Secunia Security Advisory - Janek Vind has discovered a vulnerability in the Dance Music module for PHP-Nuke, which can be exploited by malicious people to disclose sensitive information.
437b399504b607900beeb770c6aa812161c59452a75c5faabe6725b9a3cc2253Secunia Security Advisory - Jason Kratzer has reported some vulnerabilities in JSPWiki, which can be exploited by malicious people to disclose system information and conduct cross-site scripting and script insertion attacks.
fe0007408d063b313e2c712ca7c462ec21e3cd26078704b913cf9df8deb787bcSecunia Security Advisory - Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
9c285fb00edd50ae37ef1f780bd6bbb590c1ef0927a17973d19d9a1dd7cf5e39Secunia Security Advisory - Luca ikki Carettoni and Luca Daath De Fulgentis have reported some vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to compromise a vulnerable system.
e801a02c9a902072d6ae0c6b5c8e63eaf8bfab85d7e9f4b4770ae2c0f5a173d8Ubuntu Security Notice 520-1 - Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service.
08fdf822b219ed0f0abf8b3431b5a4c1910e9651393d36ef7b66b19ca7021083Secunia Security Advisory - K3ZZAP66345 has discovered two vulnerabilities in FrontAccounting, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
8817e159c2dedf33fa7367995968cdf693e8c71b40454ed14f6ddb9acefe3f51Secunia Security Advisory - Red Hat has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.
e1e607520371b27bd3a905bb402ee6f8bbdf482eb379a99ab1fc66cd086b45c0Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
6526e3a4fb2fb638aa2f6f55fc53198350d77d349f17a5d512a64b6ac0410c18Secunia Security Advisory - Fedora has issued an update for bugzilla. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
05148f2762ebba2bf81711d610b845204840416046bdf97bfea2c06b6c1aaefeSecunia Security Advisory - Jesper Jurcenoks has reported some vulnerabilities in SimpGB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1eab444ef3e1bf6056b14272679d2878f482651a68b2e967b6d37bd02f170611Secunia Security Advisory - Jesper Jurcenoks has reported two vulnerabilities in SimpNews, which can be exploited by malicious people to conduct cross-site scripting attacks.
e2f6764f8eb9d9c664e05be0aa07c8963bbe1a292f8ad3fe8e17e16f9830bd57Ubuntu Security Notice 519-1 - Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information (such as passwords).
8eb3ffc0a271f7162f7d84997a46e1b0768044e5a04c16030d0c288789b788b0Mandriva Linux Security Advisory - PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
25a0c70c9813bfaedfc228bc8e7892c1430ac76c2a3b7232fe0568c80eac73f2SimpGB version 1.46.02 suffers from path disclosure vulnerabilities.
c9981ca4a730f121d4211200f419eb49d93bcbecb992b49f9ae7d075667fd42dSimpNews version 2.41.03 suffers from path disclosure vulnerabilities.
3ee4df8a1f7ac08c8902567a0e2a16ae61b9b3db066ac1c66bea635c0c6fdb8eiDefense Security Advisory 09.25.07 - Local exploitation of an information disclosure vulnerability within the ALSA driver included in the Linux Kernel allows attackers to obtain sensitive information from kernel memory. iDefense has confirmed the existence of this vulnerability in version 2.6.22.1 of the Linux Kernel as installed with Fedora CORE 7. It is suspected that other versions are also vulnerable.
949399f1ef56b7cf5b001af2d386dd168ad4fea165fb77e0c740cb6214ea3165NukeSentinel version 2.5.11 suffers from a critical SQL injection vulnerability.
44f9832c67f2adf006365d71a92904ce6381770dbfd5e4ffc3a8ab4e4c95c9eeUbuntu Security Notice 518-1 - Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.
707a8324e923c3b666125afd73e3124c380a5372e1844659bbf9ed0082e9b4cfSecunia Security Advisory - Sun has acknowledged a vulnerability in Sun StarOffice, which potentially can be exploited by malicious people to compromise a user's system.
91bdde7952b717839b599f107721c247ea96b9b5bc839eb052a52148fa67c34eSecunia Security Advisory - A vulnerability has been reported in IBM Rational ClearQuest, which can be exploited by malicious people to corrupt data.
4f0baa5df99347baaa1afd2985c30ac00c6b159cf3c98c77a9cc0962b0d3a5e2Secunia Security Advisory - A vulnerability has been reported in Apache Geronimo, which can be exploited by malicious people to bypass certain security restrictions.
152f4a71efb2fe90d712754489e0ce6aa914fe52e9381d9bf0b5d5944daf2efcSecunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
21dc5a14a816216668089f7f3eaf4c86ef2f2acd720c509a09f949096f94a93bSecunia Security Advisory - Ubuntu has issued an update for kdm. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
07e31311923ab0dd4f6bdf25d206730f0b721d4f6ce54913876cfbcd7bdb40afSecunia Security Advisory - Fedora has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
f458d57f892d1e4b72bc1c968130ea81ad93280334db276f67448cf6407865bbSecunia Security Advisory - Fedora has issued an update for libsndfile. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
8a83c00fa13a15c67a96ea806d62d520d7c379262249ef24e8d7da436c3904b4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed