Mandriva Linux Security Advisory MDKSA-2006-219-1 - GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
5c1c3a1aa46e6ec5047fe0c7bac640cae31a993d8472dad6d9b0a1e8ee9485e6The network kernel extension com.apple.nke.pppoe that works concurrently with the pppd has a critical vulnerability that may lead to arbitrary code execution with system privileges. Affected product and versions include Mac OS X version 10.3.9, Mac OS X Server version 10.3.9, Mac OS X version 10.4.8, and Mac OS X Server version 10.4.8.
b5c605ccfbd217e21201254fd3af5f2ca285de19b1cb80c628719aa0964bce13A remote buffer overflow vulnerability has been found in mod_tls module of ProFTPD server. The vulnerability could allow a remote un-authenticated attacker to gain root privileges. All versions including 1.3.0a are affected.
180db6a4b1b074c7ba9c0cbafa633c372cb43221e144a3f006a87b5cc1661238Ubuntu Security Notice 387-1 - Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmap_disable=yes" were vulnerable.
65853c23c7c8d92652e693162b76d16396cdf26d972f1d2c7edd4cc330ddd8b4Ubuntu Security Notice 385-1 - Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.
fcb3556bbcfb9517e7e5d4212b8cb38c4837e251a5cefd0301edcc4662dd0723While fixing a bug reported by Hugh Warrington, a buffer overflow has been identified in all released GnuPG versions. The current versions 1.4.5 and 2.0.0 are affected. A small patch is provided.
16c01b2238c245fb4f9fc03e97f5aeb254dee53057a1c155fb1859213957cf2bREMLAB is susceptible to an input validation vulnerability.
913ea89f58c285f876b67754a08df09a0228c61281f43a752af4e1872c33cdf5Secunia Security Advisory - A vulnerability has been reported in KOffice, which can be exploited by malicious people to potentially compromise a user's system.
2ac389a66d0ead1eaecbc6a848752f1ed58342facf61bd800f6673d636af8aa4Secunia Security Advisory - A vulnerability has been discovered in Safari, which can be exploited by malicious people to conduct phishing attacks.
a7b52d640c9f15f3794e613965172e867b8b31e2e6885c76fac25c5dfacddab8Secunia Security Advisory - Eugene Teo has reported a vulnerability in the Linux Kernel, which potentially can be exploited by malicious, local users to gain escalated privileges.
bac7297bc2fe0f50a242f403fe082e4cb719254905a745980e45cdf0afe7aa81Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of service) or to compromise a vulnerable system.
95ae429ecae526dc918f26e61e8cc611eb5f805f463014f77a58ec49537b8068Secunia Security Advisory - Ubuntu has isssued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
83a6faec8f92a409b9cda73ec8e8c422d811e1d0e33f68dea1095147923faf00Secunia Security Advisory - Debian has issued an update for texinfo. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a vulnerable system.
057cbecb623db729c895ab1aafb2e091b0b0c34d4f74808013fe3d167c017f9fSecunia Security Advisory - A vulnerability with unknown impact has been reported in freePBX.
f7c379705ee067fa69d43c7cb77c8d83e304f11646f99f470badc1226922e6e6Secunia Security Advisory - Fukumori has reported a vulnerability in Blogn, which can be exploited by malicious people to conduct cross-site scripting attacks.
54c93fee1889aad8b49588f01a2ca99469ceea6867af95bb8095f9fc235be44fSecunia Security Advisory - Some bugs have been discovered in Adobe Reader and Adobe Acrobat, which may cause an included ActiveX control to crash.
444713d563e4b638afac878bc199aa104b892149862fb487a16a90795af88ca2Secunia Security Advisory - A vulnerability has been reported in Kronolith, which can be exploited by malicious users to disclose sensitive information.
3bc9f8704bb6111630977f9f3b0c712b3587d628329e73ce83b48bea25ad9bfcSecunia Security Advisory - Aria-Security Team have reported a vulnerability in fipsShop, which can be exploited by malicious people to conduct SQL injection attacks.
88f05cbb7983a7a3367521c59958c8ec6f9c3718c671d246289b9a137a7f83efSecunia Security Advisory - tarkus has discovered some vulnerabilities in b2evolution, which can be exploited by malicious people to conduct cross-site scripting attacks.
502517c717a4e40e17b99b5f3541ac6525717320ae383aa03d4c72cfa6f94996Secunia Security Advisory - A vulnerability has been reported in Chama Cargo, which can be exploited by malicious people to conduct cross-site scripting attacks.
dd042c325a1eb6c5bc19a11c8526727ccb724657ca9221a13224971e6239cec1Secunia Security Advisory - Gentoo has issued an update for mono. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
a8b968d8a37c793cce8f2a9e55095e3cdd12b01d3c91b46cccfcce76f40b0abfSecunia Security Advisory - Gentoo has issued an update for lha. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
d65149e6876edc69bccc684be376b34025f2d39ae35066d2574bc9e62a87e848Secunia Security Advisory - Ubuntu has issued an update for koffice. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
a4c72ec10c9560b629d3882fae43d703e4d684642b6eea48af6e65647930bc51Mayhemic Labs Public Advisory MHL-2006-004 - MBoard does not check the Post ID for malicious data when replying, allowing an attacker to create blank files on the system wherever the web server has write access. Versions 1.22 and below are affected.
dc3792e64bd8c279e0c5bc8ef1dbd4d1d6abe41cce79d600cbf424d8b5ea242fDebian Security Advisory 1219-1 - The GNU texinfo package has been found susceptible to insecure file handling and buffer overflow flaws.
4641c059f7cc2e1ddd3c601d1259afa8745596943b067163250cb62775f3a5a0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed