Gentoo Linux Security Advisory GLSA 200812-11 - Several remotely exploitable bugs have been found in CUPS, which allow remote execution of arbitrary code. Versions less than 1.3.9-r1 are affected.
827cf9ee7779b7a80dd45cbbe00a496e41377152190668ccd97c51324afc527bCA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.
c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67aMicrosoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.
68f9fa88b21b8862740cac4d6058e5ea49f525f8a10b4724d1d4297a7a3e4da5CF Forum suffers from a blind remote SQL injection vulnerability in forummessages.cfm.
ebc826e3757bc8e495970a7e3759749423bfb04df583e504d7bedc54766f8a97CFMBLOG suffers from a blind remote SQL injection vulnerability in index.cfm.
99fee75837ee20f62c240d0ffc1c1f7934ba8a5ff7036a95879da3fa4d70a37fMandriva Linux Security Advisory 2008-240 - Alfredo Ortega found a flaw in how Vinagre uses format strings. A remote attacker could exploit this vulnerability if they were able to trick a user into connecting to a malicious VNC server, or opening a specially crafted URI with Vinagre. With older versions of Vinagre, it was possible to execute arbitrary code with user privileges. In later versions, Vinagre would abort, leading to a denial of service. The updated packages have been patched to prevent this issue.
39d368ad79c4624b60368ed3801cfa631cf29c75ff6e77ddce8838a0cbd8afe4Max's Guestbook version 1.0 suffers from a cross site scripting vulnerability.
6929c525157307cfb8c066422be51c338b5e131994e4ab28e2455268cf6d607eCF Auction suffers from a blind remote SQL injection vulnerability.
6893efae3026ceb24806ed2f478acc9942a8c8b8f726704da885fb0b40dec9afCF Calendar suffers from a remote SQL injection vulnerability in calendarevent.cfm.
f0fac2796a6d478bf1285aebff0460edc1e34ad258d71f9e816f57f184a457e3iDefense Security Advisory 12.09.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel spreadsheet could allow attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation. iDefense has confirmed the existence of this vulnerability with Office 2000 SP3 fully patched as of July 2008.
4441eb16250d65d8bc6ff4a748607eb35ff4755d0a9fde4c53f0225021c96e4dCF Shopkart version 5.2.2 suffers from remote SQL injection and database disclosure vulnerabilities.
693f24f76e8795a2c9fadc701f58825470b74b5f39b01fd5cf08865a23644a83Butterfly Organizer version 2.0.1 suffers from a remote SQL injection vulnerability in view.php.
7a32fc917b63a62485b3b5b92f85145c7297227227ad6036aa9d06884c1fe042Nebula is a data analysis tool that automatically generates intrusion signatures from attack traces. It runs as a daemon that processes data submitted from honeypots. New signatures are published as Snort rules and can be used to defend a network from future intrusion attempts.
6d90fe1c5c1d81045134485e8ee4e888e9fce5d4323a2b6b321bf8a9765fc856HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
471823d5e54224359fc29c8657b25f4c4bb648e0288c1c9d07f9b36f3614c09bSEC Consult Security Advisory 20081210-0 - By calling the extended stored procedure sp_replwritetovarbin, an attacker can write limited values to arbitrary locations in process memory. This vulnerability has been described in a prior security advisory for MS SQL Server 2000.
35360a7acfa1a99b8a092110b58250c85ed5ca8c4ccd0d0b760cbb8a46b38a39It is possible to protect an ELF binary against f-prot by corrupting its ELF header, while letting the binary completely functional. F-prot will crash when analyzing the file, letting the possible malware undetected. f-prot version 4.6.8 for GNU/Linux is affected.
a1424ff8ad9ff444b319433fdf1a2163ec6ad872d6772bed154f4806cb4e88dfSophos Antivirus deterministically crashes (segmentation fault) when analyzing corrupted packed files for multiple packers: armadillo, asprotect, asprotectSKE. The same behavior has also been observed when analyzing corrupted CAB files. Sophos SAVScan 4.33.0 for Linux and possibly others are affected.
9228d18fc3b87e9dfa481b98001a67b62060706c5652631568b031109f3efa05AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files. AVG for Linux version 7.5.51 (current) and possibly other versions are affected.
5e961e37dbebcceed6eeb4bb17a3094e91573d02baa5556259658da15b68d26fMultiple buffer overflows were discovered in the GNU/Linux version of Avast when analyzing corrupted ISO and RPM files. Avast for Workstations version 1.0.8 Trial versions and possibly others are affected.
45808bf369b9de88af97274c0bdbdb9c6a37f8c49f6d650f396a93a786278eccMultiple integer overflows were discovered in the GNU/Linux version of Bitdefender when analyzing corrupted PE binaries packed with neolite and asprotect packers. Bitdefender for GNU/Linux versions 7.60825 and below are affected.
e166e24e386d19eeb0be908dfb8aff0db2050d27a19747733c8f6db105b3d5f1Clamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files. Versions 0.93.3 and below are affected.
af9e2f87235c167df539925d2d3e6d8133912250f66b6b29626b3fb8d4cbdf95Microsoft Internet Explorer 7 XML parsing remote buffer overflow exploit that spawns calc.exe.
bf0cf3c2d60be063bd15565d0f2e4c146b0b396c2c2fd67bb3b37d350e1ecbe3Core Security Technologies Advisory - A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could execute arbitrary code with the privileges of the user running the MS Word application.
6f84551f3249c3aa35a7feb4f055de3b8c4220bfed506d6013db37f88a75caecInsomnia Security Vulnerability Advisory - A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.
0ebee2503764c3f44cce43818618fb05a3255230042be4a70fb22d4b93f6b573NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
877b7e9b725720cd726819e5c02975055cb56ed9c064fc11b6e503f648519c32
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed