Secunia Security Advisory - Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information. The vulnerability is caused due to an error in the register_globals emulation layer where certain arrays used by the system can be overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session and include arbitrary files from local resources. The vulnerability has been reported in version 2.3 and prior.
100853e9d29a03194752e0e5e462c247747ea79230d911ae2b05accc0766ce7aSecunia Security Advisory - A vulnerability has been reported in Solaris, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in in.named when handling queries that the server is not authoritative for. This can be exploited to cause the server to make unnecessary queries to DNS root servers for IPv6 address records that have already been cached by the server. The vulnerability has been reported in Solaris 9.
05c61ba66d06ff0e1737d7fda26e7497ad1a1f1e4c04f34818b206227022831eSecunia Security Advisory - Debian has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. See vulnerability #5 for more information: SA14299
c90b01bb02a5f9d96253d0e4801e4ae47b6688d1f3044a18914d8348313724b6Secunia Security Advisory - Toni Koivunen has discovered a vulnerability and a weakness in phpAdsNew, which can be exploited by malicious people to disclose system information and conduct SQL injection attacks. 1) Input passed to the sessionID cookie parameter in logout.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that magic_quotes_gpc is disabled. 2) The problem is that it is possible to disclose the full path to misc/revisions/create.php by accessing it directly. This can further be exploited to list installed scripts by accessing libraries/defaults/revisions.txt. It is also possible to disclose the full path to other scripts by accessing them directly. However, this require that display_errors is enabled which is not a recommended setting for production systems. The vulnerability and the weakness have been confirmed in version 2.0.6. Other versions may also be affected.
85dbd99bf623d7bb00897f5040530640464e05c2c6ba4f8e84ba29301b117b9aSecunia Security Advisory - Some vulnerabilities have been reported in OcoMon, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to certain unspecified parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
3d9860021ff1851af1b1fdbe51dc64095e17371dbd70bf44ec8bbf7ea4d0c53cSecunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious, local users with unknown impact. The vulnerability is caused due to an unspecified error in the /usr/lpp/diagnostics/bin/diagela.sh script due to the use of absolute path. The vulnerability has been reported version 5.2 and 5.3.
29ab34069aaf30a1a6a06fb420e8471de921ca5676d0de777c9f29225c1054aeSecunia Security Advisory - Some vulnerabilities have been reported in Exponent CMS, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system. 1) Input passed to the parent parameter in the navigation module and the id parameter in the resource module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) An error in the image upload handling can be exploited to upload and execute arbitrary PHP code in images. Some other issues which may be security related have also been reported.
9774abd7750990ee48cc24d3168e72b34327f74b7fe5c4f74ad273ddadea726cSecunia Security Advisory - Nortel Networks has acknowledged multiple vulnerabilities in Nortel CallPilot, which potentially can be exploited by malicious, local users to gain escalated privileges, or by malicious people to cause a DoS (Denial of Service), or compromise a user's system or vulnerable system. For more information: SA16480 SA17160 SA17161 The vulnerabilities has been reported in versions 3.0 and 4.0. The vulnerability in MS05-050 (SA17160) also affects versions 1.07 and 2.x.
392361c49df2481b7e6e932e9cf5feedd7fc5d8b5fcdbc9b2ec457b03e98fba0Secunia Security Advisory - eEye Digital Security has reported two vulnerabilities in RealPlayer, RealOne, and HelixPlayer, which can be exploited by malicious people to compromise a user's system. 1) A signedness error exists when handling the first data packet in a Real Media .rm file. This can be exploited to cause a stack-based buffer overflow via a specially crafted .rm file that contains values between 0x80 and 0xFF in the application-specific length field. Successful exploitation allows arbitrary code execution. The vulnerability has been reported in the following versions: * RealPlayer 10.5 (6.0.12.1040-1235) (Windows) * RealPlayer 10 (Windows) * RealOne Player v1 (Windows) * RealOne Player v2 (Windows) * RealPlayer 8 (Windows) * RealPlayer Enterprise versions 1.1, 1.2, 1.5, 1.6 and 1.7 (Windows) * RealPlayer 10 (10.0.0.305 - 331) (Mac) * RealPlayer 10 (10.0.0 - 10.0.5) (Linux) * Helix Player (10.0.0 - 10.0.5) (Linux) 2) A boundary error exists when extracting a RealPlayer skin .rjs file. This can be exploited to cause a heap-based buffer overflow in DUNZIP32.DLL via a malicious .rjs file with a specially-crafted file length field. The vulnerability has been reported in following versions: * RealPlayer 10.5 (6.0.12.1040-1235) (Windows) * RealPlayer 10 (Windows) * RealOne Player v1 (Windows) * RealOne Player v2 (Windows) * RealPlayer 8 (Windows)
98b41a74864fac843bc144df3a00fc1a2b01d23bbff42649c09d8a66b1c3fe4aSecunia Security Advisory - Two vulnerabilities have been reported in Kerio WinRoute Firewall which potentially can be exploited by malicious users to cause a (DoS) Denial of Service and to bypass certain security restrictions. 1) An error in the handling of RTSP streams from certain RTSP servers may cause the service to crash. 2) An error in the handling of user authentication may allow users to be successfully authenticated even when their accounts are disabled. Some other errors, which may be security related, have also been fixed.
32a0e23a79b989049b296c7e768f1dc11d148a82bde26bb841b54bcbd09ec049Secunia Security Advisory - Fedora has issued an update for sylpheed. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA17492
44ca85df682ceb9f791d509012c34e654328a0e9264687e5c4994c56e348547cSecunia Security Advisory - rgod has discovered some vulnerabilities in Moodle, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the id parameter in category.php and info.php, and the user parameter in plot.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that magic_quotes_gpc is disabled. 2) Input passed to the jump parameter in jumpto.php isn't properly verified and sanitised before being returned to the user. This can be exploited to execute arbitrary Javascript code in a user's browser session in context of an affected site via the javascript: URI handler. The vulnerabilities have been confirmed in version 1.5.2. Other versions may also be affected.
dd5c6aeab506f3fff6374a1d10ab776d740f586d0cd6a6d7a06a0b1f5ae3c372Secunia Security Advisory - john has reported a security issue in Campsite, which can be exploited by malicious people to disclose sensitive information. The problem is that the MySQL password is sent in clear text in a mail to the administrator when the notifyendsubs cron job runs.
f0f522f46a15e581e87e9369a6831f20cdc51f3dfc35ac16975e68c497a9c72aSecunia Security Advisory - Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. For more information: SA17371
0a0d7354308f077a9781fd255f0848621c74578197127021d0edc5b7faf3c567Secunia Security Advisory - Red Hat has issued an update for cpio. This fixes a vulnerability, which can be exploited by by malicious, local users to disclose and manipulate information. The problem is that output files are created with insecure permissions, which makes it possible for other users to read and manipulate the contents. This update also fixes a race condition when setting file permissions.
de9cf718dfc54f6fbfee0c72f6ded4f5e5484a676e59a87a795322ee052ca258Secunia Security Advisory - A vulnerability has been reported in Sudo, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error within the environment cleaning. This can be exploited by a user with sudo access to a perl script to load and execute arbitrary library files via the PERLLIB, PERL5LIB and the PERL5OPT environment variables. The vulnerability is related to: SA17318 Successful exploitation requires that the perl tainting option is not enabled. The vulnerability has been reported in versions prior to 1.6.8p12.
9475fdded5a613a56866b39bf48ef3277eb27ab8afcc6c8e6e01b1681df8df89Secunia Security Advisory - Red Hat has issued an update for lm_sensors. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA16501
030b4f93933a9d61b79f9b324dfd03495ce79c1fc7b58fedeb0542fa443cd30bSecunia Security Advisory - A security issue has been discovered in Dev-Editor, which can be exploited by malicious users to bypass certain security restrictions. The problem is that it is possible to access files and directories outside the virtual root directory when the given path is a subset of the virtual root directory. Example: If the virtual root directory is /var/www/html/test1 then users can access /var/www/html/test10. The security issue has been confirmed in version 3.0. Prior versions may also be affected.
a1b48d6ab5330cf5ee72fb1c38e0f7fdf8c990af32254fdbe80cea8ee6c7b8d8Secunia Security Advisory - Fedora has issued an update for sysreport. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. For more information: SA16381
53fdd42bdf528b817ea9d2cbb8579affe3e94154994ab4bf4131a3d67544fd3bSecunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA16969 SA17504
ff49db82436f7634eeaa09ab068739927b329cd0cbfd280d87e4b08b794e534c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed