Mandriva Linux Security Advisory 2008-246 - Some vulnerabilities were discovered and corrected in the Linux kernel. These include buffer overflow and denial of service vulnerabilities.
84b97debea6fb549007f320a62ef3936cf89e1582b4fc54145e28bb48ef08a2dDebian Security Advisory 1693-1 - Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web.
7d4f2198b5b04336d494d708cff47fc1fd3d46e9591ef0094b8021d14bf4c822Debian Security Advisory 1692-1 - It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs.
e579e6c82f811a87f7cbda7ba962fa5c3eb3c2050a6366f673195b25f7bb70f3The PHP GD library suffers from an imageRotate() function information leak vulnerability.
63a4f23ebaa22d5f4bb47dced105c74b50d8a00ff26e6126ba04d1a32f614feaUbuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.
4cd9f58b06577565cb8d0f6645a1ecaf732d9f924f3c0b72bfd28ab955c3a7a4Gentoo Linux Security Advisory GLSA 200812-24 - Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Versions less than 0.9.8a are affected.
ff1ca98bd0aaf2698929a17f1552ed1d294f532e680c752f8d686e4b8a1b1b94Gentoo Linux Security Advisory GLSA 200812-23 - A buffer overflow vulnerability has been discovered in Imlib2. Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load() function of the XPM image loader. Versions less than 1.4.2-r1 are affected.
9c667d42978565d5060c3031ccc7886a1193cf8b45348d1a901ca94946954eaeGentoo Linux Security Advisory GLSA 200812-22 - An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Versions less than 3.4.3 are affected.
b9685e98bc1c0819b0892c8b190e91b40b574012a19e865314a805fc6a6aa84bGentoo Linux Security Advisory GLSA 200812-21 - Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Versions less than 0.94.2 are affected.
e266277192a4a3af7c8e228304c79935f78c8defb315c8375f029ee56165f438Ubuntu Security Notice USN-677-2 - USN-677-1 fixed vulnerabilities in OpenOffice.org. The changes required that openoffice.org-l10n also be updated for the new version in Ubuntu 8.04 LTS. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS.
a7b0af4c0bf188b76f64e0e78386aa1167e756d6f4da6666c8841528f2bb2943The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.
3d5db43c4aa4093db243a62d6926f5bcb8ee486ff32706192155dc2b1ed03ea2Ubuntu Security Notice USN-698-3 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
4130a0a5287319a13ee95d2404c6c96183d3992fe351e772736db192651c5d89FreeBSD Security Advisory - The ftpd server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. This could, with a specifically crafted command, be used in a cross-site request forgery attack.
2e6c5b82c449c824228fcb5c04163a13250ea1166e252761a367a4dc98ca8ae5FreeBSD Security Advisory - Some function pointers for netgraph and bluetooth sockets are not properly initialized. A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.
68d6c56fdb87d6522cd80e38e97f33feb669cc5e02d6b6c06001e4a3bc436269HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
6bad1825bd45ef8bf1e89e87f023e29b3ea29e67cfd0f9625ddb382f30bb8dc8Debian Security Advisory 1688-2 - The update of courier-authlib in DSA 1688-1 caused a regression with setups that do not use mail addresses for authentification. This update fixes this regression.
f1c674abc89edfd6995906bf6df08c575d2f8acbbe6f8d1eb03b079f71356346Mandriva Linux Security Advisory 2008-241 - Multiple symlink attacks affect MailScanner Corporate 4.0.
0cca270a4a200073bacc1d788acece81468fc917a891f61fdbd3fc62d768f537Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an implementation error within the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to e.g. download and load an arbitrary library file by specifying a custom update server. Successful exploitation allows execution of arbitrary code. Trend Micro HouseCall ActiveX Control versions 6.51.0.1028 and 6.6.0.1278 are affected.
9e66c81942f275bd4c568096bc7e97c86af7fb3bae3a6bbeb0c68e9f7a7968a2Ubuntu Security Notice USN-698-2 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
4e244374ea539938e1f6f7982c0d57401709ea018fc2a14023fe9f1283920975Ubuntu Security Notice USN-698-1 - It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
d9dfe7061cd9c715a0607cd9560ce84412a88d2dbe4f4a431ec91723cd520c8cUbuntu Security Notice USN-697-1 - It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.
d653df98d6170f274789b6210547268ba1a992b3243a8145e834c36ac982ae95Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.
5cadcbf1d0c25ea0b4eeaefe61aba2f5aa7ba23cdc4e042bdbe6731fc0bbb9e2Debian Security Advisory 1691-1 - Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.
157ae4c1f93c80363f5da2039e5008842435f365223797ef677fa7894c54dcf7Debian Security Advisory 1690-1 - Two denial of service conditions were discovered in avahi, a Multicast DNS implementation.
ef1a5df07104978bb17173fe99f506005c7a6bbe6cf093b6fdec41e6a73983b8Gentoo Linux Security Advisory GLSA 200812-20 - Multiple vulnerabilities have been discovered in phpCollab allowing for remote injection of shell commands, PHP code and SQL statements. Versions less than or equal to 2.5_rc3 are affected.
b64c3015b2c58dad5271775cfc8ac2573f3bd171282bd8f6f9014bacea41ac41
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed