Secunia Security Advisory - Steve Kemp has reported a security issue in GForge, which can be exploited by malicious, local users to truncate arbitrary files.
2bfc40055be9e340636cca6c886efd80a5830b5325d5d1cf80bfca6ce0d4e6abDebian Security Advisory 1404-1 - Nicklous Roberts discovered that the Reupload module of Gallery 2, a web based photo management application, allowed unauthorized users to edit Gallery's data file.
f6dbcca469b48877d6541f9e407a1d04039579a9572981a4828578fb71b475b6Debian Security Advisory 1403-1 - Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. phpMyAdmin allows a remote attacker to inject arbitrary web script or HTML in the context of a logged in user's session (cross site scripting). phpMyAdmin, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
5275b7baa9165af8d22a446add0146d3d8e3389b49ff250971b8842ec17a09dfMandriva Linux Security Advisory - Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application.
3b9006457f55ff18302549bd4b513e42d66044213a2534660b722df0edd73633Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application.
a5688269ba38ff2594f8c33dd1958f9064867a84d21bdbfad1a41d241a25ba37Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application.
6100aa32ba93ef797e786064d674594b640d02b982977ea5ec14502fb63992d8Asterisk Project Security Advisory - This advisory is a response to a false security vulnerability published in several places on the Internet. Had Asterisk's developers been notified prior to its publication, there would be no need for this. There is a potential for a buffer overflow in the sethdlc application; however, running this application requires root access to the server, which means that exploiting this vulnerability gains the attacker no more advantage than what he already has. As such, this is a bug, not a security vulnerability.
02df8010a89c1828facd661e89d15aad1405eb934f5d1de64b09abe22dfa82aeLotfian BROCHURE Management System is susceptible to SQL injection attacks.
141b778b9b733162bec7b98c3436a2e8eb29a8a7f53b27096239e4c95b5a949fHP Security Bulletin - A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access.
9f1dfb4ad7933eb8ae23efa5346d83294dc0619c55d077903ccf53f4a2d44950Gentoo Linux Security Advisory GLSA 200711-13 - 3proxy contains a double free vulnerability in the ftpprchild() function, which frees param->hostname and calls the parsehostname() function, which in turn attempts to free param->hostname again. Versions less than 0.5.3j are affected.
5a2e29132e28c85806baa943eba77c072b346f02871347521f8a388de06ba4beGentoo Linux Security Advisory GLSA 200711-12 - Jan Oravec reported that the /usr/bin/tomboy script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 0.8.1-r1 are affected.
f8bda11dcc30f436bbd2cba1aad856429dbb9a8ee0aa970c796cc837a1add317Gentoo Linux Security Advisory GLSA 200711-11 - fabiodds reported a boundary checking error in the check_snmp plugin when processing SNMP GET replies that could lead to a stack-based buffer overflow. Nobuhiro Ban reported a boundary checking error in the redir() function of the check_http plugin when processing HTTP Location: header information which might lead to a buffer overflow. Versions less than 1.4.10-r1 are affected.
fa85ce9af9a76f2a21e21469d1b003de6f96e6770b9a6f89157354edbf19b523texinfo versions 4.9 and below format string proof of concept exploit.
7e169d4c12d029417b18bc9174f3cc127fa7d50c03bce1d3d93ba9916b25bba0OpenPKG Security Advisory - Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. The bug manifests in a possible buffer overflow in the polymorphic "opcode" support code, caused by ASCII regular expressions that really are Unicode regular expressions.
fd63d18ae40b88066a847d408cc8dc4b528e6881d49215b4b27af6316352df80Rapid Classified suffers from a SQL injection vulnerability.
ec5d47b8f60532c130e473890abaa959969a14223480fd1e09061332ce334c35Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
dae9be447ea202eb4d5eeb0cba317136fe15861630c1562730ff011f8ecb33c7NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
14de73105fa89c37441fa77e42deab0e32b4ed69324c72c11f55e8cbdaedeb3cSecunia Security Advisory - Some vulnerabilities have been reported in GNOME gpdf, which can be exploited by malicious people to compromise a user's system.
a8121a819a58300fed01d4aeba957f97b96a0f3f6abd99a20dd0edbebbf30110Secunia Security Advisory - Debian has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
5bd86ee5135515a8c7693b51df950218be993062f546e58e3cab2d7e3c09d6b1Secunia Security Advisory - Some vulnerabilities have been reported in PicoFlat CMS, which can be exploited by malicious people to bypass certain security restrictions.
02d2668d5b5f1e7c1f06721c074a3d4ba542ca283e0efe0686593f99d386a87eSecunia Security Advisory - rPath has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
dec0483063605bf16baa5c10f7c5cdea089e3730e8366b8035ccab9e0dadc014Secunia Security Advisory - A vulnerability has been reported in C++ Sockets Library, which can be exploited by malicious people to cause a DoS (Denial of Service).
c6f8e6d24014948903f8fc4b50241ff46096feb3f2f2d6d79cf27396f455100eSecunia Security Advisory - Debian has issued an update for gforge. This fixes a security issue, which can be exploited by malicious, local users to truncate arbitrary files.
7513f716175088c7f1f1ef5e10717cb86513dd29777c219fdef0f1776f77810fSecunia Security Advisory - rPath has issued an update for pcre. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise an application using the library.
0747c8c852656c97e7c8e72706a693e96d6aac533aa317ac15be3e73640a4172Secunia Security Advisory - Mandriva has issued an update for xfs. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
94e09903219b7dfbc4a3d00019c3ae4139d9879020ce9289e9b5ebcaf1386cb2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed