CVE-2006-0745 - Local privilege escalation in X.Org server 1.0.0 and later and X11R6.9.0 and X11R7.0. When parsing arguments, the server takes care to check that only root can pass the options -modulepath, which determines the location to load many modules providing server functionality from, and -logfile, which determines the location of the logfile. Normally, these locations cannot be changed by unprivileged users.
6597d054bf1ef5dc391e506a54c9531f46d310afd1d4f729bf2368bf13702df2Local privilege escalation in X.Org server 1.0.0 and later and X11R6.9.0 and X11R7.0 exploit.
81d5540a611e74f98271be7be6e7aa9d94af55ec197cd0cc41de55e8effc075bSCO Security Advisory - SCOSA-2006.14 - Multiple X Window System server applications share code that may contain a flaw in the memory allocation for large pixmaps. The affected products include the X.Org X server applications.
48a4a938dcd936474a5b0b2e47c15d935c2921f4a1da2aecfed9eb732aad2714SCO Security Advisory - SCOSA-2006.13 - Vim is susceptible to an arbitrary command execution vulnerability with ModeLines. This issue is due to insufficient sanitization of user-supplied input.
045df8e15e8974f0ee7a35d6f5a30b98ba9803981c87de92add7de742b49f595phpWebsite suffers from SQL injection in friend.php and article.php
e2e32d25d3c3bd1df4306397519702b62cea87e47a37f282960c33eaa6d27288Contrexx CMS versions greater than or equal to v1.0.8 are vulnerable to XSS.
6f1d27f4a4c5be992cbde88effca2f469cf3d7939aef8bc65a27c742558a891ceVuln Advisory EV0093 - NMDeluxe XSS & SQL Injection Vulnerabilities
15b77166a203f1fbc7e6a4a499ba0f2ad4752579355c27c34b8e3b9a6ec16641Cisco Aironet 1300 running IOS 12.3(8)JA with default settings is vulnerable to a DoS condition.
c463c054bea69c0c1223da663e0153cd87c0ae577f2358da9011e8e4f1d4db4eASPPortal versions less than or equal to 3.1.1 suffer from multiple remote SQL injection vulnerabilities
59ac40eb1594f2a0a1f3d4cb8ec00ff7e68085a272db227b8c938dce7e935860SUSE Security Announcement - SUSE-SA:2006:015 - A critical security vulnerability has been identified in the Adobe Macromedia Flash Player that allows an attacker who successfully exploits these vulnerabilities to take control of the application running the flash player.
f186d9f33539a24b0938e1c3428dc4538701eb0fa381bcf2354d6acba542c975SUSE Security Announcement - SUSE-SA:2006:016 - A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root, as is the default in SUSE Linux 10.0. This flaw was spotted by the Coverity project.
3b96230c3677d9dbeaa5a217f3bf600f0d44bb66092ec2f718dc5d5495ab900dHPSBUX02102 SSRT051078 rev.1 - HP-UX usermod(1M) Local UnaUthorized Access A vulnerability has been identified with certain versions of the HP-UX usermod(1M) command. A certain combination of options can result in recursively changing the ownership of all directories and files under a user's new home directory. This may result in unauthorized access to these directories and files.
ab58f9a1d962c93ef79a0f2b536952da288ef76d0448a8f7ce5c2a1380f7d4e1Symantec Security Advisory SYM06-005 Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job log Format String Overflow
3fc9efcaf1ab4361eced5ce676619447b9191aad96ae7b1e9960224f392b4759HPSBUX02101 SSRT051128 rev.1 - HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access - A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access.
b5cd03f600764ec33a21ec9deafc1b243987b7348cbcfa257d43c31691bb846dHPSBUX02074 SSRT051251 rev.2 - Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access.
ab11fea4af0a5ebeb6c93f6fd0c9a425a6c492e61ff02054fe4939bf38272e32Symantec Security Advisory - SYM06-004 - Veritas Backup Exec: Application Memory Denial of Service Revision History
3cf6cedd2727b8d02b6fdab13aa1d34f6c67ae0bdfbb7bb178f07de3946b1ad1Wbb 2.3.4 suffers from XSS
25de8190086d793f53585e473a90e38fa1db9812bfce95004faf3850e45874d1Mandriva Linux Security Advisory - MDKSA-2006:057 - GNOME Evolution allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
70e2776e6f09781498f373af6aec344ccc99c3d48d7dd47cba41bf1b53bcae93Mandriva Linux Security Advisory - MDKSA-2006:056 Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files.
1b4dc778f135dce7313a0c6677e5973fb5181a57f2293962ea9d6716ce025595Fedora Legacy Update Advisory - The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
ee6f50d49649eced00d8838ca76b59d9bfb34379acdb09d9b6ecab2c83abde88Fedora Legacy Update Advisory - A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened.
a3b430b96ae15332234700a20563004de6038b6f794a7e43f9bf6e1c3118f62cFedora Legacy Update Advisory - FLSA:174479 - Several bugs in the way libungif decodes GIF images were discovered. An attacker could create a carefully crafted GIF image file in such a way that it could cause an application linked with libungif to crash or execute arbitrary code when the file is opened by a victim.
f8d99dea5e034cd2dcadcf70311aa4f455025952ec37765bd6424c5d5b3b8292Fedora Legacy Update Advisory FLSA:173274 - A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.
88bb1caf6104789578fa6e50c0b3ca36408039f9ce3a4cf29c94987353b0d235Fedora Legacy Update Advisory FLSA:157459-4 - Updated kernel packages that fix several security issues are now available
f4256e55c28ba1912634c8ce7c70d6529e0e086ab7339a38903eba88d2edcac3Gentoo Linux Security Advisory GLSA 200603-16 - Ulf Harnhammar discovered a buffer overflow in Metamail when processing mime boundraries. Versions less than 2.7.45.3-r1 are affected.
f29c70fd6cfcbb588c484138110f7ed7aff908196900f804c3cc3aa493371651
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed