iDefense Security Advisory 03.25.09 - Remote exploitation of an integer signedness vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_11 for Windows. Previous versions and versions for other platforms may also be affected.
3bc84907efc86fab9cc714244a3052994583300cd2f5c0cdbaf928ca680eb1b5Acute Control Panel version 1.0.0 suffers from remote file inclusion and SQL injection vulnerabilities that allow for authentication bypass.
d4f0665235428efebf424f90a99c4376ebe15e8c2d9de65047b14b6ab0c57bd6This is a security evaluation of Frog CMS version 0.9.4. This software suffers from cross site scripting, directory traversal, and various other security vulnerabilities.
afc51897436ec6ce1b456babde7d7c5100b861900330d48f6b4dbe6b435c5635PowerCHM suffers from a stack-based buffer overflow when processing files with the .HHP extension. Version 5.7 is affected.
50beb1abca1fac7fae023040ca0c6ca831492331c8e39f44a9bcd22c4e141334BlogPlus version 1.0 suffers from multiple local file inclusion vulnerabilities.
ac584b938fd7e0850a67571e01db0d823b83ef3f4747a42a23dde97034478120PhotoStand version 1.2.0 remote command execution exploit.
33acea214b6c3109d61b4aebe98cf7eb051be607078d8fc25cdfeec5e27b7d9fadsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
6c0befe65f76510765c0efad2aa8a687d85349928a74a3da5e7d97f5f1dcbef7Secunia Security Advisory - A vulnerability has been reported in the Gigaset SE461 WiMAX router, which can be exploited by malicious people to cause a DoS (Denial of Service).
2d57ea5e7389bf4a91bd3b36da8dae1447c2fe4b75be102c2a6516a3ef84d2c1Secunia Security Advisory - Some vulnerabilities have been reported in VooDoo cIRCle, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
bfb5da1b663fc49f8c7a46782b575b65f09f44ac196ee64313276551fb967d3dSecunia Security Advisory - Fedora has issued an update for argyllcms. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise an application using the library.
195f1769721ee670a9d641fc7b727a28f01456d864eae1073c2ba742d3d4cc91Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges.
d6f6ec0def66d53b75eff0110830f37bb71a0d96ffb70ce175a35f815158acdcSecunia Security Advisory - A vulnerability has been discovered in Jinzora, which can be exploited by malicious people to disclose sensitive information.
fff213c32ff827e33f98ec22249f361d3f7c5e08377c03b7a7d13e81bf005f5dSecunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or potentially compromise a user's system.
060be212755fa2de29b64ebc13151c5e0c31f54b77863de152341bd0406e7bb0Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes some security issues and vulnerabilities, where one has unknown impacts and others can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and cross-site request-forgery attacks, conduct script insertion attacks, manipulate data, cause a DoS (Denial of Service), and compromise a vulnerable system.
26258b610a96509647e54d212ebb1acc9bdf8bd478c8760cd42be326c9f53252Secunia Security Advisory - Slackware has issued an update for for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct spoofing attacks, or potentially compromise a user's system.
3796ebe8ea0cc501252c2709b79b182f526d08691b4ad6aac2dd11b556b35130Gentoo Linux Security Advisory GLSA 200903-39 - Two vulnerabilities in pam_krb5 might allow local users to elevate their privileges or overwrite arbitrary files. Versions less than 3.12 are affected.
d736a5e491154169e90336376e2729432b759f619f95ac81399cad1e946d0d69Debian Security Advisory 1755-1 - Erik Sjoelund discovered that a race condition in the stap tool shipped by Systemtap, an instrumentation system for Linux 2.6, allows local privilege escalation for members of the stapusr group.
85821ca0db4ababee6c5087c25d750720baebc424b47a27ad601f790dfdd2aceRAID 2009 Call For Papers - This symposium, the 12th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. This event will be held from September 23rd through the 25th, 2009 in Saint Malo, Brittany, France.
adc1c96d5fa0218c6c35d29bfa10d45034d865ba869c39395e10f390c401fd1bCisco Security Advisory - A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled.
8401d00ab5208059e231e306c1471fbc3297a33b50140224fd9d3a8a51a6e8e0Cisco Security Advisory - Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
d7c7801e5593cc1d56d45fb532604c74459fabf8eb1ec761e05e4ee6458e597cCisco Security Advisory - A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that can be exploited remotely to cause a reload of the Cisco IOS device.
9aeff3ac6624b0acd51e8bdef45a818417a1cb077cb942319b1ba9325af60d29Cisco Security Advisory - Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.
9e9a90544800678d068057fefc2fb388030582f354d242a3c7772701808ce930Cisco Security Advisory - The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
89c62856369209d23f7e86a8a347090994a2c3bd1eb7ae5366e739c7a69af336Cisco Security Advisory - Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
8be582b635f622a6da5938ea795792eb076c6b771a286c319f11eac43115b214Cisco Security Advisory - Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. A crafted HTTPS packet will crash device. SSLVPN sessions cause a memory leak in the device.
539b67513178c8d6e96c45b5e65a773d7fb06b37cf4b6d9b4a9675a8b9bb63e7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed