Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Winmail Server, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks, and overwrite arbitrary files.
20c83331ea5fa4613eb4e2541dccdf8fd0d1d695c7aeacfe876c04acb0d5529cSecunia Security Advisory - Some vulnerabilities have been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) An integer overflow error in /gtk+/gdk-pixbuf/io-xpm.c when processing XPM files can be exploited to cause a heap-based buffer overflow. This may be exploited to execute arbitrary code when a specially crafted XPM file is opened in an application that is linked with the library. This may be related to vulnerability #2 in: SA12542 2) An error in /gtk+/gdk-pixbuf/io-xpm.c can cause an infinite loop when processing a XPM file with a large number of colours. This can be exploited to cause an application linked with the library to stop responding when a malicious XPM file is opened. 3) An integer overflow error exists in /gtk+/gdk-pixbuf/io-xpm.c when performing calculations using the height, width and colours of a XPM file. This may be exploited to execute arbitrary code or to crash an application that is linked with the library when a malicious XPM file is opened.
284d9c0ad71f7be1eabec56dee3c82c1a8a1c92bde64455b7cd12dc3c98dfc64Secunia Security Advisory - Red Hat has issued an update for gdk-pixbuf. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17522
936839687806bd66bef61e8ba80e52c9c72ab12a8013c4712e3ff194196ecbf5Secunia Security Advisory - sp3x has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the query parameter when performing a search isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been confirmed in version 7.8. Other versions may also be affected.
3993cad7d84f7bc89a7c4e923ce3b31452141da928a0a44ec2d49a0e6c7024edSecunia Security Advisory - Rafi Nahum and Pokerface have reported a vulnerability in Walla TeleSite, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to various parameters in ts.exe isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been reported in version 3.0 and prior. Other versions may also be affected. Note: It is possible to enumerate webpages by manipulating the numeric value that is passed to the tsurl parameter. In addition, it is also possible to detect the presence of local files by providing their full pathnames to ts.exe and observing the error messages.
2e7e5be7090c1e60bea289ec76cc8e40c0f41f838d411efb0560608600965198Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
9aaf148ed6e7d2493f3f52c96746a22acb8f4794bc6f91daaf5e2fd3d77b3e4fSecunia Security Advisory - Some vulnerabilities have been reported in PHP GEN, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5811958d3dda1165f15ed6bc92fb401aa39d1f2172ed92f1ae3ff669de0cfe50Secunia Security Advisory - Ubuntu has issued an update for gtk2-engines-pixbuf / libgdk-pixbuf2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17522
1dab73d07cdd0c861122b8c738e29a6907faec9e31f45a7a132abcb29552ce68Secunia Security Advisory - A vulnerability has been reported in PEAR, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a design error in the PEAR installer. This can be exploited by a package that is installed using the PEAR installer to execute arbitrary PHP code when the pear command is executed or the Web/Gtk frontend is loaded. Successful exploitation requires that the user has installed a malicious package using the PEAR installer, or installed a package that depends on a malicious package. The vulnerability has been reported in version 1.4.2 and prior.
64857895c4183a2a8fcf130b2a1c67d4f78aa65bf10a86596ab30510fa21eb04Secunia Security Advisory - Claudio Sverx has discovered a weakness in Internet Explorer, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs displayed in the status bar. The problem is that the browser fails to show the correct URL in the status bar if an image control has been enclosed in a hyperlink and uses a form to specify the destination URL. This may cause a user to follow a link to a seemingly trusted website when in fact the browser opens a malicious website. This weakness is a variant of: SA13156 Example: The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.
fd820c69e1e10faa546c4bf1697f7f7ff2de1eadf49e8b11d861fa83d3d2cb29Secunia Security Advisory - Multiple vulnerabilities have been reported in phpGroupWare, which potentially can be exploited by malicious people to conduct cross-site scripting attacks and manipulate certain information.
e1df08ad1c2fa78044cb9262d294bd9c74a87548c15203c7c5b181ddab42084cSecunia Security Advisory - Claudio Sverx has discovered a weakness in Opera, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs displayed in the status bar. The problem is that the browser fails to show the correct the URL in the status bar if an image control with a title attribute has been enclosed in a hyperlink and uses a form to specify the destination URL. This may cause a user to follow a link to a seemingly trusted website when in fact the browser opens a malicious website. This weakness is related to: SA17565 Example: The weakness has been confirmed in version 8.5. Other versions may also be affected.
3c1ca62f31e86fb4bff1d8c1bb3585fc1fc5d26751b9ace9297cf48dbf531042Secunia Security Advisory - Toni Koivunen has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct HTTP response splitting attacks. Some input passed to libraries/header_http.inc.php isn't properly sanitised before being returned to the user. This can be exploited to include arbitrary HTTP headers in a response sent to the user. Successful exploitation requires that register_globals is enabled. It is also possible to disclose the full path to certain scripts by accessing them directly. The vulnerability has been reported in versions prior to 2.6.4-pl4 and in version 2.7.0-beta1.
e44792a331c5f72e03e5713b61e2db82c634886e0b6795144bc9dace25ee26c5Secunia Security Advisory - Some vulnerabilities and a weakness have been reported in phpPgAds, which can be exploited by malicious people to disclose system information, and conduct HTTP response splitting and SQL injection attacks. For more information: SA17464
33d4322498517dccaa994d3efc64e911b69f0e741c0276d3f6d4dfa1da963412Secunia Security Advisory - HACKERS PAL has discovered a vulnerability in Help Center Live, which can be exploited by malicious people to disclose sensitive information. Input passed to the file parameter in the osTicket module isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. The vulnerability has been confirmed in version 2.0.2. Prior versions may also be affected.
80aca86329ab43902789f7074bc6f3d3e0bedb1d2e1360333ee4b180e070ed06Secunia Security Advisory - syst3m_f4ult has reported a vulnerability in AudienceView, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the TSerrorMessage parameter in error.asp isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
72c1e3afaacfd95353483088ca0f790fe895feeafabc9fed6d57965f991315b4Secunia Security Advisory - barabas mutsonline has discovered a vulnerability in freeftpd, which can be exploited by malicious people to compromise a vulnerable system.
2ec9072afda05537da1aa0af7a1dc40b3fd16ca766f3327b3fdd099f5bb075a5Secunia Security Advisory - r0t has reported a vulnerability in Interspire ArticleLive NX, which can be exploited by malicious people to conduct SQL injection attacks.
a0f2d0d7917dfe44f47e39e38be03c1a5086fbb9df44577727246625a73181b3Secunia Security Advisory - Debian has issued an update for linux-ftpd-ssl. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA17465
f7392c4019a510f5995b5d5d74aa3bd4ad84cade1fdcaf301cafc2522c4f9107Secunia Security Advisory - Ziv Kamir has discovered a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
f109f7ac1503cdf7d6f482c78a03c8c84f35729569d432b215340b16ac742830Secunia Security Advisory - Red Hat has issued an update for gtk2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17522
b8075460987657217f0cefb47dbca7a4d83d9d34669d09d0d8eabfb894c36f7eSecunia Security Advisory - SCO has issued an update for openssl. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions. For more information: SA17151
e2d997848cffa863e8cc8ac554bffc77b193bf16ef5b2fc24556ba820670dae1Secunia Security Advisory - Stefan Lochbihler has reported some vulnerabilities in phpwcms, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed to the form_lang parameter in login.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. 2) Input passed to the imgdir parameter in random_image.php isn't properly verified, before it is used to view a random image. This can be exploited to disclose the content of arbitrary files via directory traversal attacks. 3) Certain input passed to act_newsletter.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities have been reported in version 1.2.5. Other versions may also be affected.
b5ed570163b008f822f490709fc76542f8d4d811d068d8febaf6ef4228025a39Secunia Security Advisory - Fedora has issued an update for gtk2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17522
9128c028adde05376ffd7ae46912fc96b5417dc39ab8e30c0613dd533cb98147Secunia Security Advisory - Fedora has issued an update for gdk-pixbuf. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17522
02704226ead6ee1a982340dcc5b0ccfd076025d64e04503f4cb197016fb78663
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed