth, so one attacker could potentially target many concentrators. This mechanism behind this vulnerability is similar to the well-known TCP SYN flood vulnerability.
be9e71e7ed762a62e165c493b33ebe9e8bc248cea205d65985b9212c0de7e083Secunia Research has discovered a vulnerability in AutoVue SolidModel Professional Desktop Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of ARJ, RAR, and ZIP archives. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened. Successful exploitation allows execution of arbitrary code. AutoVue SolidModel Professional Desktop Edition version 19.1 Build 5993 is affected. Other versions may also be affected.
e93adff3a8f625d54d58dc9486926383f88de6f10f23d5b6f9a008feef926f49Ubuntu Security Notice 320-2 - USN-320-2 fixed several vulnerabilities in PHP. James Manning discovered that the Ubuntu 5.04 update introduced a regression, the function tempnam() caused a crash of the PHP interpreter in some circumstances. The updated packages fix this.
2198394c03ebd4c25f5b37e6da9b26b5af15075834b194d7361046b1ac0d0df8Ubuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.
5bac46201d85b7d87564a81483d060451294ae059915c3f5ed9d49a994560665OpenPKG Security Advisory OpenPKG-SA-2006.014 - Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file commits if a filename is specially crafted to contain shell commands.
651a47962b4a17cf094ec8d6a0a5335125974ff1d48fa54c362051e4b58cf1c3An arbitrary code execution vulnerability exists in PowerArchiver version 9.62.03.
be1c7f5acea357664b1372470353015f39b13264a61266b84630702156f1c79cSecunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
ca910b5e37e9b7f2457130bcc74c4501716cae92c7e6c40a020f4c920fc00416Secunia Security Advisory - A vulnerability has been reported Heartbeat, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
98af680579b0b8d507a1f05da143f6235c24ea406e73de0898a881772016a33a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed