Jiros Banner Experience Pro version 1.0 is susceptible to a remote privilege escalation flaw.
427706de5f7f0c0230d5930dad02b4cf54bc198ca11423e6899d43acbdf1bbc1FreeForum version 1.2 is susceptible to PHP code execution and cross site scripting flaws.
b4a88688c8368c2f89f2856c431b289c2361744d9ab961d2b1ba8efd04417424There is a high risk vulnerability in Guppy versions 4.5.11 and below that will allow remote attackers to destroy database files. Details provided.
a56334d59160722210ec923946ac49e919e81d4c1acbc090031cf3742db3b438Ubuntu Security Notice USN-261-1 - Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP response splitting and cross site scripting attacks. PHP applications were also vulnerable to several cross site scripting flaws if the options 'display_errors' and 'html_errors' were enabled. Please note that enabling 'html_errors' is not recommended for production systems.
016844a2172c42aa6db55405377b83f5dbaca538a695f0629958e21295374915Gentoo Linux Security Advisory GLSA 200603-08 - OpenPGP is the standard that defines the format of digital signatures supported by GnuPG. OpenPGP signatures consist of multiple sections, in a strictly defined order. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that certain illegal signature formats could allow signed data to be modified without detection. GnuPG has previously attempted to be lenient when processing malformed or legacy signature formats, but this has now been found to be insecure. Versions less than 1.4.2.2 are affected.
147982f5f506238d2f3b1c131a858691071cfe3d09f6622d604e8de071e22837Gentoo Linux Security Advisory GLSA 200603-07 - Chris Moore discovered a buffer overflow in a special class of lexicographical scanners generated by flex. Only scanners generated by grammars which use either REJECT, or rules with a variable trailing context might be at risk. Versions less than 2.5.33-r1 are affected.
ac7f50fa5b7c5442f7670d04b1cfaca981b3278f32a263717c4064e64cfd45b3Debian Security Advisory DSA 993-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, can be tricked to emit a "good signature" status message when a valid signature is included which does not belong to the data packet.
d2ec9a70711f451af643059b300e3b1dc3ca6b27e4aa33597e9b1d330dbee653Gentoo Linux Security Advisory GLSA 200603-06 - Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer overflow when extracting or listing the contents of an archive. Versions less than 1.15.1-r1 are affected.
e6642fca5ac3e87adcb3874336e2333472bef1e3213caadc6a301b8f33200db5Debian Security Advisory DSA 992-1 - Simon Kilvington discovered that specially crafted PNG images can trigger a heap overflow in libavcodec, the multimedia library of ffmpeg, which may lead to the execution of arbitrary code.
653c2e73640e4c3c42b47c4be68817e08f1ddc12dcfc56b51abb34017d12d988Debian Security Advisory DSA 991-1 - Jean-Sebastien Guay-Leroux discovered a buffer overflow in zoo, a utility to manipulate zoo archives, that could lead to the execution of arbitrary code when unpacking a specially crafted zoo archive.
3df94721d725b86e6115d1bfda407046d378229f8e63242e2778fec76b312aa0Debian Security Advisory DSA 919-2 - The upstream developer of curl, a multi-protocol file transfer library, informed us that the former correction to several off-by-one errors are not sufficient.
f7346e6f6312b02465948aadee838064e7e0d1c3320e413e676e871db30369c7Debian Security Advisory DSA 990-1 - A denial of service condition has been discovered in bluez-hcidump, a utility that analyses Bluetooth HCI packets, which can be triggered remotely.
ac5abed1076524dcbdf919f997573b9e0b1c7fe0477183038ec4d26817d9f3ceAll versions of gnupg prior to 1.4.2.2 do not detect injection of unsigned data. Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data.
33664dce746ce85ae7b0b0afb061d573e59b19d74f2b21ee3bfea0498ba07b5eSecunia Security Advisory - Debian has issued an update for bluez-hcidump. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
2d5337bc19082d8b406c960b6d38a285c48607d177776d750e270625ed228872Secunia Security Advisory - Debian has issued an update for zoph. This fixes some vulnerabilities, which potentially can be exploited by malicious people to conduct SQL injection attacks.
32330e32ce1d649bc716df2d81376647f5a4366da7a53f206c0ac0e090791509Secunia Security Advisory - Debian has issued an update for zoo. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
d8215ede3bab980ce61ac5671bcbb6d5c6506010414bef374cd81a20cac690b0Secunia Security Advisory - A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service).
65e3e137624a95f4b1c2e4cfe9a54ab2e840716427aa0dd9696c8f3ded12243aSecunia Security Advisory - Leon Juranic has reported a vulnerability in PeerCast, which potentially can be exploited by malicious people to compromise a vulnerable system.
73f5115d992a6e9bbdbeaf282062389894d4cd5bb358a811302f9aa691ecdc8cSecunia Security Advisory - A vulnerability has been reported in GnuPG, which can be exploited by malicious people to bypass certain security restrictions.
e5787d4e339bf638b2e257ff63b1231dc8188f3dee044541fc26b096be11a33eSecunia Security Advisory - Revnic Vasile has reported two vulnerabilities in Easy File Sharing Web Server, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to cause a DoS (Denial of Service).
35662e61284198addb43e0d979e75bd0de45c31d0bf9120f1944a002dc8a263cSecunia Security Advisory - Ubuntu has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct HTTP response splitting attacks and potentially conduct cross-site scripting attacks.
f68ed9f1751e54988e9d63e76cb2642dc5ebdb739a1d73fbd6af7bd14ec70ad5Secunia Security Advisory - Kiki has discovered some vulnerabilities in QwikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
e0d1c88e47435c02e4fd11b6dc79ce0edd66e416d7780248dd5e60ebb0c22a8aSecunia Security Advisory - Mustafa Can Bjorn has reported a vulnerability in JiRo's Banner System Professional, which can be exploited by malicious people to bypass certain security restrictions.
08ba4bce5cd09f7f6a57ca049e30270d71795e9e11d8d8f3c73f2418f4b963b5Secunia Security Advisory - A vulnerability has been reported in DokuWiki, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.
8b45028d056b3595758bd94c7c3ce72d55ca6952afc7cdf8822c90e04b9197f5Secunia Security Advisory - A vulnerability has been reported in UnrealIRCd, which can be exploited by malicious users to cause a DoS (Denial of Service).
0047bfd9a360473881171d22b47845fe395a4d18ac80c9ecc6c67a5949c77261
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed