Gentoo Linux Security Advisory GLSA 200702-12 - When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca() function resulting in a shift of the stack pointer to arbitrary memory locations. Versions less than 0.39 are affected.
0cdeb08a32cce111fd038a019241c00a67b448dfb8ac26688dcb2da33eae0435Gentoo Linux Security Advisory GLSA 200702-11 - When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Versions less than 1.0_rc1-r2 are affected.
f6262f3d53ecb81efa85041c13e6624dcd2bb0a207a29c394dd43c0def1e4990Whitepaper entitled "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences".
5e052565e3661c687c0142cb2a857a3b5d8400a27ec65832792185de33fbad3dIt appears that the un.org web site suffers from SQL injection vulnerabilities.
8edf0f91665807343bb0e713e66964ee4d23be23665f7b848ae9dcf9eb64d76bMultiple vulnerabilities have surfaced in multiple Windows applications. Follow the links in your Russian is decent.
01c8f8496e59e7683989c0c77460c8e0c1f06ade3b45e75a62366fa2c0b4ff24Gentoo Linux Security Advisory GLSA 200702-10 - Five vulnerabilities were found: a buffer overflow in recv_add_unit(); a problem with improperly trusting user-supplied string information in decode_stringmap(); several issues with array manipulation via various commands during play; an SQL injection in server_protocol.cpp; and finally, a second buffer overflow in recv_map_data(). Versions less than 0.7.1062 are affected.
7bb43db8613f943b782ed33c40c4f6c0feb0ece6ac15a313c55151ec2efba5c6Gentoo Linux Security Advisory GLSA 200702-09 - Nexuiz fails to correctly validate input within client commands. There is also a failure to correctly handle connection attempts from remote hosts. Versions less than 2.2.1 are affected.
67972ac189283280a0e29a785c5e5a54cd5f6532acbba8ca2af079202aa55a28SQLiteManager version 1.2.0 suffers from local file inclusion and multiple cross site scripting vulnerabilities.
0801568530feffe7fc7f87e429113facaddaa00f9cb11a79d66f5f6bea21c0cdPHPWebGallery version 1.4.1 suffers from multiple cross site scripting flaws.
5a02974fc1c9ebfb5d0fc2e9c905508965ca1fef15df90a0893c3ee857057918Coppermine Photo Gallery version 1.3.x blind SQL injection exploit.
628c7641d783fec5ce41a8c30c833f58cce4757bd991f43dbe66239702e430b6Photostand version 1.2.0 suffers from multiple cross site scripting vulnerabilities.
2d9f1ac802579e3d728f4e09487463c8e1dc0732380ae4ba86e9ca2d450ed9f3Whitepaper entitled Rogue XML Specifications. It discusses insecurities that relate to XML schema.
8f898961deadbbea1e0a38424a21b14dc2cd3202e6954fa1ff015c971451cb97ActiveCalendar version 1.2.0 suffers from cross site scripting and local file inclusion vulnerabilities.
513b48e4fd48b42dbb697f29d0b224b641534ba4e92774151fd71c49c5916e88Pickle suffers from a local file download vulnerability.
053c72f707859708312af60d0f95b7649892cd38e5fc1ba8d432d8ae2f4dbf0eMandriva Security Advisory - A bug in the way that SpamAssassin processes HTML emails containing URIs was discovered in versions 3.1.x. A carefully crafted mail message could make SpamAssassin consume significant amounts of CPU resources that could delay or prevent the delivery of mail if a number of these messages were sent at once. SpamAssassin has been upgraded to version 3.1.8 to correct this problem, and other upstream bugs. In addition, an invalid path setting in local.cf for the auto_whitelist_path has been fixed for Mandriva 2007.0.
c5f6e215c75a28d923bc71e2534adebe232ba6f5f01f07832d989c57fbe0b4cfSimple One-File Gallery suffers from local file inclusion and cross site scripting vulnerabilities.
4feb613dd583b4d8271756458f9ab29be34f28254f4ed8fd60d37927e6c4d673sitex suffers from upload and cross site scripting vulnerabilities.
d049e5066c8158f632c257a7fa9b3d8ab821a800a4fd277933d64782e4252604MTCMS version 2.2 suffers from upload and cross site scripting vulnerabilities.
1c2b781aa2810cd0355873f992e38743d3b685df68a93fb493ebb8c02c64034d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed