Ubuntu Security Notice 581-1 - It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or possibly arbitrary code execution.
5d4d28d71aa4196dfa553f35b8d5f246c6709cc8f02570229ae7a03326162b71Gentoo Linux Security Advisory GLSA 200802-09 - An integer overflow has been reported in the cli_scanpe() function in file libclamav/pe.c (CVE-2008-0318). Another unspecified vulnerability has been reported in file libclamav/mew.c (CVE-2008-0728). Versions less than 0.92.1 are affected.
3e3fc3298d336111117cb9c591a0cf4913c8f3d65d8884515732f489c503c3afDebian Security Advisory 1501-1 - Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails.
83c513ad520fd2159e715aeb3ec2e2bc13585a139d2efadad7d9d06c9d0156c1Debian Security Advisory 1500-1 - Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp.
114ea5757e00b541b0d215690282a991b4b37f238ae60441cafb8b9abd16b2c9The PHP-Nuke NukeC module version 2.1 suffers from a remote SQL injection vulnerability.
a27a60b9bf8b52bcd30a211ae04307d7f8c4c49fc6d02249b2e00a9190485acbVMware Security Advisory - This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.
af87f71c42e6aa0e473a56dc13773e081ca262c64e1a2f396e37c8aeff184654Test program that reads chip and PIN credit cards using the ENV standard. This will most likely be integrated into RFIDIOt in the future.
20b53eb58d591db2ef8bb38ff3e67340c1adf0d38ec1d3911920f448bd3f4e8dOs-sim versions 0.99rc5 and below suffer from SQL injection and cross site scripting vulnerabilities.
ae879ef650e4cf8dad9b1f29043362efdc9e1aa632b8ff245a8e5768b71e280cSecunia Security Advisory - A vulnerability and a weakness have been discovered in PunBB, which can be exploited by malicious users to manipulate data and by malicious people to conduct cross-site scripting attacks.
18a2c590af4cd7f6bdf2c81f1511c1ae43e92cc3b117c99814cc76a33b90ae61Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in Sybase MobiLink, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
0f90a08f7ef4638d1bbd8b0428a5c924c236e7eb809f167acc8bacd437ee17c6The XOOPS tinyevent-print module suffers from a remote SQL injection vulnerability.
e03b3583082375167ea461584f6aa1923acbefbed3e6780dda87db4d45eb7e1aThe PHP-Nuke Downloads module suffers from a remote SQL injection vulnerability.
ff5269649e7624bb8b06c716a52bbe45eb73f2a3f4b797eb2526a0eb04e17c9cThe PHP-Nuke genaral print module suffers from a remote SQL injection vulnerability.
00f9460dd6966147ea5d2c8e1f9e7bf0ab905d554170ffe4e1e6645426ee2ab5The PHP-Nuke Classifieds module suffers from a remote SQL injection vulnerability.
e5df2fdc46dfb3ccaf75d9ff9c8049a7ede04b9cc881cdec72c609b5ded9d75aThe XOOPS prayerlist module suffers from a remote SQL injection vulnerability.
06182cf055d43c88e971b134f580eefd10da716a55019a800902b1bc9fccc7f3The PHP-Nuke BenchmarkNewsInjection module suffers from a remote SQL injection vulnerability.
a29133a66abbce65924feee545e5198286f021a3a2d918b601ac48e96b507cf2The PHP-Nuke Dossiers module suffers from a remote SQL injection vulnerability.
910dfe8996c962b30546557c2b03adaf25e5d3d0fd9e43ee74c06e46e61d9960HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
8428e3bec07e11942ba74656c6c79289542270d6cc6c39ae6e047259107e1950Ubuntu Security Notice 580-1 - Devon Miller discovered that the iso-info and cd-info tools did not properly perform bounds checking. If a user were tricked into using these tools with a crafted iso image, an attacker could cause a denial of service via a core dump, and possibly execute arbitrary code.
9e4b0a9dc13824192aa65c5fa9427e583bb4a29fe5b549c6b485588ed33ff8ebUbuntu Security Notice 579-1 - It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates.
3579c00055d6f9b733cef375436b246bb5146f214d0a228e144cf30ba520a61eBeContent version 031 suffers from a remote SQL injection vulnerability.
e0dd8a28780a1717ebcfed60e8917e6b2a8773816dfdf319496f04f9ec7c7e98The Joomla com_joomlavvz component suffers from a remote SQL injection vulnerability.
2918f9317bdeeed81578da7c0663b2f09ac7f230a085c565b0550845cc4aef19The Joomla com_mygallery component suffers from a remote SQL injection vulnerability.
dab27ddbfd29b2fb15e2e51ea168f70bd09e5c0e5de9253c36971a6630f6212dThe Joomla com_idvnews component suffers from a remote SQL injection vulnerability.
f97694b941ccabd240fc09d56a9972580ac5a68fda5ac08ff1c1f8249fc07673The Joomla com_asortyment component suffers from a remote SQL injection vulnerability in the katid variable.
505d19a5671b10c1e3989e346b459d36a06d59521cc11e0be1161dd7c73ca173
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed