Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when sending certain test sequences to an FTP server. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading a file from a specially crafted FTP URI. Successful exploitation allows execution of arbitrary code. Internet Download Manager version 5.18 is affected.
56af8243c012b2993b884e0396af073ae6088b78ca52aa485de63621dbffa10cMandriva Linux Security Advisory 2010-088 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
e35095f623ba6a410cd3c46cfabf90eff6d811d179244c48dcb04cae2f29d1d5Ubuntu Security Notice 934-1 - Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service.
b35687a340a4fdbf7229769133d5339808e1f1c6becbce15b0647f661933d805Secunia Security Advisory - Ubuntu has issued an update for netpbm-free. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
42a1c4b2abdfad7c280a2c69153d3d4a7952e9bd74890dcc178c125df00cfa5cSecunia Security Advisory - A security issue has been discovered in deV!L'z Clanportal, which can be exploited by malicious people to disclose potentially sensitive information.
7d6acee451282ffc82925a88b8d66aad8e9fe71a4bc29d522c4fb3d8c76a9a6bSecunia Security Advisory - A vulnerability has been reported in Microsoft SharePoint Server 2007 and Windows SharePoint Services 3.0, which can be exploited by malicious people to conduct cross-site scripting attacks.
0f9eb364ecbec46d5cbf86ca7e74aed76aeba37ea7cdc25c5ad1448839dea541Secunia Security Advisory - Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system.
4271da131c95503e0ab2e9e9f6757f6fad94289067ecadfe809ae4e6d9aadaeeMandriva Linux Security Advisory 2010-087 - Multiple buffer overflow vulnerabilities have been found and corrected in poppler. The updated poppler packages have upgraded to 0.5.4 and have been patched to correct these issues.
4168f306577bc79b87d31896306a31d170c85717df5212b9d33cbb3aa67282adMandriva Linux Security Advisory 2010-086 - Multiple vulnerabilities has been found and corrected in kpdf (kdegraphics). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. The updated packages have been patched to correct these issues.
176ce851ea5226fd5466f63f85a1de7bc3edc6ecd276970bc8cbdb5ae0388691Ucenter Project version 2.0 uses an insecure crossdomain.xml set up.
4a0e61c8cb8a5797729d5f127a7d64188188e76c72cb29d715ee92bb6fbb6d9dUbuntu Security Notice 933-1 - It was discovered that PostgreSQL did not properly sanitize its input when using substring() with a SELECT statement. A remote authenticated attacker could exploit this to cause a denial of service via application crash.
c5e6c2d965cb8d3c77f1c402acebd01a9f7dcf4e1f91bc9465d926a621ffd86cIt is impossible to maintain a secure session with Twitter, for multiple reasons. Additionally, once a session has been hijacked, it is possible for the attacker to maintain control over the account (not just the session) indefinitely, unless the user changes their password. This is because the session cookie has the same lifetime as the password.
33ce90a17e72942d80262b42b39d4448a3e3b1ef746c48a5ce44c25d9b3ef5efSecunia Security Advisory - A vulnerability has been reported in Modelbook, which can be exploited by malicious people to conduct SQL injection attacks.
a7f8269265ea2d34636e23de0cea2f7d485b859e07cabf4c6007d80ab4ed2719Secunia Security Advisory - A vulnerability has been reported in Video Battle Script, which can be exploited by malicious people to conduct SQL injection attacks.
315f8c36b890b40fd387e0e12118cd7cd4ced7dd790b02901ead710bea629911Secunia Security Advisory - A security issue has been reported in the Privatemsg module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
2f12ff632adab2fbd98fa6160c6c2de6b7cc9b7fe3bd9dc8b6be18989cf767f8Secunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
7f4ccc7bbce6eb2d7d49f00a2fd57cefdc5ac8490b045edab4dc1e7e4acc2e25Secunia Security Advisory - A security issue has been reported in the Decisions module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information.
5d49bcdd64e5fe71c0f352d333229d0a8158f4c68187541e5baa2f0ef357d6bfSecunia Security Advisory - John Leitch has discovered a vulnerability in Tele Data Contact Management Server, which can be exploited by malicious people to conduct SQL injection attacks.
649e31d403dfc207d12dc0af240a32d1b0401110fe2db658a11f224975feba13Secunia Security Advisory - A vulnerability has been discovered in gpEasy CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
06468bb531dd0b141d6d24129baa2958bbc834f5b0e07dc18238ce66ce0dc752Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to cause a DoS (Denial of Service).
419e20bc17306d3e04dcf60cf4a35e232c4c13835268bb17d10fc7646f1d3d7aSecunia Security Advisory - Some vulnerabilities have been reported in iScripts SocialWare, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
f6010d2c078319f5f855e489fe5a55fb22870caedcc63844d20c11709c6b1001Secunia Security Advisory - A vulnerability has been reported in 2daybiz Auction Script, which can be exploited by malicious people to conduct SQL injection attacks.
cd879e5523565e51b39e240372bd0ccaf2666048010dd6c4521477691c44716aSecunia Security Advisory - A vulnerability has been reported in CLScript, which can be exploited by malicious people to conduct SQL injection attacks.
d8ae16113423f3a548edbcad0cd589c1e98e2d587584f20857536495c2e26ce5Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a user's system.
313b2fb698616bfaf692fa2baeb9cda98bd4eaddec719e4e65d2b4fc957ea617Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, potentially gain escalated privileges, and cause a DoS (Denial of Service) and by malicious users to disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to bypass the scanning functionality, gain access to potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
3f3fbbdf68920af71c24b6666152b7ce98b88e8d8c1f50497bfb75dc3b0fc4b5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed