CedStat version 1.31 suffers from a cross site scripting flaw.
7c369dd26b74e39e355b50e8e14bfd987b7e85fe167c1a3e059f17026773fa54EasyMail Objects version 6.5 suffers from a connect method stack overflow vulnerability.
f573d37e07c602c516381fe5e8f22f92ea915fb7a9c88d07897c6da53200efffUbuntu Security Notice 422-1 - Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges.
cee23e6b3e9b45d892509dad68d8c601a2b60ec2baf33ac8500ee8dc1c263d6diDefense Security Advisory 02.15.07 - Remote exploitation of a directory traversal vulnerability in Clam AntiVirus' ClamAV allows attackers to overwrite files owned by the clamd scanner. The vulnerability specifically exists due to the lack of validation of the id parameter string taken from a MIME header. When parsing a multi-part message clam takes this string from the header and uses it to create a local file. By sending a string such as "../../../../some/file" an attacker can create or overwrite an arbitrary file owned by the clamd process. Data from the message body is later written to this file. iDefense has confirmed this vulnerability affects Clam AntiVirus ClamAV version 0.88.6. All versions prior to the 0.90 stable release are suspected to be vulnerable.
5e80d8dac7b01be02d9ccc923cedb221feb90232b18090dbf18218c30624b0cciDefense Security Advisory 02.15.07 - Remote exploitation of a resource consumption vulnerability in Clam AntiVirus' ClamAV allows attackers to degrade the service of the clamd scanner. The vulnerability specifically exists due to a file descriptor leak. When clam encounters a cabinet header with a record length of zero it will return from a function without closing a local file descriptor. This can be triggered multiple times, eventually using up all but three of its available file descriptors. This prevents clam from scanning most archives, including zip and tar files. iDefense has confirmed this vulnerability affects Clam AntiVirus ClamAV v0.90RC1.1. All versions prior to the 0.90 stable release are suspected to be vulnerable.
d8e31c7705a616a2a5ad6c69a4a876c1303cbfaf185c8fb9e3597e3621a386daA concept of drive-by pharming has been introduced where DNS for home routers can be easily redirected on home networks for targeted attacks. Obvious, but amusingly powerful.
e3819db8e593f52314f087c66ff7c154e96198ce03a6e9f99ae3a02fc434a927Comodo Firewall Pro (former Comodo Personal Firewall) implements a component control, which is based on a checksum comparison of process modules. Probably to achieve a better performance, cyclic redundancy check (CRC32) is used as a checksum function in its implementation. However, CRC32 was developed for error detection purposes and can not be used as a reliable cryptographic hashing function because it is possible to generate collisions in real time.
d9ca892dbed35384f5ecc856c8b227f3fc7b78e9f83547984fbce1644c5bf1ffHP Security Bulletin - A potential security vulnerability has been identified with HP Serviceguard for Linux that may allow remote unauthorized access.
04ecb6d560b260fe173d0f0182e364ce2a31a5d96fb087fc3461eb5bd0da4729Mozilla Firefox versions 2.0.0.1 and below does not handle writes to the location.hostname DOM property.
81515b1e790b10e90b83ec02a5bb06c1e8df12e3cdaad7f108b23389020be511Deskpro version 1.1.0 suffers from a cross site scripting flaw.
98388b8272f65311f0f7e0e76cab765986f7bad634587909c97895657c6e47c8Calendar Express 2 suffers from a cross site scripting flaw.
4cd8e3c4c7d682bf25243c763aebbe13a15f3a74ceb537e15ea4ed2e36b77ec2Secunia Security Advisory - Sebastian Wolfgarten has reported a vulnerability in IP3 NetAccess, which can be exploited by malicious people to disclose sensitive information.
fd32d6909cb7589b76b31c9d13f7c6fa59de010cad6b746dcdc8273afdd7ed1aSecunia Security Advisory - A vulnerability has been reported in HP Serviceguard for Linux, which potentially can be exploited by malicious people to compromise a vulnerable system.
9c4c1ffd19ff9cbae1beea8a48c79593c93423bc03f4b7d4a2c3479e964936e1Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and manipulate data, and by malicious people to cause a DoS (Denial of Service).
e4488ab0f8c02ece100a10085de29336bd13e74759b6f8e58c83c09859ecf8eaSecunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
a67fd72a7a341d874d8897568a948388fe0bd520fd4a7eb7c10e29ab22bbb4f6Secunia Security Advisory - Brett Moore has reported some vulnerabilities in DjVu Browser Plug-in, which can potentially be exploited by malicious people to compromise a user's system.
6e2c13361a1f67e5c1bbb876e50ba9a0b57cce108938b8a0708ec4846db47ea2Secunia Security Advisory - A vulnerability has been reported in IBM AIX, which potentially can be exploited by malicious, local users to gain escalated privileges.
f302baca99278fc06f0ed3790939ff32cf5060050ae9e9f4ac2eed6355fe920fSecunia Security Advisory - A vulnerability has been reported in Amarok, which can potentially be exploited by malicious people to compromise a user's system.
1f6023d525d1f8016e4624f6e903fe2fe0bb8a006aa453e3655a411c18f4b98fSecunia Security Advisory - Some vulnerabilities have been reported in Cisco PIX and ASA, which can be exploited by malicious users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
6093dead6b3cde678f818e2b3105107b677bf3130eff0de8c6007252851f05dfSecunia Security Advisory - Debian has issued an update for imagemagick. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
5f1d8a99cd067bd1a32d26422e2697c59c31071d1dcbe25e48abfe8f110b6068Secunia Security Advisory - Some vulnerabilities and a security issue have been reported in Cisco Firewall Services, which can be exploited by malicious people to cause a DoS or bypass certain security restrictions.
0caac1f0a10896f265d45bba1894941f4a36d21614b5c2e840f127b4ef587728Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can potentially be exploited by malicious, local users to cause a DoS (Denial of Service).
835e2cd6205198a1d5b14cc25a03d93e48dfe18407a8cd12d52ec19c7164de4fSecunia Security Advisory - Debian has issued an update for fetchmail. This fixes a security issue, which can be exploited by malicious people to gain sensitive information.
08f4b2796979725446c3c924ade0fde41251b84e468acdbf4328efb5b71146b7Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
31795072f05859fcc78b80b2d5dfc28411814db355cfe8f7eaca57842abda70dSecunia Security Advisory - Some vulnerabilities have been reported in Cisco PIX, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions.
1af8737479ade52d9d93e1fd3f46ff092671c0a96ba3f57671d63ef7264a8c9c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed