Core Security Technologies Advisory - A remote arbitrary-code-execution vulnerability has been found in Libpurple (used by Pidgin and Adium instant messaging clients, among others), which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. No victim interaction is required, and the attacker is not required to be in the victim's buddy list (under default configuration). Libpurple versions 2.5.8 and below are affected.
f363baeb98fdd656675988b12ada553e50c4b259ca0340eeb44952b1b17ac21dLinux 2.x kernel sock_sendpage() local root exploit. Written to exploit kernels on Android released prior to August of 2009.
fd16f6a447a65587cb5e3d1d2098b300f6f3adc7d0b25f1f47293e1ea78c3458VUPlayer versions 2.49 and below universal buffer overflow exploit that creates a malicious .m3u file.
bef2420aac1e9154823240a8f0bcb8f9b4de077b3a53b8f5c08ff991132fd9faCA's technical support is alerting customers to a security risk with CA Internet Security Suite. A vulnerability exists that can allow a local attacker to cause a denial of service. CA has issued updates to address the vulnerability.
9c3d68ac3dad0276ab9339d015dc14dc652b5e16394e015cb1e8cb17467ad31fCA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service. CA has issued a patch to address the vulnerability.
f455554c212e25843047986dea31c1900e3efee354d31a7324a20d7fd58aa3a3Gentoo Linux Security Advisory GLSA 200908-10 - An integer overflow in the PNG handling of Dillo might result in the remote execution of arbitrary code. Tilei Wang reported an integer overflow in the Png_datainfo_callback() function, possibly leading to a heap-based buffer overflow. Versions less than 2.1.1 are affected.
9713950b61dbbb2436c43e54b7f1ebf3a2ceadaae7fb79b2a1c3f0bac7036199Gentoo Linux Security Advisory GLSA 200908-09 - An input sanitation error in DokuWiki might lead to the disclosure of local files or even the remote execution of arbitrary code. girex reported that data from the config_cascade parameter in inc/init.php is not properly sanitized before being used. Versions less than 2009-02-14b are affected.
8b96fac7efc0ee3126be3a0d99cc84c023ee7cf9d25eef4eb7555cc0b3410e35asaher pro 1.0.4 suffers from a remote database backup vulnerability.
c3f45037cc7a8b63cacb8bd80b8757c023e06c4c84c240d2e06f629151a80dd0Traidnt UP version 2.0 remote SQL injection exploit.
5cef782cd3c9c76717d4a315d8615c1a65134e4adc974b57653b528faaf6e7d8secure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised.
d3789ad9fb98fe1800b2b66250851c6a83e32b00fc350b9daab757600f0da2e8Gentoo Linux Security Advisory GLSA 200908-08 - dhcpd as included in the ISC DHCP implementation does not properly handle special conditions, leading to a Denial of Service. Christoph Biedl discovered that dhcpd does not properly handle certain DHCP requests when configured both using dhcp-client-identifier and hardware ethernet. Versions less than 3.1.2_p1 are affected.
ff0d14334baad78d4797effa091995831fdfeb854f674eb3f33ffb6e0fcab7f5Gentoo Linux Security Advisory GLSA 200908-07 - An off-by-one error in Compress::Raw::Zlib and Compress::Raw::Bzip2 might lead to a Denial of Service. Leo Bergolth reported an off-by-one error in the inflate() function in Zlib.xs of Compress::Raw::Zlib, possibly leading to a heap-based buffer overflow (CVE-2009-1391). Versions less than 2.020 are affected.
4a49f705f825d516631a540be3743e3d68ae6a34883fbf64195eb093757ccf16broid version 1.0 Beta 3a local stack overflow proof of concept exploit that creates a malicious .mp3 file.
594ea519883c8b105ed6bb46b9116602d439c01df883b1c2f5e269db245e38efHTML Email Creator and Sender version 2.3 suffers from a local buffer overflow vulnerability.
b676c38626b33981c213d7fdb520a9bde1d6b336c2645301ab64da167a43d1d4Linux kernel versions prior to 2.6.30.5 cfg80211 remote denial of service exploit.
45970a756cf7a9942c7a2e7c7b0dc26134f658d3ccb8fb4c7b15f7dd91b61591Gentoo Linux Security Advisory GLSA 200908-06 - Multiple heap-based buffer overflows in CDF might result in the execution of arbitrary code. Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList64(), SearchForRecord_r_64(), LastRecord64(), and CDFsel64() functions. Versions less than 3.3.0 are affected.
1bd5bd3dad245c313d20fc41d27f1e98d2a4c5dfa825c03f9bd1d513d3f29940Gentoo Linux Security Advisory GLSA 200908-05 - Multiple integer overflows, leading to heap-based buffer overflows in the Subversion client and server might allow remote attackers to execute arbitrary code. Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows. Versions less than 1.6.4 are affected.
d43f69725d63bd8f7091d436ccc1cfea30581f616138c0d0af38760567e35a80PHP Email Manager suffers from a remote SQL injection vulnerability in remove.php.
7b980331fd191ef070e4bc3d1164d223ae22f053a7b172a010c5004ea6a984b7Videos Broadcast Yourself version 2 suffers from a remote SQL injection vulnerability.
680c65e3517904afb569b5d47a0cf2465eff6c7f72473e0e6efe5043520e8564Arcadem Pro version 2.8 remote blind SQL injection exploit.
661392f8771ed718c34e9aa9960688d82c8f125addfb21a791381298cb5d8ca0Dreampics Builder suffers from a remote SQL injection vulnerability.
d1ee48421d66c67f358b7b8ae00c453205d2c540ba051e49d86ed0744ad4c382SPIP CMS versions prior to 2.0.9 copy all passwords to XML file exploit.
58282d3eb767390b7e7216751ce34103095607b10e5834c7a894e4562c1c7059Ultimate Fade-in Slideshow version 1.51 suffers from a shell upload vulnerability.
5c7a7c01d54c43fcfad20f1330f47ad8fbbd28c1d78960d60938b2f650b952dcntop versions 3.3.10 and below suffer from a basic authentication null pointer denial of service vulnerability.
aad3f03488f5dcebf8a3f95a8a2dd8fd1ea219bc8c5bf2382388fed6da94eb39Xenorate Media Player version 2.6.0.0 universal local buffer overflow exploit that creates a malicious .xpl file.
d75780a68b577482e7b62604eef55eb1dc7da13f2e3cfbbac8223080d7390562
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed