CVS v1.11.4 and below contains a double free bug which allows attackers with read access to execute code on the server by sending a malformed directory name. By default, CVS runs with root privileges. Patch available here.
cf1e29270d759e81797059b571c99eff0c58d3aa9fffcdeb234d72fc4c3a22a7The MySQL database versions <= 3.23.53a and <= 4.0.5a contains local and remote vulnerabilities allowing remote attackers to bypass the MySQL password check and execute arbitrary code with the privileges of the user running mysqld. An arbitrary size heap overflow within the mysql client library and another vulnerability which allows '\0' to be written to any memory address allow DOS attacks against or arbitrary code execution within anything linked against libmysqlclient.
b385bbffd26b7aac37dec468afd6558f47557fa4ccb25456b032f8f0f3e77828A heap overflow has been found in Fetchmail v6.1.3 and below which allows remote attackers to execute code with the privileges of the user running fetchmail on Linux. It is a denial of service vulnerability on BSD. Fixed in v6.2.0.
00367f13a6c9121041c44e2a0b3582239a66f54aeae1714fc5cf1dc427242f38E-Matters security advisory - Several buffer overflows have been found in fetchmail versions prior to 6.1.0. Overflows in the readheaders() and getmxrecord() function can be used in remote denial of service attacks that may cause data loss. An overflow found in the parse_received() function allows remote code execution and may be used to compromise an affected host.
1c6a40ce9f52ec5bad26332b8020746c2492bdf33417e8c825422b64fdfc8d11Multiple remote vulnerabilities have been found in PHP's file upload code in v4.1.1 and below. Several flaws were found in the way PHP handles multipart/form-data POST requests. Each of the flaws allows attackers to execute arbitrary code on the victim's system. Patch available here.
ed473fb97e0b081cad501f6ed01a6f197383c53472b98403639543571232791aA flaw in Microsoft Internet Explorer allows an attacker to perform a SSL Man-In-The-Middle attack without the majority of users recognizing it. In fact the only way to detect the attack is to manually compare the server name with the name stored in the certificate due to a flaw in the way IE checks HTTPS objects that are embedded into normal HTTP pages.
be656d7d8e024e7317da02518924572f3527b139ee72d711816b35515804709c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed