Technical Cyber Security Alert TA07-334A - Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code.
d9157e53c724411084200c26352cf027db37f869524056dae054458abcf5c992Realplayer 11 suffers from a denial of service condition related to ActiveX.
559abefa44f25eeb2783026619a58e3bf1e45eaf49a8be7460ff87001da30c99Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. This update corrects all known regressions with previous Samba updates due to the security fixes to correct CVE-2007-4572.
48766d685990315070f438d337357a3ed5e8bf3ab023ea7a9133edf9cbbf5de3Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5.
82dae6b629e189b7e2d3dfbad033c409a70c0f0886d117b786a64d4164df2e82Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing the ANI and DNIS strings to the Call Detail Record Postgres logging engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
bea6b18a3ed4c0fb66fe9dbf57a59dd37c48c68de19de9b9e05cc4b4d31f9144Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
a6dfd2c5d7a40d837c11582e71764dcde062ba282383e034543da1782c87505bFreeBSD Security Advisory - Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system.
dcc19ef1a758f3087be980a876f9e362719306f374c5862dbc64840fe61c16acFreeBSD Security Advisory - Under certain circumstances, a bug in the internal state tracking on the random and urandom devices can be exploited to allow replaying of data distributed during subsequent reads.
79fc48bb0be0a2fc8194b995f8df4fc946ed9da015fb0ef3779e6e7ea6fd4d16Debian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
5cf11e10c5649423ca621dbf1d4a4566f81cccf2418df1769e870c3d08f35635HP Security Bulletin - A potential security vulnerability has been identified with HP-UX Apache. The vulnerability could be exploited remotely to execute arbitrary code.
f63a9bd5a0698cd681c8b04d2fd5fe18872f24f269fb32468a34000ffd0d74f9HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS).
7dec54325aa0cda506b8cc747e59839eaa392ae4ba61347062f6e4a8419a6582The TIBCO Rendezvous RVD daemon is vulnerable to a memory leak, which when remotely triggered, prevents any further RV communication until the daemon is manually restarted.
9b47c3f0d8d8d8e825a8e2b220b2e9cd6cf11eac58883b543d58a90bfff9de2bGentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200711-20:04 - Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Bas Wijnen discovered an error when closing connections which can lead to a failed assertion. Versions less than 0.11.3-r1 are affected.
fd5c21ca2dd4f1db57dd846e08b40d2625d21c9f4b62cea5ae6f9576e6be0c1cSecunia Security Advisory - IRCRASH (Dr.Crash) has reported some vulnerabilities in Softbiz Freelancers Script, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
06d395e86bbfffe8d815322e16b94cc5d3d4f7eb22e5558148891eb4b50ddefcSecunia Security Advisory - Joffrey Czarney has reported a weakness in Cisco Unified IP Phones, which can be exploited by malicious people to bypass certain security restrictions.
02691c0bb9e0d351110b0a971e946cd28cca5fb808fff9f0a4ddbde4bf764674Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
8a15abf61ed12305e72a8d51c136c18418a77fdd837472489301c7f757ae5474Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
440882bcd35d61dfe643cf49be1bec34d6c90f6851ae87b4f815f7655658b9caSecunia Security Advisory - A vulnerability has been reported in @Mail, which can be exploited by malicious people to conduct cross-site scripting attacks.
8bdd64700ce0fceb828463cab72a38b1ffb6c6435f236bcb672c99a91b743335Secunia Security Advisory - Some vulnerabilities have been reported in Autonomy Keyview SDK, which can be exploited by malicious people to compromise a user's system.
7d0908cb2da75e8b036cde9c55c1da6a4483229e9bf1ec6613f09a7f6f5da18aSecunia Security Advisory - GoLd_M has reported a vulnerability in PHP_CON, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
b0279c1cee53b97e1429e694cb9c764bdf136a1b249f0eba319fe274eac5816dSecunia Security Advisory - MhZ91 has discovered two vulnerabilities in Charray's CMS, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
dd981634bcec526aa59927e992976f3bba1e69528668c9ad5ec5b160acd5614dSecunia Security Advisory - Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks or potentially compromise a user's system.
33ffcfd35847da87cb5410521ae2015b740416acec367b94035658b998f5c0e6Secunia Security Advisory - rPath has issued an update for cups, poppler, and tetex. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
39a8fb26c9bfa174695b4fd3bdad194d8287c69ec414e43166d943e47575574eSecunia Security Advisory - Mandriva has issued an update for cpio. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
2f65b28cd32d67c27cb40dfb625133445af0265c00e5319ca7a263381f5976fbSecunia Security Advisory - Ubuntu has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
3be8b14c504ea4de086dc2513ed642b9d111d8d95a4dcae4d67afa002cbb3bfb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed