Ubuntu Security Notice 490-1 - A slew of vulnerabilities have been fixed in the Firefox browser. Too many to list, but we suggest upgrading now.
4c2895058ecfb4ae1b11af7afd580f2416642597addd5705e9f4d95880f30ea6It appears that the Wii is susceptible to the recent Flash vulnerability.
0f7261e65c07b5b6fcef9bc48750adaae090f1ddb4a20f6f314aa8b21a9f4287Technical Cyber Security Alert TA07-200A - Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
110b1df69cad8925a20da667c032e60214d2e7f0cc7351ea593c4b05b5598c3aA debug function in versions 5 and above of Lotus Notes can be used to write a file containing the new password in plain text when a user password is changed.
e4f7baa867a47b1fb9704bf578e98b22936cfc57d721050e9c5f5248bf1c9cddMultiple CA products that utilize Alert service functionality contain multiple vulnerabilities. The vulnerabilities are due to insufficient bounds checking on received data by certain RPC procedures. An attacker can exploit these buffer overflows to execute arbitrary code or cause service failure.
dff03d4b04f6fb38db9efcc99d514db64917edf808004035f18a70b3cba857e0iDefense Security Advisory 07.19.07 - Remote exploitation of an input handling vulnerability within multiple browsers on the Microsoft Windows platform allows code execution as the local user. This vulnerability is due to interaction between programs. The most commonly used Microsoft Windows URL protocol handling code doesn't provide a way for the URI handling application to distinguish the end of one argument from the start of another. The problem is caused by the fact that browsers do not pct-encode certain characters in some URIs, which does not comply with the behavior that RFC3986 (also known as IETF STD 66) requires. As a result, a specially constructed link could be interpreted as multiple arguments by a URI protocol handler.
9b05f19043a6d8514b2073fb08476be0bcc0a957cc17806d1640358b4e31e615iDefense Security Advisory 07.19.07 - Remote exploitation of a dangling pointer vulnerability in Opera Software ASA's Opera web browser could allow an attacker to execute arbitrary code with the privileges of the logged in user. Opera 9.2 supports BitTorrent downloads. When parsing a specially crafted BitTorrent header, Opera uses memory that has already been freed. This can result in an invalid object pointer being dereferenced, and may allow for the execution of arbitrary code. The vulnerability is triggered when the user right clicks on the transfer and removes it. iDefense has confirmed the existence of this vulnerability in Opera version 9.21 on Windows. Previous versions may also be affected.
8b4808d2e862d865b862e4427d7013cade42d8ca0b810036a7a5b5856b262147DocuWiki versions 2007-06-26 and below suffer from a cross site scripting vulnerability.
03d5c96afbe8e364d765e4acef7758de31c0e20b04ad064ed7ab543e2c6ac22fUbuntu Security Notice 489-2 - USN-489-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding fixes for the redhat cluster suite kernel sources. A flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations.
0d241b289f8d930888e01b8825c798b12b72825c617339f4538f053c8a376015Ubuntu Security Notice 489-1 - A ridiculous amount of vulnerabilities in the Linux 2.6 kernel have been fixed.
e57ff18db9c14e7dbf029ac86c91398b196c8f2c31c5a6cdc9eaeb255f1db033Rule Set Based Access Control (RSBAC) is an open source security extension for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) and provides a flexible system of access control implemented with the help of a kernel patch. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions.
63ad2a3ed8540da3a7d675463144595b214d16e64d5a178e61b7d6954c59f535Stega version 2.01 for DOS can hide another file inside Bmp/Gif/Lst/Pcx/Raw/Tga/Txt/Voc/Wav file with 128-bit IDEA key. This is a freeware utility and the binary release of this program. stega.gif has full zipped (15k) FASM source inside.
7781322eae4e5ad850545c8391b48eab095688c928653b32b601c858d3a67002Versalsoft HTTP File Uploader AddFile() remote buffer overflow exploit that makes use of UFileUploaderD.dll version 6.0.0.38.
9f9f910f8e8dc3541794772329737c9a6a662b51f4a30c406383c84005c2e9f2Oracle 9i and 10g evil view change password exploit.
67a721e9a7e576c4b91c255ef53da472e4330cc3f959dc516deafe74bdaf2711Joomla component Pony Gallery versions 1.5 and below are susceptible to a blind SQL injection exploit that makes use of index.php.
ae32d0131ae3ff570f8c6e66aa80fe604917a74dd955400f724b06ac3b447e03Secunia Security Advisory - Rajesh Sethumadhavan has reported a vulnerability in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
6047c40056611843ab2ad43607054a4953a8a637ca01fa0c894fa6fbaa52fad7Secunia Security Advisory - hdiamant has discovered a security issue in the Samsung SCX-4200 Driver, which can be exploited by malicious, local users to gain escalated privileges.
6ee26d998c4d246e8cf4ff60fa5f899c13ee8926fe8f92e08d6b291c69579c32Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
af1afdebbdb58091d231779274d560c28a319fa8342660f88a191c8f5f6520a6Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
28c99579cc06720974ad1b2550443c3e27676efbffca739cb17317f4f77b55ffSecunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
cafe0019dec290ba4c07b337deb63de26b4b65c6278c96480298bccec7f88623Secunia Security Advisory - Tim Brown has reported some vulnerabilities in eVisit Analyst, which can be exploited by malicious people conduct SQL injection attacks.
5ab92e621b5ef12dd34a206bfc0ac356f01fab7fa0b82226fa963771c4de4f28Secunia Security Advisory - A vulnerability has been discovered in MAXdev MD-Pro, which can be exploited by malicious people to conduct SQL injection attacks.
bea39e99c2ac780d6778ac11552f06e7db4a80178d4616e4304c5ebb9f97b9c5Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.
7d426cc67782d7c98d955207f76a70749bd9cfc085bdef82c241412ffb6a0b66Secunia Security Advisory - SUSE has issued an update for IBM Java JRE/SDK and Sun Java JRE/SDK. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, gain escalated privileges, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
505268f9c2b2eca9fbcab8ce533482c0254ea0c3b7b6164db270e815d457a4c4Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious people to bypass certain security restrictions.
26df226a9f54b84138410faac52ae4462c13bd4cf62ac382d1909ca5c7d4ce06
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed