Mandriva Linux Security Advisory MDKSA-2006-214 - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
06e80cb29efde91a8d7185f5306406d55dac86ef801844102583064f2eb57e71MosReporter Joomla Component remote file inclusion exploit.
6a4a5a99662ced46af8cee2a4723e2ceea9cdf3e7cd48fa2d8f069610fea3de8Ubuntu Security Notice 383-1 - Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library.
c22c47ca069358f914d82ef90b21ef9ae20f1b9e0b1c8dfd5d89eb56911e7478OpenPKG Security Advisory OpenPKG-SA-2006.036 - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng, versions 1.0.6 through 1.2.12 and 1.0.20. The bug is in the decoder for the sPLT ("suggested palette") chunk and can lead to crashes and, accordingly, a DoS, when an application using libpng for PNG processing displays a specially crafted PNG image.
07ff912f411260cf3c683d58e776be099366e83f76133ec9493ca3063f3204beOpenPKG Security Advisory OpenPKG-SA-2006.035 - As undisclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration -- which is not the case in OpenPKG's default configuration of ProFTPD.
9ed99273cbfc967a730fd8f826eceea026990c33c2599e4d71b7ba9c01a9b0fdCPanel version 10 is susceptible to cross site scripting attacks via the network tools.
fa43ca06f7df9952c50a9ea2ef817024c15817bb203bc4e75378b39cb0589407Myspace.com's navigation menu can be replaced with a malicious menu via CSS code in the attacker's profile.
a3b9d50ae789cce4e96929980808df6b3eace71418a5cdfe6a186d22f8dae2b8Local privilege escalation exploit for the kmxstart.sys Computer Associates "Host Intrusion Prevention System" engine driver version 6.5.4.10.
57ff05933d26f1638a98a4a6b218930859f8eeb4d7d658107b258f0ac117cf50Local privilege escalation exploit for the kmxfw.sys Computer Associates "Host Intrusion Prevention System" engine driver version 6.5.4.31.
dcf3649d586540d0bc82df887451bb3335ecbb7b2a38d347c8ebe6057c64e1ecThe Computer Associates "Host Intrusion Prevention System" engine drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges.
88676a9217a7cd3f24ed9e5986432dc1d76aa939fcc6e29be5b6454e6ef74c46
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed