Debian Security Advisory 1357-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. koffice includes a copy of the xpdf code and required an update as well.
3e145bf618f6b02bb84eb231519eaee326c36030f92ceb8c5cfa6de6456b57a6Mandriva Linux Security Advisory - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could possibly cause a denial of service or execute arbitrary code with the user's privileges.
2a84deee1c87a340c848a8dee55fb79a9600e63608ef2b7655ad0d42cfc1ac6dMandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered an off-by-one buffer overflow within rsync. It is not clear if this problem is exploitable, however updates are available to correct the issue.
2856cbcb8883fca12bbd985f64719c472065b8058c456e26caa66279e4eea75fGentoo Linux Security Advisory GLSA 200708-15 - Apache mod_jk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Versions less than 1.2.23 are affected.
4ca0446cdd2d859fba00ae0ccbf75294eaeac3333d1d23f00be373680fe7fdb7Gentoo Linux Security Advisory GLSA 200708-14 - Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia* with insecure file permissions. Versions less than 100.14.09 are affected.
3203e0b987463b596d2ad6afac3f01a8f1b57ea62911556de8ea7253da4a8bd3Gentoo Linux Security Advisory GLSA 200708-13 - Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries. Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options. Versions less than 9.4.1_p1 are affected.
5da141c36e04d27b30083b6e175c74631ce6cba67656598621238778516c2f70Proof of concept exploit for vulnerabilities in Toribash versions 2.71 and below.
bc7f5880bd7b38c848149f860d5730d6ded7c35e331dd519f7c18c903a4602cbToribash versions 2.71 and below suffer from buffer overflow and format string vulnerabilities.
2aecc01549531c4b7660823f4c93969a51abc19e597475b2ac6e5bcea7bbb71crFactor versions 1.250 and below suffer from buffer overflow and code execution vulnerabilities.
a9a01d0ca9d025f9d3c5e130dfa1d4697908ec4e38d14ea3a2b0bc476fe97278Denial of service exploit that demonstrates a buffer overflow in the logging function of the Unreal engine.
256616a46fd983fd5ab187b9b434b3f728d79cf9edac8d029f1e4dce45b796bcThe logging function of the Unreal engine suffers from a buffer overflow.
7ddf6ee9235d007b3d67bcfd3d6435cdede70d2e7c30362fed19fdc35676cc6bBelgacom suffers from a cross site scripting vulnerability.
8ab58d37525d6a6542d5eb3bb46aa6df3411a25f2be4e56bd3a6088a2131408cMercury SMTP remote preauth stack based overrun proof of concept exploit.
5269ff7da8174aa44d0cb1467b56b47b2697e9bda21d10d34f14eeaa3def9b29discussMaster version 2.0 suffers from a cross site scripting vulnerability in forum.asp.
977a0c9a0ee0e72488f752f1bd8c16a4a7201e7734840349f7ab8ef123991b9bAanval is a web based Snort intrusion detection console. Currently supporting Snort and syslog, Aanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. Several primary features are account hierarchy, data-archiving, real-time data displays, auto signature updating, sensor management tools, easy upgrading, advanced searching, artificial intelligence, timezone control, charts/graphs, query saving and more.
699b6a3807a9cf95309ba0896d24a6379ae45d15248a43f052429013a81a5c3avBulletin version 3.6.8 suffers from multiple cross site scripting vulnerabilities.
8c03dda12ce7d1b518b319542f638585350aa1e97c86953599391c8807734a79ToorCon 9 Call For Papers - Papers and presentations are being accepted for ToorCon 9 to be held at the Convention Center in San Diego, CA on October 19th through October 21st, 2007.
98bd1dacfeb17cbb1b305b38cc53bbd3a0a7339e5abd47d095d00bd1902a81b5Squirrelcart versions 1.x.x and below suffer from a remote file inclusion vulnerability in cart.php.
39d0ce655f4bb0e38b5a090eaee614ee276852a083b19d7b1d10ee2943c62918
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed