Gentoo Linux Security Advisory GLSA 200807-15 - Pavel Polischouk reported a boundary error in the PartsBatch class when processing .nzb files. Versions less than 0.132-r3 are affected.
f5f80a576577f60b33e27b3fd7e0274e881092a7925f2b1e216fac45f1fc4d92Gentoo Linux Security Advisory GLSA 200807-14 - A stack-based buffer overflow has been reported in the audit_log_user_command() function in the file lib/audit_logging.c when processing overly long arguments. Versions less than 1.7.3 are affected.
41576dcfd53f492bbda37de2bd5c04e157a48a1766b1e8c671c9ac52f7d0ca94Gentoo Linux Security Advisory GLSA 200807-13 - Remi Denis-Courmont reported that VLC loads plugins from the current working directory in an unsafe manner. Versions less than 0.8.6i are affected.
704516c3977bd41907e153237008613021d592964b19a35792dae3c1b50b3264Secunia Security Advisory - Travis C Johnson has discovered a security issue in Acronis True Image Echo Server, which can be exploited by malicious people to disclose sensitive information.
3583dbcc404d30541a658a4bfecd002a980a8780527b6b8ae39d627e9c60a649Secunia Security Advisory - R3d.W0rm has discovered a vulnerability in nzFotolog, which can be exploited by malicious people to disclose sensitive information.
f95e240f2f76da9e635c2e06c31d1680b2b4ad9bf8f472c1c3c79de0074d8d4cSecunia Security Advisory - A vulnerability has been reported in various Panasonic network cameras, which can be exploited by malicious people to conduct cross-site scripting attacks.
2873502bc603667d4029d9fd29b230da5c249d7236b807424998f2b0bba9f653Secunia Security Advisory - Debian has issued an update for newsx. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
906e3351f296717042b5f9324a04c3afa31eb51a076a89261e9ec37e57f9f10aSecunia Security Advisory - rPath has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
6bd28208e9c92ba4d4fc39df7a651e74d2849a914e5f7a6f2ea917aeda73080dOpenCT implements driver and middle-ware for smart card readers. OpenCT drivers can be used via the ct-api interface, the ifdhandler interface, or its own interface/middle-ware. It implements drivers for several USB crypto tokens, USB smart card readers, serial smart card readers, and PCMCIA smart card readers.
737cafaef803e21d63c61a196b07b61c1ba47320a24b9c7c2790c68f92719b6aOpenSC consists of tools and libraries and a PKCS#11 module to use smart cards and initialize blank smart cards. It supports many commercial smart cards with filesystems, many national ID cards (read only), and some Java Card cards with specific Java Card applets. OpenSC implements the PKCS#15 standard. Cards initialized with OpenSC can be used (read-only) with other software implementing PKCS#15 standard and vice versa.
ea675faba447ea0e10393b5b40fe510c360d60d9f25b37b2e7b411ac705bebb2Pam_p11 is a pluggable authentication module (PAM) package for using cryptographic tokens such as smart cards and USB crypto tokens for authentication. Pam_p11 is very simple, as it has no config file, no options other than the PKCS#11 module file, and does not know about certificate chains, certificate authorities, revocation lists, or OCSP. There is one module that uses the $HOME/.eid/authorized_certificates file (like the old pam_opensc did) and one module that uses the $HOME/.ssh/authorized_keys file (like ssh does).
baad7142f703eb31000ef9ff5242364b29cf70a85db4e2eee0fdf871cce38fb8Libp11 is a library that implements a small layer on top of the PKCS#11 API to make using PKCS#11 implementations easier.
180a916e595981b5bc499722af96c621612591d496d29c3d2a2faca4eedab537PHPX version 3.5.16 suffers from a cookie poisoning and login bypass vulnerability.
4446468690e6eb807b546f26f3063774d760766617d43f7ecb0e41eb42716c04Symphony versions 1.7.01 and below remote code execution exploit.
d649c388da96d81d4817c032899cd853dc166aa7249c5ebb7b97ae3a66a8e1e2Coppermine Photo Gallery versions 1.4.18 and below local file inclusion and remote code execution exploit.
94ea3ada86d4e6c5538a431a7bb6f62b290b4dbf11a66e78b863951d9948b259LetterIt 2 suffers from a local file inclusion vulnerability.
2b2e71cf3e62fcc6162b93cc404d26d9c0228c579a3a96c8a57021fef2970aa9The PozScripts Classified Ads Script suffers from a remote SQL injection vulnerability in product_desc.php.
bd93374f038ba112535b6063c0f0d33c0ec3bff7f239eaeafcbaa9e3d1e9dd77iDefense Security Advisory 07.30.08 - Local exploitation of an untrusted path vulnerability in the "dbmsrv" program, as distributed with SAP AG's MaxDB, allow attackers to elevate privileges to that of the "sdb" user. When a local user runs the "dbmcli" program, the MaxDB executes a "dbmsrv" process on the user's behalf. The "dbmsrv" process, which is responsible for executing user commands, runs as the user "sdb" with group "sdba". This vulnerability exists due to improper sanitization of the "PATH" environment variable. By prefixing the "PATH" environment variable with a path under the attacker control, one is able to execute arbitrary code iDefense has confirmed the existence of this vulnerability in SAP MaxDB version 7.6.03.15 on Linux. Other versions may also be vulnerable. with "sdb:sdba" privileges.
158672240f8706b9c88752b0eb9e203b6dfa95613bb249e05f3a62e8c726652eDebian Security Advisory 1624-1 - Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code.
b29c91b76df018f464a01f3c193d583d01ad1689c8553d25facd12a8e30d941eSecunia Security Advisory - dun has reported two vulnerabilities in M
dce24aa74eaa031ee1f500dfffb101839804e5b6ddb3189db81826d33e44ce43Debian Security Advisory 1623-1 - Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
b6de58ca36bd325b55f6acf8f6ccfdd15238877d7d6c017c9213c7f22dd8e43eThere exists a buffer overflow vulnerability in the way CA ARCserve Backup for Laptops and Desktops handles incoming messages. The vulnerability is due to an integer underflow in the LGServer service. Affected includes CA ARCserve Backup for Laptops and Desktops version r11.0 through r11.5, CA Desktop Management Suite version 11.1 through 11.2, and CA Protection Suites versions r2, 3.0, and 3.1.
c8a9111e2b27cd364d4a846aac3a804f27e1ce5e9a81295a60fd73c9a69b7430csphonebook version 1.02 suffers from a cross site scripting vulnerability.
b04e76d9d27133c1a3de0fb915b816dc2a59f0ceea482a2419699ba3fafdc407Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in K9 Web Protection, which can be exploited by malicious people to compromise a user's system.
36e68eea0bde73e5cd4eefcb30ae22687f7b95ecc9df4dc40bd4a36a7d47fbd1Secunia Security Advisory - Stack has discovered a vulnerability in PHP Hosting Directory, which can be exploited by malicious people to bypass certain security restrictions.
608ef3d493b741b6b732b986190b9ad401e93b13861369e1c555b27514f096f8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed