PyString_FromStringAndSize() incorrectly validates input in Python version 2.5.2. Earlier versions may also be vulnerable.
acdffd19a5b36cf9a44eb0ee3ce3dda152701c5d20c417990d3d9dd1d9b1ff11Trillian version 3.1.9.0 suffers from a buffer overflow vulnerability while parsing xml .dtd file types. Earlier versions may already be affected.
fcafe4643044474b29db9e7f7c0acf7a3ba00aa2bc7e6ecf5ae67940bc247807WiKID wClient-PHP versions 3.0-2 and below suffer from multiple cross site scripting vulnerabilities.
67d10cd0b31c2647b3ef2d33f5dd1920c1101c3453e62e3516e332f15ae75f08Exploit for HP OpenView Network Node Manager versions 7.53 and below that demonstrates null pointer, process termination, and denial of service vulnerabilities.
062e9d945b9df97d9120162f8199ce03b02e5ca30110f3b2b605d9e90f2ba9b9HP OpenView Network Node Manager versions 7.53 and below suffer from directory traversal, denial of service, null pointer, and process termination vulnerabilities. Traversal details included.
b678c64f1a63e714fbcbef0b8342dac2ddf40114c6dcf9e9ee0b39b9b5e0daefGentoo Linux Security Advisory GLSA 200804-12 - gnome-screensaver incorrectly handles the results of the getpwuid() function in the file src/setuid.c when using directory servers (like NIS) during a network outage, a similar issue to GLSA 200705-14. Versions less than 2.20.0-r3 are affected.
1c166bbb47281153c9a39e490981d486f4ed1c6a8735bf3de4ea53c10bcbc55aGentoo Linux Security Advisory GLSA 200804-11 - Chris Howells reported that policyd-weight creates and uses the /tmp/.policyd-weight/ directory in an insecure manner. Versions less than 0.1.14.17 are affected.
766f699d0c2d9306218b4336e8c6654f935d83d203878f66b9da42a9d22ca10dPHPKB Knowledge Base version 1.5 suffers from a SQL injection vulnerability in comment.php.
29363879659492f90d2d8f268a7f38271aaba4f7f13f2e2a6056779be2a93c2aBorland Interbase 2007 Service Pack 2 using ibserver.exe version 8.0.0.123 is susceptible to a buffer overflow vulnerability. Denial of service code included.
f8d13cf0ecdd3ed188f41a0ed89fb1542f73bef455232beaaa6e0d99a05ce05aUbuntu Security Notice 600-1 - Sebastian Krahmer discovered that rsync could overflow when handling ACLs. An attacker could construct a malicious set of files that when processed by rsync could lead to arbitrary code execution or a crash.
ccedb1680eb4979f38c133f22c115db7fe4b6eaad17094bfc012870b390b068dNewsOffice version 1.1 suffers from a remote file inclusion vulnerability.
daf43b89ef8b69375021ba7bf3ff43c606dc57b4d6347b2c3bfd03b5b6cb276ciDefense Security Advisory 04.09.08 - Remote exploitation of a format string vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the content of a string in requests. Since this string is passed directly to a formatting function, a format string vulnerability occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
5b88804d6ae7468d490bc8ef3fe7c0ea5e0670d6692d6006ad9bcc470224792ciDefense Security Advisory 04.09.08 - Remote exploitation of a buffer overflow vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. The File System Manager is prone to a stack-based buffer overflow vulnerability. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the length of a string in the request. By making a specially crafted request, a stack based buffer overflow occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
cc3f3fbc0041112ee44d533bc22ba56a70fd751510708f2c713a709b97e17abfiDefense Security Advisory 04.09.08 - Remote exploitation of an authentication bypass vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code. Each of the main components of the DiskXtender suite is vulnerable to an authentication bypass vulnerability. Specifically, the authentication code contains a hard-coded login and password. By connecting to the RPC interface, and logging on with these credentials, it is possible to bypass the normal authentication process. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
e7ab9fbbb99710e5ebe00c8010b6d349ef5bccd241e9f3a13af867571d08d281RX Maxsoft suffers from a remote SQL injection vulnerability in popup_img.php.
aa951ec6c70fbe826dea83bbf12dbedd3ae257524c1bb1d66c9a9e89fc348c88LightNEasy version 1.2 remote administrative hash retrieval exploit.
c627d5d53c261bee0b83393471c59ae5cf170b1364a582da53455c3fd7b817c1Debian Security Advisory 1546-1 - Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.
137ce427cb51f3a2a9023931ca0ec415e7edf60ee595db65106dd886d1da1c6aThe w2b Dating Club script is susceptible to SQL injection attacks. Various other scripts by the same vendor may also be vulnerable.
eae71d8e4052206b043a4fca8eeec62b90307b330b3bfcd1ef3c7953baeaab46Blind SQL injection tool for MySQL servers using a true-false method. You can obtain MySQL information and extract data from tables without the use of quotes.
6b79a23433909018cede551c9ed5088439fea762c64d36abaf2a90dab8f7a976Secunia Security Advisory - Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions.
a9a8e8be28c7d1dac14f880eb35d28b2dda9bb65a29579e49c2adabcbfeaf655Secunia Security Advisory - Debian has issued an update for vlc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
41a9e13587ca0d45a375da4b8136ab19240c690cc553689da6689f8503496024Secunia Security Advisory - Ubuntu has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
1b0e33954044393c50bf69a42d8c93b9ffbbaa36ab0340945928a5dc27621cfeSecunia Security Advisory - Some vulnerabilities have been reported in TIBCO products, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system.
21854be4bde75ce7c6b38a5edd7ea9a8e8d48a6e7f1ce0bd355818a6c512fbff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed