Fenice - Open Media Streaming Server remote BOF exploit
db831e0334e07625a17fd472f344abe95b35aa6b688f1aa2dae0eaa4669a3ce9VWar versions less than or equal to 1.21 remote code execution exploit.
595a5ecb4c341efa104c9eac2223f56b35870bbdb9993e1ed6fa5e452b3436cbFreeBSD Security Advisory FreeBSD-SA-06:14.fpu - FPU information disclosure: On affected processors, a local attacker can monitor the execution path of a process which uses floating-point operations. This may allow an attacker to steal cryptographic keys or other sensitive information.
7a90ad481bb181822f4882bcd4d2e967f8919ef69c8cce7ee8b546a06c7dd4b9SCO Security Advisory SCOSA-2006.22: Multiple X Window System server applications share code that may contain a flaw in the memory allocation for large pixmaps. The affected products include X server applications.
4a82a3fee6c3a4a73dc75547647bd84887f366ce6e2a0df657063dbb69784554SCO Security Advisory SCOSA-2006.21 - Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
33ca8ba70b4d50b49744483b82ed5ddc58a29321f5afd1ac2fe7b19d84a4cbebSCO Security Advisory SCOSA-2006.20 - Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
a784883db9c7e5315a947a7fb23fc031df6572ebe92104e84989fb0b30f8950aSCO Security Advisory SCOSA-2006.19: Ghostscript is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.
7df7887ae2daf98ae0f7e2d63e1abf4cd7ee467895f87478e9d548c28a65c231Rapid7 Advisory R7-0023 Symantec Scan Engine File Disclosure Vulnerability: There is a vulnerability in Symantec Scan Engine which allows unauthenticated remote users to download any file located under the Symantec Scan Engine installation directory. For instance the configuration file, the scanning logs, as well as the current virus definitions can all be accessed by any remote user using regular or specially crafted HTTP requests.
4d71a2eee193a1059c22b4bd1473d7dc6d0355eb591b5b52a8dcd408efd6d8e8Rapid7 Advisory R7-0022 Symantec Scan Engine Known Immutable DSA Private Key
b4de8f7ac8fadf166331f3e6357452d67e13245d3d2cf1c757eec6d3e96e13a4Rapid7 Advisory R7-0021 Symantec Scan Engine Authentication Fundamental Design Error
3bece8abddf554ba4d0c57299c7e73675c86caa6a0fbf1c2ebab9ee47ce9f6a1Rapid7 Advisory R7-0019 - Directory traversal vulnerability in SolarWinds TFTP Server for Windows
6de7708c47505551fec62766fbeacfec804f360a4b485bb5b005eba41b0cfc67eVuln ID: EV0124 - RateIt 2.2 SQL Injection Vulnerability
e73dfd16334513bc8a0bf4e34358d8d0c466c3425313b4394c3a29de8f67c73aeVuln ID: EV0123: MWNewsletter 1.0.0b SQL Injection and XSS Vulnerabilities
236a7a3df366569f758c42b81e06621b225db9db7ed5f59d15ce646f5d8a63cfeVuln ID: EV0122: MWGuest XSS Vulnerability
6f3dda3ddebb527368d61a8542d7afd38440d1b5788ebbed1a7fff9dbd1c3b6eeVuln ID: EV0121: N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities
c7056474cc38d38fd7619c1dd2474030eaba557ada2948a06a77f03e7e2c72d9eVuln ID: EV0120 MD News version 1 suffers from SQL injection and authentication bypass vulnerabilities.
dd7ba1f0f924039d0e441623634c43150599f797db885a33a951482d6a21772aeVuln ID: EV0119 wpBlog version 0.4 suffers from SQL injection in index.php
d49d1bf0f94d2d19c806ab1841bcb702390b8903c3934fb6e7476523145c7ffbMandriva Linux Security Advisory MDKSA-2006-072: A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel:
53f3e6c30c79227d5c9b6fe2f2dbe338cdf819206586028a1793ae1810d81d2cMandriva Linux Security Advisory MDKSA-2006-075: A number of vulnerabilities have been discovered in the Mozilla Firefox browser that could allow a remote attacker to craft malicious web pages that could take advantage of these issues to execute arbitrary code with elevated privileges, spoof content, and steal local files, cookies, or other information from web pages. As well, some of these vulnerabilities can be exploited to execute arbitrary code with the privileges of the user running the browser.
a70af2a3fc205558549900c096829a1357c6173cbbe5648f1f8f48bbc5ff12d3Mandriva Linux Security Advisory MDKSA-2006-073: A vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library versions less than 2.1.21, has an unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner found it is possible to crash the cyrus-imapd daemon with a carefully crafted communication that leaves out "realm=..." in the reply or the initial server response.
801a7d64531b0651be35167f38d184b5bec42f495ba4a0f49acdc7e443e1a844Mandriva Linux Security Advisory MDKSA-2006-074: Multiple vulnerabilities in php
154b3d391fd88fd774d12bafa96d9e7616db77649d911a7154d73f7dd1bf212eUbuntu Security Notice 271-1: Multiple vulnerabilities in mozilla-firefox.
15ac1f549e5a590dfd0289738e3814a78a62fbc7d27b4aa6182cffa8cb0c4889Ubuntu Security Notice 273-1: Yukihiro Matsumoto reported that Ruby's HTTP module uses blocking sockets. By sending large amounts of data to a server application that uses this module, a remote attacker could exploit this to render this application unusable and not respond any more to other clients (Denial of Service).
d416e42ebd87a10e6d298b02a3b81481227ba86995926247798df70d67adf25eUbuntu Security Notice 272-1: A Denial of Service vulnerability has been discovered in the SASL authentication library when using the DIGEST-MD5 plugin. By sending a specially crafted realm name, a malicious SASL server could exploit this to crash the application that uses SASL.
d1a1d62e5bc243833a56c29c4bddd3c487003c72d8a2a33b49cb0a525819d5cdDebian Security Advisory 1042-1: The Mu Security research team discovered a denial of service condition in the Simple Authentication and Security Layer authentication library (SASL) during DIGEST-MD5 negotiation. This potentially affects multiple products that use SASL DIGEST-MD5 authentication including OpenLDAP, Sendmail, Postfix, etc.
12de993b1a6d9e6f7a87bf9a72f28b90b7bc0329efa63c6860af0bea3f2450a0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed