Kiwicon '09 Call For Papers - This year Kiwicon will be held from November 28th through 29th, 2009.
a1b80a48f307d2f41844c793e4aa75d2285dbceb749436ac8b32d0882aa8e003Ubuntu Security Notice USN-816-1 - Moxie Marlinspike discovered that fetchmail did not properly handle certificates with NULL characters in the certificate name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
f84db5283372ab8ae42ba4dff0f41857f47a11217c3e188b9ac25bc8e7124c00SAP NetWeaver Application Server version 7.0 suffers from a cross site scripting vulnerability.
610f63e221cf5f949da2e1908a76e98d823e3e6ea118b70ae0b3851af53f78bfSolo Artist websites suffer from a remote SQL injection vulnerability.
091da3a309c6e3d2c31d335ce30251e3a502860a8ac1f4f060090592ac9a9c62Microsoft Wordpad on Windows XP SP3 memory exhaustion exploit.
841a5199863cf199f595ac60421069edd4b38c15d2488e722bd45fadae96fd56Shorty version 0.7.1 Beta suffers from an insecure cooking handling vulnerability that allows for authentication bypass.
c8a4a0c14c920cf3542bc100815086b75f34ae49a560971714b7134aaf48864fPositive Technologies Research Team has discovered a privilege escalation vulnerability in Windows Message Queuing service (MSMQ). The IOCTL handler in mqac.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system or execute arbitrary code with SYSTEM privileges.
8ffd0feedce3b0229ddad304c6664e17c7f172827df31047e4e31a0d9b51cb9aPlume CMS version 1.2.3 suffers from multiple remote SQL injection vulnerabilities.
5bab71211c2f6a9682fddb09d837104f9ba905d676baa82f8739cd6ac897894fDebian Security Advisory 1860-1 - Several vulnerabilities have been discovered in Ruby.
11affe671bc325d35bbacdaba1cc0dff84af2b4d7f43397ff4731fd74ebce484Chavoosh CMS suffers from a remote SQL injection vulnerability.
5d8b0d5eabab77269e7db713b44de77861e2b73ac20e3557c77c7855831cb827Gallarific Photo Gallery versions 1.0 and below suffer from arbitrary delete and edit vulnerabilities.
9427a5192b7c90ffca967f07d2b87723cd28ea3ba3f68619ba9b72b7ce598bbeMandriva Linux Security Advisory 2009-201 - socket.c in fetchmail before 6.3.11 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This update provides a solution to this vulnerability.
62d87310d1b7c54e45458614ca4c8fb88bc2d0ec7cd3071189a4242f8e2c8506Mandriva Linux Security Advisory 2009-200 - Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. This update provides a solution to these vulnerabilities.
7e6657952e115da5b19bd1bde6b82731faf8087d3e384fe835d033a219a639b3Gazelle CMS version 1.0 suffers from password reset, local file inclusion, cross site scripting, and remote command execution vulnerabilities.
eba2b3c41ae5e77c75a8f1c5bf03e2abb521b03ade02a8a05b9981a69224a2522Wire Gateways suffer from a remote password reset vulnerability that allows for authentication bypass. Versions 2071 Gateway, 1800HW, and 1701HG are vulnerable.
bcf03cf41785e1546ced74abf07c45219887bda85fd037204944016c0203f0b3Safari 4 versions prior to 4.0.3 suffer from a Top Sites hijacking vulnerability. Proof of concept code is included.
f0bc8d79203a653e1efd471cc613e69ab50203cd696d1fc4f46afd708760d5fbJibberBook suffers from comment information disclosure and html injection vulnerabilities.
98ab48bd1dff2c59cfeeb6cbec8d5fb2e76d6cbef008a405220e5798e9ad7760HP Security Bulletin - A potential security vulnerability has been identified in Samba running on the Internet Express for Tru64 UNIX. The vulnerability could be exploited remotely to disclose information on the Samba server.
5fdbf41b12769d64a1911ec21ebaef9f9088fe5065040d53d43411b9563677b3The Mu Dynamics Research team has found several vulnerabilities stemming from unsafe use of the sscanf C standard library function. Asterisk versions 1.6.1 through 1.6.1.2 are affected.
4b4ca564af6eb635dec77a8869f1db6582e448ddc90620d17fb84789c0b6f227Easy Music Player version 1.0.0.2 universal local buffer overflow exploit.
789a6d932e4542932b3551b62d1cbd4b1743afa756cefe98ac1097968ea10c1d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed