Debian Security Advisory 1540-3 - This update fixes a regression in lighttpd introduced in DSA-1540, causing SSL failures.
700fbcba0948ac083649f503b18b4778a113b2ad544f5d67eeb60962055d0e06Ubuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu.
3f4762bf322681e8f3484947ebc156f14c168b070b0d2ba92a048e740c8ac08fThis advisory discusses the filetype.vim vulnerability in Vim version 7.2b.10 that allows for arbitrary code execution and also notes that the Vim patch 7.1.300 did not fix the vulnerability.
ce5ac1fb0fa0e4f7d6ca3213e51c52d637564fd39e7c05602f63456e5bd83fcdAsterisk Project Security Advisory - An attacker may request an Asterisk server to send part of a firmware image. However, as this firmware download protocol does not initiate a handshake, the source address may be spoofed. Therefore, an IAX2 FWDOWNL request for a firmware file may consume as little as 40 bytes, yet produces a 1040 byte response. Coupled with multiple geographically diverse Asterisk servers, an attacker may flood an victim site with unwanted firmware packets.
033fd05fff387ab0474d5a49f0a057699dcb0943d8893658905cf254d19d1aa2Asterisk Project Security Advisory - By flooding an Asterisk server with IAX2 'POKE' requests, an attacker may eat up all call numbers associated with the IAX2 protocol on an Asterisk server and prevent other IAX2 calls from getting through. Due to the nature of the protocol, IAX2 POKE calls will expect an ACK packet in response to the PONG packet sent in response to the POKE. While waiting for this ACK packet, this dialog consumes an IAX2 call number, as the ACK packet must contain the same call number as was allocated and sent in the PONG.
d7ea9284131bcea62f7425642c3db4439b8033df1205a39d88ff0808e5893c71Mandriva Linux Security Advisory - A vulnerability in xemacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by xemacs. The updated packages have been patched to correct this issue.
4f2b86980c8b8649e554d4d774dcb3460ffe1043f38da62b62114074a8c90c01Mandriva Linux Security Advisory - A vulnerability in emacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by emacs. The updated packages have been patched to correct this issue.
40560bc23082187698d3b92addfc7ab5888597b4f0874ed4f353f8ae0421fd12Mandriva Linux Security Advisory - A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not vulnerable to that.
fa99212bacd74579dda5c1a71dffa9e67ea44046c3ef0fbfe9f198ad7864f01fMoodle version 1.6.5 is vulnerable to web root disclosure issues.
b7152cf1de201fd0666c3798c71f085ae1c67f8fcd050b3cf71b0174519848b9SocialEngine versions below 2.83 suffer from an input validation vulnerability that allows for client take over.
efee5ae6331151db8e868532a24b5069c026036c4445d870851b81127c4c0dcbEMC Dantz Retrospect 7 Backup Server version 7.5.508 suffers from a weak password hash arithmetic vulnerability in the authentication module.
1596d2328afec96db809557f05df08025aca83b41d12b5458c7f8ca05bdb92d7Secunia Security Advisory - A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions.
4a86675e01031f223fd7ae710847c5505889a45e1cf8b6a75b57b93993c12584Secunia Security Advisory - Some vulnerabilities have been discovered in YouTube Blog, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system.
8e382fc0175282850718f4e5df960d4f2bab5befb47c6a7d440b4a0b553f09edSecunia Security Advisory - Fedora has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks.
1614cb8806244e34e21684d10937c60c63d38272ba7967cdbdbd49b8adc10fc9Secunia Security Advisory - DreamTurk has reported a vulnerability in Pre Survey Poll, which can be exploited by malicious people to conduct SQL injection attacks.
3fae1a7bf944b9c75ad98d18296b13c57a6d370e37ec9cf9afb53af57a2b3fb7Secunia Security Advisory - A vulnerability has been reported in the Forum plugin for Geeklog, which can be exploited by malicious people to conduct cross-site scripting attacks.
559820cf18d398f9c23334fa2ddf73749c38f11c1a8769e91391d1f531368858Secunia Security Advisory - ProCheckUp Ltd have reported two vulnerabilities in Moodle, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site request forgery attacks.
ca7af74acf64091f6eb7aa3c17758478d6304180aae6639aa09c9fe0bac6eddaSecunia Security Advisory - Some vulnerabilities have been reported in dnsmasq, which can be exploited by malicious people to cause a DoS (Denial of Service) and poison the DNS cache.
f8c790354f0216cf42b33b317bd0e67aa30ebfcdde9b62cdce25cc730ad4a0ddSecunia Security Advisory - Ubuntu has issued an update for dnsmasq. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
b79bc01eddb56558298af24a453e201fec5b6babb04be2df995296c77e683d4aSecunia Security Advisory - Digital Security Research Group have reported some vulnerabilities in Claroline, which can be exploited by malicious people to conduct cross-site scripting attacks.
70dc495f71e0829f2d192778e974195974e04d590b315d36c486990c3e96531aSecunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, and malicious people to cause a DoS (Denial of Service).
7307be247023564ec84feeab7a63691939616aadcd472122a8cb6080efda0d05Secunia Security Advisory - An updated version of IPCop has been released, which fixes some vulnerabilities in bzip2, dnsmasq, and snort, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and poison the DNS cache.
80d9212b06fdddf881f1dc302073356eb3283dcafedabbb6a097745e61a64711Secunia Security Advisory - Digital Security Research Group have discovered a vulnerability in Interact, which can be exploited by malicious people to disclose sensitive information.
ac1a55068ddb09a4a47ca0a5437512fd9b92bc73a09f5cb038ec9dece1edaddeSecunia Security Advisory - Cr@zy_King has reported a vulnerability in ShopCartDX, which can be exploited by malicious people to conduct SQL injection attacks.
44b56affddd864b9a9b5df2ab80655f8583e7f8767325e326e17264d5261889fSecunia Security Advisory - Mr.SQL has reported a vulnerability in MojoJobs, which can be exploited by malicious people to conduct SQL injection attacks.
943fff0a3c0961a0256ef1a09279f6e768ec6f77420b09b6adab812a4f23a658
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed