It appears that manipulation of file descriptors via /proc can circumvent permissions on parent directories of the file.
1154b08bf5a16a661c449cdcc6299271c9f319623fdee15cd66341aec640f300HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite.
62cfcd445dd3a0cdbbbf4799a5537b3b34fd9cac42db9999e84fe88b1fb68bacHP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.
917f5771b1ecaed534503ff6b3384773b7597e104b42f7ed74b05115d49f2b09Pegasus Mail Client version 4.51 suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.
1dbf648aa73fbc29abc9c44b1c7a86bd17ea343df12397c7dad7c627890324aeEureka Mail Client version 2.2q suffers from a remote buffer overflow vulnerability. Proof of concept denial of service code included.
a02d6270bac17874219ce98888b43ed15519fc06b9faa37202420af469d20643Ubuntu Security Notice 850-2 - USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files. This update fixes the problem. It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
2cf3d8acd59c9223beedc1f2cefbcb79dea982230a631fe717af3cb4e1cb518fGentoo Linux Security Advisory 200910-2 - Multiple vulnerabilities have been discovered in Pidgin, leading to the remote execution of arbitrary code, unauthorized information disclosure, or Denial of Service. Versions less than 2.5.9-r1 are affected.
e779f111b1348b505f287d3b122922b47e53deed021d9b1d7f32a5e7bd682180Facebook has an open redirector. It may be by design and the debate goes on about the use of these, but it is there nonetheless.
db51d70b54bb5d278b5727dbf8ae1a555bb2b9fcdf42a7a83c9160f9c40f7993Avast! Professional and Home Editions suffer from local privilege escalation and denial of service vulnerabilities.
145e8181194fe1f5d54f9f1c10b449dbfebded667d0c2c0ee5c02c0b5ceed552Mandriva Linux Security Advisory 2009-287 - Integer overflows and memory allocation issues that could result in a denial of service or code execution via xpdf have been resolved.
80c75bcffe938ef51c3cc7bd64b8ca3f8e8d9e264e1804fcd8c23a453cc6e0ffnginx versions 0.7.0 through 0.7.61, 0.6.0 through 0.6.38, 0.5.0 through 0.5.37, and 0.4.0 through 0.4.14 suffer from a remote null pointer dereferencing vulnerability. Proof of concept code included.
23e0b19545c8a86cffa3f0faeb5311be3b43dc3c60a2228899c989f955e3ede4The Joomla Photo Blog component versions Alpha 3 and Alpha 3a suffer from a remote SQL injection vulnerability.
31e1831e0ef10ba30ab61f94350b6dc3c14bd9b36e30f41d8b77e7852b156cc6The Joomla JShop component suffers from a remote SQL injection vulnerability.
1e1df95f53974d9f0638bd22917f5b3bce1f7e2efa6defecbbb975c845e68f93GPG4Win GNU Privacy Assistant proof of concept crash exploit.
f45b73a43afd05c08a9cdd42903ee4e5aeef56c90200b4f4a4cff7479f86bd21Mongoose Web Server versions 2.8.0 and below suffer from a remote source disclosure vulnerability.
de42bbe8b5418e0b3955394314e14cebeac3228c3c1732eff9a9fa188d93929aThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
671fc9e9e240bd4431760c018fdb3a0dae96313e552ddfd51b265831013cefddDebian Linux Security Advisory 1915-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.
72ec2c6b93f4e6a3b1581e7dbde77e9bad2bee376ee815891a5a2fbab78e59a1Debian Linux Security Advisory 1914-1 - Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications.
ded0d4e6ff1bc532cdc4d2b26825c355c570bc6d5135f5147f13122b5de0f0d5Snort versions 2.8.5 and below suffer from an IPv6 related remote denial of service vulnerability.
fd81c9b1d14a60efa89b76dcfcfe0341d942a1d56a015464c5556527962cc83aThe Call For Papers for the Conference on Cyber Conflict has been announced. It will take place June 15th through the 18th, 2010 in Tallin, Estonia.
6bec42bab599fc4a789960015b0911b0743ff7fb1375e83afecc9eb53195380bUbuntu Security Notice 852-1 - A large amount of vulnerabilities in the Linux 2.6.15 kernel have been addressed.
e49b64e7e735abea730fc3d8d2eb17713aaa33fcc5c172954e43bb3b8e41aa33This whitepaper is called Attacking Magstripe Gift Cards. It is based on research conducted on a large number of UK gift cards. The paper also provides a series of guidelines and tips for developers and systems architects who are involved in the process of implementing their own gift card technology.
e1042460007fc647cda1299c7fadd72f83df07ca8b4a49cf309e5009f1a5993bBoth the Poppler and Xpdf projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in unexpected process termination. If an application using this code is multi-threaded (or uses a crash signal handler), it may be possible to execute arbitrary code. Poppler versions below 0.12.1 are affected. Xpdf versions below 3.02p14 are affected.
aafbc29fb69700ddfede45739b89f53ecdd9feddad2b8b638abff600d022e08bTwonkyMedia Server versions 4.4.17 and below and 5.0.65 and below suffer from multiple cross site scripting vulnerabilities.
b29607bfdc755fb015da169165ecd5370a7778e308e248f7ed2a9897ca7a2cf6Secunia Security Advisory - A vulnerability has been reported in the FileField module for Drupal. This can be exploited by malicious users to bypass certain security restrictions.
ee07bd23f643396b869cb55f92ffdada11ed108776553a1490c13f6c94d51868
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed