Secunia Security Advisory - A vulnerability has been reported in mod_perl, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
973ae94d17d14b3bf3aca0fc8be13bb351532d79a2c1e31f22231f9c1be411d7Secunia Security Advisory - Gentoo has issued an update for ekiga. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
d0c6a8b559f88c80c43e6bfb9cbd6c80cb4be598ed17d7a449de941751645600Secunia Security Advisory - Some vulnerabilities have been reported in MailDwarf, which can be exploited by malicious people to conduct cross-site scripting attacks and to bypass certain security restrictions.
de7ee5233c006b78d3cfe4efcdcae9878649aef6cb28a13733f8c65186336005Secunia Security Advisory - M. Shirk has discovered a vulnerability in BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a vulnerable system.
5024252879cc26a7d43e9a8602f6de7089862eb3a428e4ddae89906928826190Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/HiCommand products, which can be exploited by malicious, local users to disclose certain sensitive information.
a09b1063b7e800134820f8c7576566295a1a62d708cd9a31e38108190d2545abSecunia Security Advisory - A vulnerability has been reported in LDAP Account Manager, which can be exploited by malicious users to conduct script insertion attacks.
30ba197b3fdc9b85a0a5cf59f79b612d5cf358ac20b948a72fab2924565e1906Secunia Security Advisory - A vulnerability has been reported in Minna De Office, which can be exploited by malicious users to bypass certain security restrictions.
0b5e8ff85d0861defc757ec83fe7cc16be6f23aaf0345ee63495d0ec311b48d6Secunia Security Advisory - A vulnerability has been reported in Hitachi products, which can be exploited by malicious users to conduct SQL injection attacks.
998a43442ffd21e390828e0b74a0065c3bd7b705e355f1a4be8748fcdc2b19e9Secunia Security Advisory - Zeni Susanto has discovered a vulnerability in Advanced Login, which can be exploited by malicious people to compromise a vulnerable system.
e29a0fb29c65cba37cd3bf1265c933b43b8bde95e1c73962e6d62fd748be0a5bSecunia Security Advisory - ThE dE@Th has discovered several vulnerabilities in Kaqoo Auction Software Free Edition, which can be exploited by malicious people to compromise a vulnerable system.
820b633fa85e2910031ed8477df838a40b0658347f780d1825d48cbe757e5232Secunia Security Advisory - Some vulnerabilities have been reported in Flyspray, which can be exploited by malicious people to bypass certain security restrictions and to disclose sensitive information.
15ba453c45117e60f5fe1219b45147529249066e44e0d89ce104f1cc5f64f376Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun Solaris and Sun Java Enterprise System, which potentially can be exploited by malicious people to compromise a vulnerable system.
ec807991d21322b19f8962db1ee98327cfe5c0ada97f12a732f1c83ffae44d32Secunia Security Advisory - yearsilent has reported a security issue in ManageEngine Firewall Analyzer, which can be exploited by malicious users to disclose potentially sensitive information.
7230315f023e74d821fe0c08f0773378c0c3634a03cc77de3458ba7c04c1094aDebian Security Advisory 1270-2 - Several security related problems have been discovered in OpenOffice.org, the free office suite. iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used exploited by a specially crafted document to execute arbitrary code. It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link.
6a98de9d6726afda9654896eb2376068ddfa560a6b112aa5a9e545afb183e78dIt seems to be possible to perform various denial of service attacks on a Linux computer running TrueCrypt version 4.3 in setuid root mode, or possibly introduce evil binaries into normally trusted locations.
e4f26c79524c8995fb8c937ec1f23cd1a80777c9b001146d187675f11456ae89A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP port 143. No check is done on the length on the supplied username prior to processing it through a custom copy loop. If the username is longer than 256 bytes, a pointer overwrite may occur in the function nnotes.dll.CStream::ToBase64() which is later called and can therefore result in execution of arbitrary code.
fe3dcb22b698ecfddd8b82c41686afd82bdca864fdb831cc63530d995585ad23Cisco Security Advisory - Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Service (DoS) condition. There are no workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.
df671dab159d74ec1696cc63db7b79d07e9fb284fd2d8a8042d9e143d22507bbiDefense Security Advisory 03.28.07 - Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to cause denial of service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. This vulnerability has been confirmed to exist within versions 7.0.1 and 7.0.1.1 the Directory Service (LDAP) component of Lotus Domino Server.
33441215d97ee99099682d865bcc9af3084ce88bd2cf217195d539bbca3ac53biDefense Security Advisory 03.28.07 - Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of e-mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. iDefense has confirmed that Lotus Domino Web Access 7.0 is vulnerable. Earlier versions are suspected vulnerable.
4dca58f9882eda2aaa0a1e2a9eeeae088da445bc86e94dc4e83e7e54e51402e4Ubuntu Security Notice 446-1 - Luigi Auriemma discovered multiple flaws in the Network Audio System server. Remote attackers could send specially crafted network requests that could lead to a denial of service or execution of arbitrary code. Note that default Ubuntu installs do not include the NAS server.
70182c94e3f51e81e47b50a49898f13ce894a2bea871e34d56bbf70f827415d5Apparently, the phishing protection provided in Firefox 2.0.0.3 and Opera 9.10 fails to take iframes into account.
370d3b648c121c253fa5de60d248360cdc3357040a8b98d143e2a72cbfbe2262Yahoo mail services when accessed via Yahoo! messenger are vulnerable to information leakage and authentication bypass which is caused due to improper caching of pages by the browser.
d842d0674c8c8b54c47d76e63705e82ba124c6dfa0173d82a574df4547ff479dSignKorea's SKCommAX ActiveX Control Module version 7.2.0.2 and SKCommAX ActiveX Control Module(3280) version 6.6.0.1 suffer from a buffer overflow vulnerability.
05ed1a6dfbdf968fc8fa9f9231d3e6a1beb3249d50b8af8b59dbab8a8dc2a556KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.
11a8b2185f26494437aee4a5b794dd9dfc7df3072b51c8db1a96b3d190915204Ubuntu Security Notice 445-1 - Sven Krewitt of Secunia Research discovered that XMMS did not correctly handle BMP images when loading GUI skins. If a user were tricked into loading a specially crafted skin, a remote attacker could execute arbitrary code with user privileges.
e266e06f177d39efc971ec36eaf88b0d5d9d0d133e7c84c3f8d2d42ec2966ac0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed