Ubuntu Security Notice 486-1 - The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service.
c43fd07d98bdcdf574d108dc5e1dc011c52fb1f9e996c1ead5399d826163c357Microsoft DirectX is prone to a heap overflow vulnerability due to the improper handling of targa files.
03e1bb283cdd5f170e5ea16130b2dfe7f4e54b654371ea164596ad7f327b13ddMDPro versions 1.0.8x and below suffer from a SQL injection vulnerability.
cf3fb64d3a003338b94ff80a919744935d72864ec330948cba174b3bd0a3fb76A-Shop versions 0.70 and below suffer from an arbitrary remote file deletion vulnerability.
69c701335c81bc57d018ba7018dbba52d2c1c453b9cfa03fb52b2312fa5d3d3dphpBB module SupaNav version 1.0.0 suffers from a remote file inclusion vulnerability in link_main.php.
7f7d83d238605ea7be89dd126554bbb2d156718c18b574bad275d07be1e2cdb5BBS E-Market suffers from a remote file inclusion vulnerability in postscript.php.
4ad7c34ccc1d9a40cfeab0a27872cb77fd8ac8d088196d9470ff53cde4e21080The Joomla component Expose versions RC35 and below suffer from a remote permission bypass and file upload vulnerability.
e1198c7ce9f4a598f31467d0ec6afc96d710ec0254cb9494bca270e5e5d7ee28QuickEStore versions 8.2 and below suffer from a remote SQL injection vulnerability in insertorder.cfm.
c5410fa34008453ac33d052a118f2ada3d40c6a911b2fc49b1c24b11e3239300Vivvo CMS versions 3.4 and below remote blind SQL injection exploit that makes use of index.php.
a69abdf9097e0ab7ef918896f37677d7e1759c39599c2f5f6c5e90589987da2dPictures Rating suffers from a remote SQL injection vulnerability.
0d0d7c5579d7eee074bc476a04f77a94df168270b2ecb58fa19abd0944694b07Asterisk versions below 1.2.22 / 1.4.8 / 2.2.1 chan_skinny remote denial of service exploit.
64cc8a4e26bfcf491a1f465042972de07fe3bed01e14a2f8ba1b5bedddb0be1dTeam SHATTER Security Alert - The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.
b7f6615f0debbfe75e060b13acd0cdd0900a209be592fb4d5cb17d1cc4a86b48Team SHATTER Security Alert - Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.
f258346bd6b03df6189ea2005f49b6ab5132d3b45e0b7b60c5b3544cd5a0ca45Debian Security Advisory 1335-1 - Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.
e3cc558c9a2878d8c4049a3c307564702dffaa0aea5ce8a9307fdff45497c46fiDefense Security Advisory 07.18.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Ipswitch Inc.'s IMail Server 2006 could allow attackers to execute arbitrary code. IMail includes an IMAP daemon that users can use to access their email. The "Search" IMAP command contains an exploitable stack-based buffer overflow vulnerability. Additionally, the "Search charset" contains an exploitable heap-based buffer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in IMail Server 2006. The vulnerable executable used was version 6.8.8.1 of imapd32.exe.
41b52517831a48c279008cd2ef61cce1a4092bccfac20b5f11c5d8229a7a5dediDefense Security Advisory 07.18.07 - Exploitation of an input validation vulnerability in Microsoft Corp.'s DirectX library could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in the way RLE compressed Targa format image files are opened. The Targa format allows multiple color depths and image storage options, depths and image storage options, and includes the ability to use run-length encoding (RLE), compression on the image data. This is a compression method which finds a 'run' of the pixels the same color and instead of storing the value multiple times, encodes the number of times to repeat one value. For example, instead of storing 'AAAAAAAA', it may encode that into 'store "A" 8 times'. The buffer allocated for the image data is based on the width, height and color depth stored in the image, but when decoding this type of file, no checks against writing past the end of the buffer are performed. If the encoding specifies more data than has been allocated, a controlled heap overflow can occur. iDefense has confirmed that libraries in Microsoft's DirectX SDK (February 2006) are vulnerable, as are the DirectX End User Runtimes (February 2006). It is suspected that previous versions are also affected, including the DirectX 9.0c End User Runtimes.
65a8ef11d3c0825d101a4d5aa33da3d8ed332c01adf3fd8cffe1d192e5863cedTechnical Cyber Security Alert TA07-199A - The Mozilla web browser and derived products contain several vulnerabilities, the most severe of which could allow a remote attacker to execute arbitrary code on an affected system.
c32bc157e563bb62e88896d05d61ede8874cc375bb38d0a8f5c4a55c35789dd8Debian Security Advisory 1334-1 - A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
06bb6b4b71b546ba421a4a5a243648d9e55cc79d1ce6286d82e281db63340834Debian Security Advisory 1333-1 - It has been discovered that the GnuTLS certificate verification methods implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol file transfer library, did not check for expired or invalid dates.
c66ca293c05c3b36f5c6ee4f60fb3186da8dbb802b573969ef931bd0c00e4a8fCisco Security Advisory - The Cisco Wide Area Application Services (WAAS) software contains a denial of service (DoS) vulnerability that may cause some devices that run WAAS software (WAE appliance and NM-WAE-502 module) to stop processing all types of traffic, including data traffic and management traffic.
f38de46e77ff65f9e1dcdb31e6cf46b7742c54bef88b002902e54ff2d2beeab0LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.
095c2dbf209d876105110d06020263404fc91e57fbd9e2597f5c50ee7e4d301bSTEGA is a tiny 4058 byte steganography program that will hide files inside of BMP/GIF/PCX/TGA pictures, VOC/WAV sound files, RAW 8-bit data file, or LST/TXT text files.
155cb312c55a1ef6aa20e9846975b8bef7dbb92b4ae37506bac88df4454afc05Oracle APEX suffers from a SQL injection vulnerability in the function wwv_flow_security.check_db_password.
be85cdf82928543a15cd632048bd34f09111e4e5b7b86a1a31f11c3889e30768Oracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in package DBMS_PRVTAQIS.
8f517541964af9ad28be18b98dc9a458db1af887ce0fdafcc0226c566e46723bOracle 8i through 10g Release 2 allow updates, deletes and inserts via specially crafted views without having the right privileges.
f648f25b709a85c097126511d08bafb72d2ced88a799165bf3975637df3a482d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed