Gentoo Linux Security Advisory GLSA 200703-28 - CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection never times out. Versions less than 1.2.9 are affected.
9d8aeeb64ccb8c5e90e318692d4f70cf924f596a8f02581a9868a12a61baa1d5Gentoo Linux Security Advisory GLSA 200703-27 - Squid incorrectly handles TRACE requests that contain a Max-Forwards header field with value 0 in the clientProcessRequest() function. Versions less than 2.6.12 are affected.
42d27666ef13f7d2b8258d9fc62f38162ed04427a08651d282213a87b786a40aA vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected software is America Online 9.0 Security Edition.
6a16c6b2fa6bd6a2e4364fc3b2faf209928ece3e1f3ddb864eb76607692a74f8Gentoo Linux Security Advisory GLSA 200703-26 - Jean-S
ce1c65bc507a25ed70388b1698af784c5d3905013a8714609d2cead5303469fdTechnical Cyber Security Alert TA07-089A - A stack buffer overflow exists in the code that Microsoft Windows uses to processes animated cursor files. Specifically, Microsoft Windows fails to properly validate the size of an animated cursor file header supplied in animated cursor files. Animated cursor files can be included with HTML files. For instance, a web site can use an animated cursor file to specify the icon that the mouse pointer should use when hovering over a hyperlink. Because of this, malicious web pages and HTML email messages can be used to exploit this vulnerability. In addition, animated cursor files are automatically parsed by Windows Explorer when the containing folder is opened or the file is used as a cursor. Because of this, opening a folder that contains a specially crafted animated cursor file will also trigger this vulnerability. Note that Windows Explorer will process animated cursor files with several different file extensions, such as .ani, .cur, or .ico. Furthermore, Windows will automatically render animated cursor files referenced by HTML documents regardless of the animated cursor file extension. This vulnerability is actively being exploited.
88ff5cb0b2c86b944410bb7da551094c03637adf8b99db901e3d6783b9610e10VMware Security Advisory - The VMware ESX server has new patches released that address a slew of security issues.
cf9fc52da2246cff687a3a74cf8cee473029ab538b685bc029a694207623808fComputer Associates (CA) Brightstor Backup suffers from a remote code execution vulnerability in Mediasvr.exe.
3f5b72ba1d741c2f1af11dd43b6615839776262ab1ae08113f6424e968ce231fMandriva Linux Security Advisory - Stack-based buffer overflow in the StarCalc parser in OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary code via a crafted document. OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
56b220c1da1369eb014d4498a0742c9e0d7755b8ceb84a7f162bd4755ef5ab0eGentoo Linux Security Advisory GLSA 200703-25 - Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Versions less than 2.0.7 are affected.
ebfbe3ad37e4cec53357ffaa0a9754510f08a3a4405f3ba9de36ad8d6167c2feMandriva Linux Security Advisory - The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command.
ee68a1f822a62c0a2935ff787c003d60672b64d36193c73cfe7b0f3f19b7173eMandriva Linux Security Advisory - Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack- based buffer overflow.
c541a4dab7a9751579835a79eeceba82d89907d1e65aab44ad601badf6be1ee0iDefense Security Advisory 03.29.07 - Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component of IBM Corp.'s Lotus Sametime product. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. iDefense has confirmed that this vulnerability is present in IBM Corp.'s Lotus Sametime STJNILoader.ocx version 3.1.0.26.
176a7cb1e83f154ccc8af07f4cbe77546f283f0105fddba28d1cfc898267a850AOL has recently been made aware of a denial of service condition that exists in early versions of the AOL 9.0 client software.
886495f614e9e3363d76d06cab2b7dc8556864ff6b1690722ae7362795ff25f2Ubuntu Security Notice 447-1 - It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure.
6f30ca5735d1ecd628e6f21841d5317e2f615139bfb316fc832a3e7b06e07d35Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to overwrite arbitrary files, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
d2c3455bb2e44d6d322132dd5927ea68577474efb484c40923d7401cf8492959Secunia Security Advisory - Javier Olascoaga has reported some vulnerabilities in IronMail, which can be exploited by malicious people to conduct cross-site scripting attacks.
7921a20f171faf2625345b86267aefba6e4b49a7e6605fff104694433c36c106Secunia Security Advisory - A security issue has been reported in various Linksys products, which can be exploited to disclose certain sensitive information.
6a8c32c0ae561b45df40bb096ebfbf6f908e238729167807e34b5c73d5a913c4Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
e321530135c82d63bfa1f7c2e52b14178ad5b905ef9ecf18777389d8570cf2cdSecunia Security Advisory - rPath has issued an update for inkscape. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
9bc9470c3075b47497df37e827f6cedb9d11f4cbe65c7aaf30a6d5fceb25cf66Secunia Security Advisory - Jonathan So has discovered a vulnerability in Corel WordPerfect Office X3, which can be exploited by malicious people to compromise a vulnerable system.
1c5f3b829b9a4d7ce0c1ab1d6ad10bbbc3ca5a6950b668208e45f202951b2239Secunia Security Advisory - Elliot Kendall has reported a weakness in DataDomain OS, which can be exploited by malicious users to bypass certain security restrictions.
c59f88c6cdf4dce10aa65db2ef43b076293daa3337f8b293a18d05178a8b5935Secunia Security Advisory - A weakness has been reported in Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
baa32d723088c424621fe3799c73001aaaa378aeab9e843599e27c1a7efd8054Secunia Security Advisory - A vulnerability has been reported in Overlay Weaver, which can be exploited by malicious people to conduct cross-site scripting attacks.
c7dece7738b4f251a3538af7ed0ed2cc5525ee5ef0696be674b71d89243a68fbSecunia Security Advisory - A vulnerability has been reported in CruiseWorks, which can be exploited by malicious users to bypass certain security restrictions.
b1e3f67807a1acf27353558542c8581d6e09a7986e79c83d8849c1c56b464777Secunia Security Advisory - Mandriva has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
6b749f74a3e1b723a882d2c93542eece826217dfa645d395bfc86e0b9de4c312
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed