Ubuntu Security Notice USN-337-1 - Damian Put discovered a buffer overflow in imagemagick's SGI file format decoder. By tricking an user or automated system into processing a specially crafted SGI image, this could be exploited to execute arbitrary code with the user's privileges.
b0a994a1d3a25e132895df0d702e1195e96cffaef8cbdc41935e7d54f1d1e857Ubuntu Security Notice USN-336-1 - A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.
38d939b17fa0214853a1addeae072d2362df1352902572dc53c468af9a186a85A security issue exists in Telmex, Mexico's largest ISP. Advisory is written in Spanish.
a8606b5409713925372cb4cd6c17c3410f853be40afebe9a4b2fa39615b5c2f2eEye Digital Security has discovered a security vulnerability in IBM's eGatherer ActiveX control. This is the second vulnerability found in this control by eEye Research, the first being from Drew Copley. This control is typically installed by default on IBM workstations and laptops, and is used by default for auto-finding drivers/updates on IBM's/Lenovo's support site.
9c84908e1b617bcd8bdf8c955b46130747f8f7e108a5d3bf442c32fe17b7a573Mandriva Linux Security Advisory MDKSA-2006-143 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program.
4ea8be5cbf740393a2e029272fa3cb4f90a624cde42c0cf0a7fc0f010f1b3f12Symantec Security Advisory - Symantec discovered a security issue in Symantec's Veritas NetBackup 6.0 PureDisk Remote Office Edition. An unauthorized user with access to the network and the server hosting the management interface can potentially bypass the management interface authentication to gain access and elevate their privileges on the system.
8e974c7fc009ae3e7308711422221b19beca99e579c11126f553bda2721afcd1Symantec Anti-Virus Corporate Edition clients controlled via the Symantec System Center Console do not follow the "Download product updates using LiveUpdate" setting.
7f8bf6003e1c7290c318f9ecbc1ba7b2b429be7b939001daa508fe0ee2062c11There is a vulnerability in Microsoft Terminal Server when an application is specified for the user instead of a full Windows Desktop. It is possible to easily cause an error in explorer.exe and to gain access to a full Desktop. This is an issue for anyone publishing applications through TS to domain users who also logon to full desktops either on the TS or on another machine.
d64c9d402f1bb8e25e76432b26bcff82f0808bc359afaae44e10c6fe851b3e67The Horde Framework and Horde IMP systems are susceptible to cross site scripting attacks in search.php. Flaws are verified in Horde versions 3.0.4 through 3.1.2 and IMP versions prior to 4.1.3.
26c3ceb148d5508570a99beb7063062a83fe03cece6d91d209c274554ed67c30The Horde Framework and Horde IMP systems are susceptible to cross site scripting attacks in index.php. Flaws are verified in Horde versions 3.0.4 through 3.1.2 and IMP versions prior to 4.1.3.
7c57bc41e7ce313d1d89a5dbbcc9d4f11333e6aa61b26698f67ec4ec0f4dc009Ubuntu Security Notice USN-335-1 - Yan Rong Ge discovered that heartbeat did not sufficiently verify some packet input data, which could lead to an out-of-boundary memory access. A remote attacker could exploit this to crash the daemon (Denial of Service).
10b5c007fe31344262afb6cdf2244273a82b0015a9dc9facad3621e9b7c8e64bUbuntu Security Notice USN-334-1 - Michael Calmer and Marcus Meissner discovered that several krb5 tools did not check the return values from setuid() system calls. On systems that have configured user process limits, it may be possible for an attacker to cause setuid() to fail via resource starvation. In that situation, the tools will not reduce their privilege levels, and will continue operation as the root user.
12f66fc37c6dc081c7884cf969144db2f616dc6f0bb1fe070d82c2b129fcea1eHP Security Bulletin - A potential security vulnerability has been identified in HP-UX running in Trusted Mode. The potential vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS).
05d9ba6ed91655909ba8cdceda6c8b97f1ffea4110e3f15b4269d861b9009d2eA vulnerability has been found in Internet Explorer 6.0. When Internet Explorer tries to instantiate the msoe.dll (OutLook) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
22885a5636996c2ae267022f1a2e4c96d27b0e909399e0bf36d343c835b3125dA vulnerability has been found in Internet Explorer 6.0. When Internet Explorer tries to instantiate the CHTSKDIC.DLL (Microsoft IME) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
08fb3d9543dfdbc1cbb0720ecced45c13eaa3c1fb57e0e8ef62c14db2d218343A vulnerability has been found in Internet Explorer 6.0. When Internet Explorer tries to instantiate the IMSKDIC.DLL (Microsoft IME) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
8d976f7cec9cac04d2bcde3dc089d8bc90a466b9e8e0f982547fe5c1428fa1feNorton protects its own registry keys against actions of other applications. This protection can be bypassed for registry key 'HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners' using API functions RegSaveKey and RegRestoreKey.
f7afbb4f4af173ea5d04c566e42a8d2d42116a1523e21ffcb16af67d89408b99Debian Security Advisory 1151-1 - Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the subsystem for High-Availability Linux. This could be used by a remote attacker to cause a denial of service.
bc7ac50270b3e72f5f9f60d85ca93e54c051d1c403cc557ed7c6756c29662efeFull write up discussing the Mailslot bug discussed in MS06-035 and another bug discovered alongside of it.
37799790f311e5fe10057f6ffd957cdcaf20e6282be1505a9bad9655596797baCore Security Technologies Advisory - While investigating the Microsoft Server Service Mailslot heap overflow vulnerability reported in Microsoft Security Bulletin MS06-035, Core Security Technologies researcher Gerardo Richarte discovered a second bug in the server service.
98e904bc1f61a856a53c4aa7affb32dd2eb7051805731c5addcbda8af2f59952Mandriva Linux Security Advisory MDKSA-2006-142 - Two vulnerabilities by Yan Rong Ge in heartbeat versions prior to 2.0.6.
04d7f5ca9d6aa8ae64008e2cb9bd5f9818095ca624edba2f81118c1dd6a64420Mandriva Linux Security Advisory MDKSA-2006-141 - An integer overflow vulnerability was discovered in gnupg where an attacker could create a carefully-crafted message packet with a large length that could cause gnupg to crash or possibly overwrite memory when opened.
fb416aba559619ae3c3c4346df15ead90bbf5c101d507c54275e9f1bc119aeadBy forging HTTP request headers with flash, virtual hosted systems can be susceptible to cookie theft using IE.
154ef9bc8fad418a9c6a3409d1cca920cb706549ce6104aa5e4796e74b18ed4aImageMagick versions 6.2.8 and below suffer from a heap overflow in ReadSGIImage().
5950a0314acf70e0dd34e433fec8db1056c5f593a0011bb867946fcbe9014527NGSSoftware Insight Security Research Advisory - Informix Dynamic Server is a database developed by IBM. During a security assessment of Informix multiple file creation/write/read issues were discovered. The LOTOFILE function and rlt_tracefile_set functions can be used to create and write to files. The SET DEBUG FILE can also be used to create and write to files. All versions are affected.
2affd37ddf15299e22b23ffbd647cb2a6e868929770043427f279f0f699124e2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed