Secunia Security Advisory - Some vulnerabilities have been reported in XFree86, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
0e04db08c0a14bbd2fd8bbe4a1751083d93b6f553196b362a1cabc80a646e9feSecunia Security Advisory - DarkFig has reported a vulnerability in MyBB, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
2e9224232020aa08ac2e4f48dada4c13b25b81f022f615d133f53bed40709821Secunia Security Advisory - Gentoo has issued an update for zziplib. This fixes a vulnerability, which can be exploited by malicious people to gain escalated privileges or compromise a vulnerable system.
d4587804a6d6dc5a9b3387965c31dc6e5e6c14d222bff89b37a446dbc1402079Secunia Security Advisory - Gentoo has issued an update for openpbs. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to potentially compromise a vulnerable system.
0c60d94e2ed85b037cbe0983ead2e730a4d5805914947da5e97ca1902d6c4af9Secunia Security Advisory - ajann has discovered a vulnerability in the PopnupBlog module for Xoops, which can be exploited by malicious users to conduct SQL injection attacks.
88f7ea262ef1460a28d4c37cf51188e71e938a47d548b1e1fea03fb67571cc9dSecunia Security Advisory - Red Hat has issued an update for XFree86. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
2cbfc31d6cd4d31f467ee980046d973aeb5030c9e6fc9b8db03401e978495f38iDefense Security Advisory 04.03.07 - Local exploitation of a heap overflow vulnerability in Kaspersky Lab's Internet Security Suite klif.sys could allow an attacker to execute arbitrary code within kernel context. iDefense confirmed this vulnerability in Kaspersky Internet Security 6.0.1.411 for Windows. Previous versions may also be affected.
cb86f97a8e68118b170d67d5ac9573954988b96454ce53ff0d0a58556693ced9iDefense Security Advisory 04.04.07 - Remote exploitation of a information disclosure vulnerability in Kaspersky AntiVirus 6 could allow malicious websites to steal files off of a user's machine. iDefense has confirmed the existence of this vulnerability in version 6.0 of Kaspersky Antivirus.
b90f0bdcb2ad661747c567945e87febf3ab55b1c4b1b2989b69aa84c70bc6761Debian Security Advisory 1277-1 - Multiple errors have been found in the skin handling routines in xmms, the X Multimedia System. These vulnerabilities could allow an attacker to run arbitrary code as the user running xmms by inducing the victim to load specially crafted interface skin files.
4c05c6e7a8aa1280d48fe3b1e5be826084e650e4e4b2fd7155f6f14d29692a7dMandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.
d4da0504bcad1dad21f7e27ad6722ecbd0d461fba5c492fe3ced6afa5497909aMandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.
330fcb42f22893aed5d9dc72a5e4c07dd0445ff1c5c94024359d87760efc0e63Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.
c68398453cdd0da008a82f8abe40ea08649a33cada1190cb14fbbabea9298e8fMandriva Linux Security Advisory - Quite a few kernel related vulnerabilities have been fixed for the Linux 2.6 series.
10c5929aed3baa55da532114a82a81496e27e687951bb570f70098fe552e0d18Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
4c85472c6c076fc42ea60fe1902ed6ac8df4cba85d66cc80bb7857e1689352c5Gazi Okul Sitesi 2007 suffers from a SQL injection vulnerability in fotokategori.asp.
907f6dc3bd50ed9678e5289f18c58f5cdaa08b54cee570a2743ca46f597f62eaVMware Security Advisory - ESX 3.0.1 and 3.0.0 patches address several security issues.
00501d3613c989dc8596886834f4aebb712f92e614164602fc56e3fbe61fd121ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.
83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307phpexplorator version 2.0 suffers from remote file inclusion vulnerabilities.
ad0fbf74df31f973d0a1e0124f05bf1dc3582a5b09a97c0793b045d4036f3044eXV2 CMS versions 2.0.4.3 and below suffer from cross site scripting and session fixation vulnerabilities.
d5233fec8ea149595a12f4f06501a776db911ec3e1cfae898a9ef16f9afa3979This Metasploit module exploits a flaw in the AOL Sb.SuperBuddy ActiveX control.
c4f84c19a69aaa614387d7a5b6263bdeda1ac6eaacdca63ebc8674c8c9bd1256HP Mercury Quality Center Spider90.ocx ProgColor proof of concept overflow exploit.
865b573d40da03154b5d83cd106f8dae02b210ab5a3d1cd3a079862c24bd722cExploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability. (Hardware DEP).
712fe1c2ff48b375d86ed79e79a516acf08a26ac10ba886752f4ca552ec005a2Local privilege escalation exploit for TrueCrypt versions 4.3 and below.
67d7762db7996956fbb9268d558f5abb58d3b7b54ffe452695dfc85de1061d5dXoops module Rha7 Downloads versions 1.0 remote SQL injection exploit that makes use of visit.php.
8a4657d159e4814be5f9df63a366c1fae34a527745d1fd24d91e05bd884b7386Xoops module WF-Snippets versions 1.02 and below blind SQL injection exploit.
03d6b881358a18c992b157ad04bfbe32eaae1b46ce5cffc957ad9f95846d5fc6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed