Gentoo Linux Security Advisory GLSA 200710-20 - Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in the XPDF code which PDFKit is based on. ImageKits also contains a copy of PDFKit. Versions less than or equal to 0.9_pre062906 are affected.
937ee0eb780bc0c3f024e5e6473e766ef1e4a89d102d75d7eaacb7670ba23876Secunia Security Advisory - Some vulnerabilities have been reported in Miranda, which potentially can be exploited by malicious people to compromise a vulnerable system.
d433abcc0757b087672f3c759391d69819e67e5add7e27a345184b0996844ca7Secunia Security Advisory - shinnai has reported a vulnerability in Microsoft Visual FoxPro, which potentially can be exploited by malicious people to compromise a user's system.
ab57aa15575df087eff684cdfcc72675bc3fbb6a8f0783a3b322c4b3d2144a05Secunia Security Advisory - SkyOut has reported a vulnerability in Netgear SSL312, which can be exploited by malicious people to conduct cross-site scripting attacks.
493bbf32e1fdef7938d779800daa1797e2abd6ce081d34a7b862bf525782b227Mandriva Linux Security Advisory - A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges.
fdee7478c7e7ee753aa4ed1d1053cb7018c3e5bd69240cd8459309b0d7473b47S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that allows injection of javascript code in text variables.
6f7f01205b0f297adb9952ea0f556e8783078824cb75a59cf72ff44c90f8079cGentoo Linux Security Advisory GLSA 200710-19 - Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Versions less than 2.0.9 are affected.
5d8dc392bc814f2430ff4729c0bbb583a93e7c361c2421771358d7ced56bf0e9Gentoo Linux Security Advisory GLSA 200710-18 - Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Versions less than 2.12r-r8 are affected.
50f3319e4e75be09131765eacc9544265c63c59560154b3055e4fb1df1ac3accDebian Security Advisory 1389-1 - It was discovered that zoph, a web based photo management system, performs insufficient input sanitizing, which allows SQL injection.
e59744e32fe51d94162d7f1001926ae6bf91d7dbcd87e0acb18b31cc2cdcd882Debian Security Advisory 1388-1 - It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitrary code upon the DHCP server.
2f2edd786eff4abf8efa231c16c5025821fd43b2f3b33d44e6982350990112e2Symantec Vulnerability Research SYMSA-2007-011 - A vulnerability has been discovered in the SMS handler on Windows Mobile 2005 Pocket PC Phone edition which means the sender of the original SMS message can be masked from the recipient when sent a specifically crafted WAP PUSH message.
eee9df452f180ce03cf99ac3571d5c28ecb00ea2370f58c105f853fd6c953f0cTechnical Cyber Security Alert TA07-290A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
e60de499cfb633364bb4f4a095e2156be01665d805ecba8f1483866d65313f70Mandriva Linux Security Advisory - A number of vulnerabilities and security-related issues have been fixed in phpMyAdmin versions since the 2.9.1.1 release. This update provides version 2.11.1.2 which is the latest stable release of phpMyAdmin.
950a6c444693a6c116ddbd1ea0030ebe56553584713ca3267cda047bf590ca96Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. These vulnerabilities are triggered during processing of Media Gateway Control Protocol (MGCP) packets, or during processing of Transport Layer Security (TLS) traffic that terminates on the PIX or ASA security appliance.
81f355236673e2bfd72132b474ed77be4046243f77fb80af0f3b839f7f0c15d4Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco Firewall Services Module (FWSM) that may result in a reload of the FWSM. These vulnerabilities can be triggered during the processing of HTTPS requests, or during the processing of Media Gateway Control Protocol (MGCP) packets. A third vulnerability may cause access control list (ACL) entries to not be evaluated after the access list has been manipulated.
19f7c2422db56ce36d217a8d2be7a8b8bc1b10b3afe8c35ebdb6d3c522893ef4Cisco Security Advisory - Unified Contact Center and Intelligent Contact Management products contain a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View) and the web-based configuration tool (Web Admin).
84f040154fb44f3b5d13105c59fdcd0efab66e9c6020608723f86898628471caCisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two denial of service (DoS) vulnerabilities. Large volumes of UDP Session Initiation Protocol (SIP) INVITE messages may cause a resource exhaustion condition on CUCM systems resulting in a kernel panic. The CUCM Trivial File Transfer Protocol (TFTP) service contains a buffer overflow vulnerability that may result in a denial of service condition or allow a remote, unauthenticated user to execute arbitrary code. There are no workarounds for these vulnerabilities.
43c810a9858087a094b1e5def438dab382b8314997430fcc0c4b3c655ce5c1f5strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
5bc92454395a62bfd1bad8aea7f4996e755416f0ff0e128c2a0fe64304ebf9b1awzMB versions 4.2 beta 1 and below suffer from multiple remote file inclusion vulnerabilities.
df18569bafe08fdf4cb98efe9c646739fac7a0397938fbb7c8743e6e4a4d914fLimeSurvey versions 1.52 and below suffer from a remote file inclusion vulnerability.
265d5167d6be0eb574e84294ebecbf040ce54de728cca6d7d9416bc8f5d3f2e2PHPDJ version 0.5 suffers from a remote file inclusion vulnerability in djpage.php.
c835c301e67f241daf950d0a586a24e0c6895947bd219d789bc377a345a024e2NGSSoftware Insight Security Research Advisory - The Oracle XML DB ftp service contains problems with auditing logins.
2639ac2b24b2c8d5133eff124f15167a71fbd4375eea39277529464a214d3dceNGSSoftware Insight Security Research Advisory - The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a denial of service condition.
e7b0e95883d2072b1a56b5fdfcf4738223ad9c7c04551753f7ce3368ba5e986cNGSSoftware Insight Security Research Advisory - The Oracle TNS Listener suffers from denial of service and/or remote memory inspection vulnerabilities. Systems affected include Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9.
2df77d5f0342cb6ee96c1251a4daebb88b481263665cf072ef864d3780bd5b37NGSSoftware Insight Security Research Advisory - The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection. The Workspace Manager, owned by SYS, contains a package called LT. This package is owned and defined by the SYS user and can be executed by PUBLIC. LT contains a procedure called FINDRICSET which calls the FINDRICSET package in the LTRIC package. This is vulnerable to SQL injection and can be abused by an attacker to gain SYS privileges.
5df31c6c9790c218a2a5535198524baba532d40fd776334551174739a7f50ba0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed