Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.34, 5.0.0 to 5.0.30, 5.5.0 to 5.5.20, and 6.0.0 to 6.0.5 suffer from a cross site scripting flaw in Accept-Language header processing.
d999b15d8c14e8f9941eb0de2b9fcc406bb711763d4e143d20615de1a557bab6iDefense Security Advisory 06.18.07 - Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. The vulnerability specifically exists due to improper handling of UTF-8 sequences. When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.5.1. Previous versions are suspected to be vulnerable.
eaec603cc0f1fc35245ab560fc482e2cf32d55c0def227512013cdcf240eb5f1FuseTalk version 2.0 suffers from a SQL injection vulnerability.
79e424a6046bfd9991c3bc4708f02f767edba1870e8667c40d360d161345227fDebian Security Advisory 1312-1 - It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure.
d6e583ec69a0e856aaa4acac15a004b79f0f9e922d60c725400771ac6e3f4fd8Debian Security Advisory 1311-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statement called "security definers", which could lead to SQL privilege escalation.
f08303e0be1766a41d362b7f6b57ab00c0283603b5318df656b3e21da5e27cd5Debian Security Advisory 1310-1 - A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data.
967623ddb81a7982e09c9a0c4fed2f8f1ce6412d50236b450aacc4657b41fd37Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4.
e1a9acb96925546add3e1ce254a50bbc614252f074056a0ef5979608da50141fDebian Security Advisory 1309-1 - It was discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called "security definers", which could lead to SQL privilege escalation.
50aa9626cfa4730da2fe0ed5a11678a3a2a16dad9a652c32e07e8f4b9cd94973Safari version 3.0.1 for Windows appears to suffer from a denial of service condition in corefoundation.dll.
3eb10776e8d0480314e59dc2a8e510c996109a6b09fea84edeceb51250f9432fDebian Security Advisory 1304-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
32a9a2f20377739a47fa7d5c7bff44f5ffa3ce0d0a0a58fdfd7b4b880621dba8Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.4.
05c53ade90b873cf4bb988e7c07cf6d6684d8a3da90559b82317f62755e0aff3phpListPro version 2.0.1 suffers from a cross site scripting flaw.
4ac08140ae3c4f00c6daf5b11559df1a45663acd0a1fd3b36d12bd4c45de1e95Papoo Light CMS version 3.6 suffers from cross site scripting flaws.
e579f75a655d419fa11dd11b26f62c32799f3cbefdaed0aa31631736bd823045Gentoo Linux Security Advisory GLSA 200706-05 - ClamAV contains several vulnerabilities leading to a Denial of Service. Versions less than 0.90.3 are affected.
b4e345fa075f4c567e32596985e2cd9f416f9aef985602312552f6b5d244db90Kaspersky Internet Security 6 hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode.
88baa51895098a119b253129abb370e0e3855658a1194e120b3e2226fededcb1Mandriva Linux Security Advisory - SpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a denial of service (via corrupting arbitrary files) using a symlink attack on a file used by spamd.
51a5fdeaf6c02118794caa0acc1dd810f18dbb0fb0675dc53164d334f034c39aElxis CMS versions 2006.4 and below suffer from a SQL injection vulnerability.
d53eb6928d0f75544d96921f1a3054e4b17885be06a5ee60f367852f79e0e232iDefense Security Advisory 06.14.07 - Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. iDefense has confirmed the existence of this vulnerability in MyFaces Tomahawk version 1.1.5. Previous versions may also be affected.
244283775e3ba1442966782ad515ee3b4e94173b27931fb11f8a1cb4f498d173Debian Security Advisory 1308-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
d0351618063473adc3c0fb3a3bec7f4695f33cf5c58e5d2ea61ac013924a3feeApache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from a cross site scripting flaw in the Host Manager Application.
0cf8c43036f2c7837ce86bba5bc54b9dea03e8669966df6441046992fbb203b0John Heasman of NGSSoftware has discovered a high risk vulnerability in the handling of RTF documents within OpenOffice. The vulnerability affects all versions of OpenOffice prior to 2.2.1. If an attacker can coax a user into opening a specially crafted RTF document then the attacker can execute arbitrary code in the security context of their victim.
be4a33febe226d70a1f14570aa889aadb761814ecb40cb7d6d9614c7df6778d0Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Tetex uses an embedded copy of the gd source and may also be affected by this issue.
c2838daf428e6274de9cf428e2c50be048207775770e300811229d5279e638f4Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption. Libwmf uses an embedded copy of the gd source and may also be affected by this issue.
a8c79f68d3e3b0e5f6f5a4590aa697c61132ca007fc791d15e58185c6f9f9cf6Mandriva Linux Security Advisory - A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption.
2e3ba270ea3c4d1919f6f93689f647974c766f1a7bc9af560a39ea9541d60645Mandriva Linux Security Advisory - An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program.
94960e6f55bc1b10bf6a19df85e9a6c69aa8b76672a3ba11ef83907969b799a6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed