Mandriva Linux Security Advisory 2009-257 - Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. The updated packages have been patched to prevent this.
be48ee1c71c8dd6c4fb363c3fa58f5695a47fce884c18f36e0bc083481cc2dc9Mandriva Linux Security Advisory 2009-256 - The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. This update provides a fix for this vulnerability.
be11fbcb9ef4def25583c0f75c0c88ef8b0beb6701fbb030662859d60a81491cOzirion is an experimental Web browser allowing people and groups to improve their privacy on the Internet by hiding their IP address through a network of virtual tunnels. The current release of Ozirion relies on the Tor technology. It includes a built-in Tor server and provides the ability to choose or ban countries in order to use an IP address from a specific country. The Privoxy local proxy is used for better privacy. Ozirion is totally independent from the Tor and Privoxy projects.
1f25becce230f847e0bfac60b1f2f794c59cec27fa30b39d4433e6800f8648fcCore Security Technologies Advisory - Jetty includes several sample web applications for the developer to learn from. One of them sets cookies with user supplied data, and then dumps them as html. This application does not filter the user supplied data when outputting it to the visitor. This constitutes a persistent XSS vulnerability.
1d3bae9ebf67441bb0401c9b336fb07ca5494eb9dfaf93b0173ebe8ac5891188Dopewars version 1.5.12 is susceptible to a remote denial of service vulnerability.
aab85c14b9d4e987d213433c3c431ba26abe2139f6eadf90354976381447703fGeany version 0.18 local file overwrite exploit.
a7a3082a458cb9a5407ee29030388b9fd81db7ce126fa8d2139b4e3d1b97f6f9Ubuntu Security Notice 843-1 - It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter.
c2c0ceac2bfaa730751d6070ef9062181988c7dfb0462ca5d4e446751a8b3888Ubuntu Security Notice 842-1 - It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
b9dec6517e790c9e09c7a94658d37d6b784a845a1b7ece20faae1c0bbc910b8dPBBoard versions 2.0.2 and below suffer from a cross site scripting vulnerability.
95c37c9fb4e0b9c7045f88829faf82f2ec57cb56e5a9409608bef24cac0ea1c7AlleyCode version 2.21 suffers from a buffer overflow vulnerability.
ca6f6d211672dd97fad025c3e48f49ed2ac449e87a152508882788426f78f448adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
3a37358daeab1a76bec9bd382412c27c4a58a9178bb29625a0d36e0af929bf68AfterLogic WebMail Pro versions 4.7.10 and below suffer from a cross site scripting vulnerability.
5b1994da53626d4e2a6b91384df1675a20689db24f411e5514abf0bca364f3d3Secunia Security Advisory - A vulnerability has been reported in multiple Stonesoft Products, which can be exploited by malicious people to cause a DoS (Denial of Service).
8ad1ee3b71d5340c2c9c6c7841fde146c00323b0981d6acb4ac6801275c60d93Secunia Security Advisory - McAfee has acknowledged some vulnerabilities in McAfee Email and Web Security Appliance, which can be exploited by malicious people to cause a DoS (Denial of Service).
d6c65a8d5aa42aa37e58a22d3ef3f1d52e72dff32f45f835c79fd1066183308aSecunia Security Advisory - VenturoLab Team has reported a vulnerability in Linksys WRT54GC, which can be exploited by malicious people to conduct cross-site request forgery attacks.
4560ea20fceead7b187e4aff695db388ffdc04fbf40786eabc4892cd174c729dSecunia Security Advisory - Ubuntu has issued an update for glib. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data.
adcbb54373c894c87be21ab15952eae08ae82c815dc7737f82bd64c6dc9762f2Secunia Security Advisory - A security issue has been reported in GNOME GLib, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data.
2729fd9be44b7dbf5ae69e20b44e497b8cd68d67720c36f5751a656633767591Secunia Security Advisory - Some vulnerabilities have been reported in Hyperic HQ, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.
11a5bbad1fb6fe5cdd344f8c5f7345df7f3e4d4e2bb2c01d33b626e6e312aa0aSecunia Security Advisory - Debian has issued an update for elinks. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
92b6a149db8d6d43e2b3705b5d7ccdbf281b68be51a206cefea1814c781ca677Secunia Security Advisory - A vulnerability has been reported in FrontRange HEAT, which can be exploited by malicious people to conduct SQL injection attacks.
fa31823a83025312de0027040bb977ab02207507e4cc94695d720ca97177dd92Secunia Security Advisory - pyrokinesis has discovered a vulnerability in HP LoadRunner, which can be exploited by malicious people to compromise a user's system.
2e91b096dc6ae243f3bf45c55b9c8198abb2e803df4cb072ddc3480dd26c508eSecunia Security Advisory - kaMtiEz has reported a vulnerability in the CB Resume Builder component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
b9f8be73b0935663c1a1a8c8554cd0e41de2ff42bd0f03541e010b06e449f705Secunia Security Advisory - A vulnerability has been reported in Kolab Server, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system.
43cfe5e4a53a78e7a6520065323413c4f2f7148961b290dd76686826c1687e65The Joomla CB Resume Builder component suffers from a remote SQL injection vulnerability.
10d64c57cc0f40b3527ebe7d040725a1a25f43da7f771b9f750c62d3657e7e2fUbuntu Security Notice 841-1 - Arand Nash discovered that applications linked to GLib (e.g. Nautilus) did not correctly copy symlinks. If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information.
b17c57b39322b0668a28dff188e0f833a265e02c9fd772d12a1277c61008ab72
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed