Ubuntu Security Notice 509-1 - The Linux 2.6 kernel series suffers from multiple vulnerabilities. A flaw in the sysfs_readdir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional privileges. A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. It was discovered that certain setuid-root processes did not correctly reset process death signal handlers. A local user could manipulate this to send signals to processes they would not normally have access to. The Direct Rendering Manager for the i915 driver could be made to write to arbitrary memory locations. An attacker with access to a running X11 session could send a specially crafted buffer and gain root privileges. It was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges.
739b16d5c2a6a6a15dde4c79a2547109bddace7cde6d485d1b7a618484a247e2A SQL injection vulnerability exists in the Log On page of the web interface for Cisco CallManager AKA Unified Communications Manager. An unauthenticated attacker who is able to access the Log On page could exploit this vulnerability to run arbitrary SQL commands as the logged in database user, usually cm_publisher. By running SQL commands, the attacker could gain information about the CallManager configuration, including call records. Exploitation details provided.
bdf4519eaae63fb7371ea2a51f7e95369b5b21611901b65877146460074a3edfiDefense Security Advisory 08.30.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Yahoo Inc.'s Yahoo! Messenger 8.1 allows attackers to execute arbitrary code with the privileges of the currently logged in user. iDefense has confirmed the existence of this vulnerability in version 8.1 of Yahoo Instant Messenger. Previous versions are suspected to be vulnerable as well.
85f0ed1aa30224aa168277475b87bf25b92562e627754f083ac6c72aa51e3f32The Telemark.com search engine is susceptible to a cross site scripting vulnerability.
065f4b939700f4b7fb9d590db44e796637aa21cc3fb8406a0a8cfd29487a123fThe ChaCha.com search functionality suffers from a cross site scripting vulnerability.
96ff97ef2ffceb4d5d77a8122900f48e3a0907da45e93270552d8ed9ba0b8af1A cross site scripting vulnerability existed in http://research.microsoft.com/. This has been fixed.
409254e5087d3ad4fe4be1cf31a829e511b67470a2a46a88ec330b7dccb728b3Secunia Security Advisory - HP has acknowledged a vulnerability in HP Tru64 UNIX and HP Internet Express for Tru64 UNIX, which can be exploited by malicious people to poison the DNS cache.
878e52aa3e5bcf9c3b01ab52c79cff764e835ca6ef394c1a32ba48a3ef6f7f98Secunia Security Advisory - Red Hat has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
1367ce133f8de6baf49f0254cf2e39ff7dfea17ab7f1c073fb2a56afedf13c1eSecunia Security Advisory - David Sopas Ferreira has reported some vulnerabilities in ACG News, which can be exploited by malicious people to conduct SQL injection attacks.
c6ff4691da00cfac02d605deb0dcb5a82774c7a209e182f87f432da82f9604e0Secunia Security Advisory - Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions.
a5ae16c79d308f646f389cb785c3b553ae85ee8a5bfe3d4e39d5231c03c7870cSecunia Security Advisory - R00T[ATI] has discovered a vulnerability in NMDeluxe, which can be exploited by malicious people to conduct SQL injection attacks.
e56b7c47fd586be457230df76a9b0451d1a7cdfe46893eaa3cd5cb54097d9317Secunia Security Advisory - Micha Lenk has reported a security issue in Backup Manager, which can be exploited by malicious, local users to disclose sensitive information.
4e7fced8e91b7b82f47a2c48d61a77d780a30df48d1798d47cdcdc01ed79ed86SUSE Security Announcement - The Opera web-browser allows an attacker to execute arbitrary code by providing an invalid pointer to a virtual function in JavaScript. This bug can be exploited automatically when a user visits a web-site that contains the attacker's JavaScript code.
6d7da325dc91c81b2493fec61eab287fa40d5a1fccbc184831ba43fa853d678fPPStream ActiveX remote overflow exploit that makes use of PowerPlayer.dll version 2.0.1.3829.
f52ec5c7f133f22b6993eb48de5996ccee1cd17a4c901596e3a93bb709715f15Norman Virus Control local exploit that makes use of nvcoaft51.sys.
b12b06dc51562223f827800af12ca8909a53b821b648a6ce7537838aa2f2da7cphpBB Links MOD versions 1.2.2 and below remote SQL injection exploit.
552d03ee54d5f071ecf277b9ea0bd0995a6c680eed0bfd651fc21d24dd69ea6dOurspace version 2.0.9 suffers from an upload vulnerability in uploadmedia.cgi.
36c1af1e1992562541c39430813a1164577aec948a0daa0d05b0b092d125b291NMDeluxe version 2.0.0 suffers from a remote SQL injection vulnerability.
f218fd0ccacebefda9aa7e8d676c95c8b798d59965c1f726d810ab44be98d9fcWireshark versions below 0.99.5 DNP3 dissector infinite loop denial of service exploit.
cde9d97a0c0f44ccd0bf659e4f35424c5eae09318226f38bb657e22dddf7292dHexamail Server version 3.0.0.001 pop3 pre-auth remote overflow denial of service exploit.
6ecc71a7cc6a2be2b79f037aa2d625facdb9ea17f3884c323f20ebdbe363722dAbsolute Poll Manager XE version 4.1 suffers from cross site scripting vulnerabilities.
dd60be87a868c6cd25e099acaae441d93d12fcd935587ae8c4b87d7202dd04caVMWware suffers from a poor guest isolation design.
e34dca01aaf832d2fa675dfd14bd66bec79bc94f49d2c237202424a01a6d8b9fSecunia Security Advisory - Luigi Auriemma has reported some vulnerabilities in Doomsday, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
ba04fa18866b678d1237ff862e5117e5ff6be7c41ddd3e1ebf198dd67502a89aSecunia Security Advisory - Ubuntu has acknowledged a vulnerability in tcp-wrappers, which can be exploited by malicious people to bypass certain security restrictions.
eaa93a525798cc3f388cf40fa75a2ef437faa1a8560951c31a9862bdc12ec9aaSecunia Security Advisory - A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
ac3d30f9125e7033214ae97897b6c73968c2c8199356101c532fd17eb07f1546
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed