Secunia Security Advisory - Ubuntu has issued an update for moinmoin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
47a28d505b1c366bb543c94cf5a694b59da88e7351b288370dd7fc41dd37adb3Advanced Guestbook version 2.4.2 is prone to a directory traversal vulnerability.
cf821b281c42b1b76962ded3e5bcbbc957ac7f98123e9fbce613474e0108b77cAdvanced Guestbook version 2.4.2 is prone to cross site scripting vulnerabilities.
6bdfc9777ed4da0bafb99d979cdc57b15facfac3c3b35ec85cbd98622842895dAdvanced Guestbook version 2.4.2 is prone to multiple information disclosure vulnerabilities.
ea2f8d8f93f1609877b9f4cc91c96bae9f672ca54e0b253490424faa72cc155dVMware Security Advisory - Multiple denial of service issues have been fixed relating to VMWare Workstation versions prior to 5.5.4, VMWare Player versions prior to 1.0.4, VMWare Server versions prior to 1.0.3, and VMWare ACE versions prior to 1.0.3.
4e9edc6f536d26eebc1b8cb1daf3fb3969448d225ed12e96bb21f79e58020a37A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SpntSvc.exe daemon, bound by default on TCP port 5168 and exposing the following DCE/RPC interface through TmRpcSrv.dll.
edeeae669ef34c8fd542888a7411599d8a70dd4b5ac67a4fc6023990c2d7b1f0Multiple vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. The specific flaw exists in the EarthAgent.exe daemon, bound by default on TCP port 3628 and exposing the following DCE/RPC interface through TmRpcSrv.dll.
a78892500902758ec7a684ba6cd4b9f96dd206ee6c0566b624005f095690cb14Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
32db8c2074a880867023b445e106cba5b63b32b3845c0211326244f51c9dfefdSecunia Security Advisory - rPath has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
2c33cddc2aa8558d31ba5a5ddba02ba26375ae1ec5cebce5eaa9e595bc823cbdSecunia Security Advisory - Arnaud Giersch has reported a weakness in ELinks, which potentially can be exploited by malicious, local users to gain escalated privileges.
e6aeec061af00982341f0359d7d0b2422ae8ad9ce585b2ef93dad65e3c6444faSecunia Security Advisory - Two vulnerabilities have been reported in Trend Micro ServerProtect, which can be exploited by malicious people to compromise a vulnerable system.
543305da773163e26ffa6ba8b38033e28cd2fe0870a4f0100beace9a252655b4Gentoo Linux Security Advisory GLSA 200705-08 - Marsu discovered that the set_color_table() function in the SUNRAS plugin is vulnerable to a stack-based buffer overflow. Versions less than 2.2.14 are affected.
522590adb082f3d6d182453e85e44f9795e501e6ae0189eb506cac2ab6961e46Gentoo Linux Security Advisory GLSA 200705-07 - Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd tries to access a file with a mtime of 0. Versions less than 1.4.14 are affected.
2889d077d89c57ece79cef2af38d5a30c34ebab10296c78e21eaa672e599e0f6OTRS versions 2.0 and below suffer from cross site scripting and cross site request forgery vulnerabilities.
7a52f455dd070db83e8c33b4a4b111fb71c85518a890d5daebc3bafba7c332b8iDefense Security Advisory 05.07.07 - Local exploitation of an integer signedness error in Sun Microsystem's Solaris could allow attackers to cause a kernel panic, leading to a DoS condition on the affected computer. The facl() system call is used to set access controls on a file. Due to an improper check on one of the arguments passed to this function, an attacker can cause the kernel allocate a large amount of memory which causes a kernel panic. iDefense has confirmed the existence of this vulnerability in Solaris 10 on x86 and SPARC architectures. It is suspected that earlier versions are also affected.
1198c25dcde449b1604f7ee708a5cf079f085ae20849512ae5344968e00404f1PHPHtmlLib versions 2.4.0 and below remote file inclusion exploit.
c87e75beec6b299259355cfec7568e9b0d0bf307173838dd18e7ee2261849f83Berylium2 suffers from a remote file inclusion vulnerability.
ec407cf087855a69cebe76c05d17f95ad03609fb1bcf60cd77f050306e8291b1DynamicPAD versions 1.02.18 and below suffer from a remote file inclusion vulnerability.
63b72c8190d55c1110a89e5d1bee944435e4823379e7d76bdd59d78bff5c74cfUbuntu Security Notice 457-1 - Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
aaa3301f0eeb94e00a7e2d527b6fae6f94f1ffd813a75ddbbb19419df30a4256Vmware Virtualization products are affected by a design flaw which can lead to a local denial of service vulnerability within the Guest OS.
eec194da74af6c25c85bfcfe36dfa83c8ac14e7f88170847a208041bd6b35692Debian Security Advisory 1287-1 - Two vulnerabilities have been identified in the version of ldap-account-manager shipped with Debian 3.1 (sarge). An untrusted PATH vulnerability could allow a local attacker to execute arbitrary code with elevated privileges by providing a malicious rm executable and specifying a PATH environment variable referencing this executable. Improper escaping of HTML content could allow an attacker to execute a cross-site scripting attack (XSS) and execute arbitrary code in the victim's browser in the security context of the affected web site.
652381927575740d3a725efb8b016273126a73b51e09f87ad7ef4be31f0d715dAVGVAnnu version 1.3 and below suffer from a local file inclusion vulnerability.
4ebf3d6fd361f677ad9f5a1ab10feba521356168ba0947f5f30293faed2bd65dTropicalm Crowell Resource version 4.5.2 suffers from a remote file inclusion vulnerability.
fe60f393f094077cddb44aea4042b0bc460d6c7baf7f99fdf23ad90fea559937endly version 1.0dl suffers from a remote file inclusion vulnerability.
cc18d8e792899f365697f291aaedeb466b8d0804cf115e4d1a0a5ac6692217ebWikivi5 suffers from a remote file inclusion vulnerability.
fcd17acff62fc565b0690573b3b1bfafc9c96e8fe473dd9f8c3de92b6ace9b0e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed