Ubuntu Security Notice 597-1 - Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family. A local attacker could exploit this flaw on systems with IPv6 enabled to hijack connections, including X11 forwards.
a538419d13e0a2c12e6e316531afe52f9d30f7e21c02b96fe33093daae43e69bGentoo Linux Security Advisory GLSA 200804-01 - Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Versions less than 1.2.12-r7 are affected.
b3a1d6290a902ca1f3a0f7c2852b2f0b06dc67e5eff8404f7fe618e8e9d1e99aThis Metasploit module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.
fe18e54c7136e0f4ddd02005a5baa3b152573f829ae72ec39f0b69c9755ba6b6Exploit for the heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.
9c9470fc73ec08b731d851e037405e4cdd3056a7576b171fc5620b4f9224c9bbMicrosoft Office 2007 has a design flaw that allows outbound HTTP requests to be made when a document is opened that has a digital signature.
b4cb7f3e817924351a210a026c7bec9e430863cef89fb05b4f7fa6540b4f7384Windows Live Mail has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.
4d5511e520d30bf9ecbbdb40513e02a8b285c8a0a0062c017da8916a99f7afc5Microsoft Outlook has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.
1ff267973798cd8447b986b796dd166b737f9cbfe9fb69d0bef95485ff36340aDebian Security Advisory 1533-2 - Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. This update merely adds the packages for Debian 3.1 sarge (oldstable) which were missing in the previous DSA.
f216ca24b3ab1a9a05efec5902aaf2dec3394ff764813985896d78e9f8d0d7aeeggBlog version 4.0 password retrieval remote SQL injection exploit.
8485c6faa016e0c0d44936fffc083acb9979267a7b07956ed2d8136d077897deCevado Technologies Real Estate CMS suffers from a SQL injection vulnerability.
2785ebab9a04e12edf4d635d02193d884fb0ced1eb614d0903f4e90c5d57c671The Mambo ahsShop component versions 1.51 and below suffer from a remote SQL injection vulnerability.
d07c93df29f5beed7bcabe9d3a2fb574fee3f37f6e42a1a401d69194ba2a06ebTerracotta CMS is vulnerable to local file inclusion and arbitrary download vulnerabilities.
914b9f65afebce60b79e96c44ac74a28824c6daf97392b4445e3621ed26701e7FaScript FaPhoto version 1 suffers from a SQL injection vulnerability in show.php.
591695377e3e1223ed7caae7f162935176fea762153980bbf93bf5c1baf6c339Debian Security Advisory 1536-1 - Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content.
fab16d0e5e9613a38e131a5540e6b1deca18ee6d6d803c2faf22cc0f1e8ea324EasyNews version 40tr remote SQL injection exploit that also documents cross site scripting and local file inclusion vulnerabilities.
3366fd10169e6cb1b38097b04ea61a44f0debc2df161d732e1607e08125a5979Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in LANDesk Management Suite, which can be exploited by malicious people to disclose sensitive information.
e6b8af9bcbc98061dae1389319558df2551cd96349f528944f70713f65ff93bcSecunia Security Advisory - A vulnerability has been reported in Phorum, which can be exploited by malicious people to conduct SQL injection attacks.
9753f55f87b60f76d7197bd2e73a401e61823d312ae9ca029c7fb34784075094Secunia Security Advisory - A vulnerability has been reported in Macrovision InstallShield, which can be exploited by malicious people to compromise a user's system.
b04ed31dff49ae2a42268735d2369a925d77c501dd74aca3311092bc16f7d076Secunia Security Advisory - A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system.
28c3f4ada7ae732b319dd39c13c17550dd255508e9362311c94e39a893f01aefSecunia Security Advisory - A vulnerability has been reported in Sympa, which can be exploited by malicious people to cause a DoS (Denial of Service).
0ab40ceeaa25f570b77348e4bda1520d7fd9eed1f251108593ba2dbbaebaa850Secunia Security Advisory - shinnai has discovered a vulnerability in Chilkat HTTP ActiveX Component, which can be exploited by malicious people to overwrite arbitrary files.
901f6a2f67ea08beab1ac705424d6539dc3dd76800e38f73753c191f9ef7ae50Secunia Security Advisory - Dr. Crash has discovered two vulnerabilities in Sava's Link Manager, which can be exploited by malicious people to disclose sensitive information and to conduct SQL injection attacks.
4e53a59c21ebc1441ebd0cfabbb2c50922bdc76590bc64e89abd3d780ad9f1ccSecunia Security Advisory - Dr. Crash has discovered a vulnerability in Sava's GuestBook, which can be exploited by malicious people to disclose sensitive information.
e2fc8ff155a2feec659a3b846abeda04963639735bde88a51482cc73dbf31ddcSecunia Security Advisory - Debian has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
fc81be9c8d76230a961583d027978a1d88edc0c0f73fea3dfa32e5b359ab6a69Secunia Security Advisory - BL4CK has reported a vulnerability in the WP-Download plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
2aa7f74e11ce329d87161d641cf32437e79966429478a2a2e4d61536963ef724
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed