Mandriva Linux Security Advisory MDKSA-2006-155 - Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. An integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large bytes_per_pixel, columns, and rows values, which trigger a heap-based buffer overflow.
17ea48c30ae262993a867073c259c4ec7c7c700fdadae830130ae4309c554f4cGentoo Linux Security Advisory GLSA 200608-28 - The sscanf() PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the bypass of the safe mode protection by executing arbitrary code. Versions less than 5.1.4-r6 are affected.
cccbe3afd18c7d863de2d5ac6ae3036834ad166c626106dba2a8fcf0470a4f0bGentoo Linux Security Advisory GLSA 200608-27 - In November 2005, Zone-H Research reported a boundary error in the ktools library in the VGETSTRING() macro of kkstrtext.h, which may cause a buffer overflow via an overly long input string. Versions less than 3.4.0-r1 are affected.
0e764a0a471a253079be6c1c295bc8726abd6b28b81677211dba782958f13438Gentoo Linux Security Advisory GLSA 200608-26 - The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Versions less than 0.99.3 are affected.
0572c83b05e151adf70e50709ae881d02c15e77c2c8c3d9d1d7d1eee48bb4af5This Metasploit module exploits a code execution vulnerability in the IBM eGatherer ActiveX buffer overflow.
6280365f18cd390c0a7ec483822ae21f3d8ac6a2a269541e0bb334fa7e54938eHLStats version 1.34 suffers from a cross site scripting vulnerability.
a63c979b78eb39b37d1ac30865f8a51828daf62b4e7c17f60122c5610af6fde8Debian Security Advisory 1160-1 - Several security related problems have been discovered in Mozilla and derived products.
fc3a5dd2574ba1ca4a9b000ea22fd04724ecd0339c2252f98f22547fae94f2a1Mandriva Linux Security Advisory MDKSA-2006-154 - The libXm library in LessTif versions 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
fcd62e9b6c19b5611928bdffa7ac17685229cc986efaddb82685d7f16727d734Mandriva Linux Security Advisory MDKSA-2006-153 - A stack-based buffer overflow in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. A buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format record in which the length character is not a valid hexadecimal character.
20bae66b913b708c81f4d4d713ab9094b1a1cd129693db985f0f4ac8827cbe5cSymantec Security Advisory - A connection from a SAP-DB/MaxDB WebDBM Client to the DBM Server causes a buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server. Affected version is SAP-DB/MaxDB 7.6.00.22.
f252047e0f68c231dc50e1773e17de6610f34d7f5aae0c80053dedb4165a40e1Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in CJ Tag Board, which can be exploited by malicious people to compromise a vulnerable system.
6924ab6d73ba9dd6c89c24eb74e6243a40c3055aab513b8e2c640e3f87e5edd7Secunia Security Advisory - Debian has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks and potentially compromise a user's system.
783321879be5b45c78347b04b695cc8497d1a26a4f636334b26f43b128aaa55bSecunia Security Advisory - kefka has discovered a vulnerability in HLstats, which can be exploited by malicious people to conduct cross-site scripting attacks.
687b9d79c1c77f6f613aad496d23513b0ab51ee4bb0aa367322c5205398bc2deSecunia Security Advisory - SHiKaA has discovered a vulnerability in Web3news, which can be exploited by malicious people to compromise a vulnerable system.
3a3c7eb00aa1a95b53d29d737a6a6480f62777d94cb39e59c700e1f296e99ad4Secunia Security Advisory - Some security issues have been reported in X.Org X11, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
bac94b94ec5ca17f8c9fd7a0c0f9fbee176a8aed50a76610d207f2fcd168a0aeSecunia Security Advisory - Gentoo has issued an update for multiple packages. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
e62af66112419ca04e8e3dc917b7ed0b35f1b094b5fa1e16bd9cfbbe589e1a2aSecunia Security Advisory - Some vulnerabilities have been reported in Joomla!, where some have unknown impacts, and others can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
c44b92173a5629dcecbf1b50d6368a156da88e04ee52312e6503a85bc497dae5Secunia Security Advisory - A vulnerability has been reported in PmWiki, which potentially can be exploited by malicious people to conduct script insertion attacks.
38e162f9657537d2eb5111909d68334a4a16acd55fa95dc9c72a54939e86586cGentoo Linux Security Advisory GLSA 200608-25 - Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result. Versions less than 1.0.4-r1 are affected.
0fb6ec5822e6cf0f7283f1d55a1f1de970e1b02e44929d89b16878b20611977eCce-interact versions 2.2.0 and below suffer from a remote file inclusion vulnerability.
64c54a4ce4221171197c67e3fb2b5d266900f9b98b1211c866227e2f8326bee5The Jetbox CMS suffers from a remote file inclusion vulnerability in search_function.php.
6194fc4de9afd269b8dad32041663e0e8feb4b284e7ccb759881b9706499b9ddWeb3news versions 0.9.5 and below suffer from a remote file inclusion vulnerability.
30694ec9bcd7ee250bee5a370fe22ffa79e67100d2a6309ef1a45cfae9f3470ce107 versions 0.75 and below GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote command execution exploit.
2a2104f4d8276945c201078b7353259c08bc03ee77385661a195fda93688fe0cMicrosoft Windows NetplsRemote() remote overflow exploit for the vulnerability noted in MS06-040.
b68609221de0bde6b63d34073184270db1e426cba975e5a5f082db3b091f7128Whitepaper titled "Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security".
61c4df4f6cd97bb1f07965a78034ff548b67189ecc2115b7f28bbf34efe4e5d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed