Ubuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service.
4f878a13f8d4ca2752e08bf4d244d21c1e5497b18bc52847b8aad57c52a0fa41Serenity Audio Player playlist buffer overflow exploit that creates a malicious .m3u file. Versions 3.2.3 and below are affected.
f918524c4e76aabc077953fa6b99eb05d62683cf932d7b3baf8718d6318cbc8fphpBazar versions 2.1.1fix and below suffer from a remote SQL injection vulnerability.
35422732f65845cb7bf2789b9b8160ffac6c15103e8b735b2efaa45d2818649dThe Joomla Lyftenbloggie component version 1.0.4 suffers from a remote SQL injection vulnerability.
0d1c13f3288bfebcc21958d841b45d743f364fa08f868e81d5c54971b2e308e3Mandriva Linux Security Advisory 2009-304 - Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO. Additionally BIND has been upgraded to the latest point release or closest supported version by ISC.
9ef63a92ea5c656e10f978bda2eca00adcbcfdbdc739c460d980dce572fdbc55Gentoo Linux Security Advisory 200911-6 - An input sanitation error in PEAR Net_Traceroute might allow remote attackers to execute arbitrary commands. Pasquale Imperato reported that the $host parameter to the traceroute() function in Traceroute.php is not properly sanitized before being passed to exec(). Versions less than 0.21.2 are affected.
8ce60f2d4618c4b7ff715e710c9973f96f90ed1d960f93bcddeaf72ce767c1cdCacti versions 0.8.7e and below suffer from cross site scripting and privilege escalation vulnerabilities.
46b2f0621a038c9d1cf8f5e9339d33346bff4eee0f4af05ef47b5f6b44a3746aDebian Linux Security Advisory 1940-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor.
a5539a28cde8a1bb5d0403cbd15a3328e03796380d5dd7bb69921367844f4dacThis Metasploit module exploits a format string overflow in the BolinTech Dream FTP Server version 1.02. Based on the exploit by SkyLined.
63c84ac9c90cdd1cd404d2b1f022ad37deeeee6983215b7f45cdb61d9ec25e5dSecunia Security Advisory - Gentoo has issued an update for PEAR-Net_Traceroute. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
d30f4f1585cb0b600ecfe75305a6f06a2375bf8b896fa3464d290a13c8b71daeSecunia Security Advisory - A security issue has been discovered in RADIO istek scripti, which can be exploited by malicious people to disclose sensitive information.
f35b948343b05cd1ca1505c154442a9a8d15804ff356e2329998f769020afee7Secunia Security Advisory - A vulnerability has been discovered in the GCalendar component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
48ea3df1dfab97437fbda3d2c469c9ecc3aa410904b8cc1c468a2a5dd9b34114Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, some of which have unknown impact and others that can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service).
8a3bba3f6160f320a8d8a86c5c71c813da4700eb0877e5a509e9a1450aef6782Secunia Security Advisory - kaMtiEz has discovered a vulnerability in the LyftenBloggie component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
5ad1e51390ed8463dad0a68da7956f53721acae8e135f9227e3b8008839ec79cSecunia Security Advisory - A vulnerability and a weakness have been reported in DotNetNuke, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
20b113eefdc84675eedb668de690f2d3d65a1d412573d42aca5a724f91066a4dSecunia Security Advisory - leinakesi has reported a vulnerability in XM Easy Personal FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service).
a981521278e3b86255ff756fa2e5ac0dfc9f827174177e2390df2564eacf2de2Secunia Security Advisory - The Wee Free Men have discovered a vulnerability in Robo-FTP, which potentially can be exploited by malicious people to compromise a user's system.
1848de9e1fedea10074629f9296c114930911e7df3374d70928ea06762f95650Secunia Security Advisory - Gentoo has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
365f9d0d4c52d3da68f23a3aca7c78117f27f6550dd84ff91c49af191b705a13Secunia Security Advisory - Fedora has issued an update for php-pear-Net-Ping. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
68e53e54334079cade8a92f890a9c6481ecb03b0096235a9f8124b2e10447800Secunia Security Advisory - A security issue has been reported in Dstat, which can be exploited by malicious, local users to gain escalated privileges.
70389e5f06bebb93839c65f25341a9347875eaea50ebed59e04f10b3f0a1b787Secunia Security Advisory - A security issue has been reported in IBM DB2, which can potentially be exploited by malicious, local users to perform certain actions with escalated privileges.
840f284109ba42b50e50fcdcd6f2077ef4ad9de6c3da96c80cfeb63e71b119bfSecunia Security Advisory - Gentoo has issued an update for dstat. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
b3b04633fda8c11494463765a8d437155818aed7e45d01e84b8e85b72593b80bSecunia Security Advisory - Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
f7708eed7e3527ff40cbdcb03d6b8f8983c7b9081b2db6a6457835c0232c077bSecunia Security Advisory - HP has issued an update for OpenSSL in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
72349c40c3693a684298071545c0ad94deb4d90b90cefe23c76215e7c2be3908Secunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to poison the DNS cache.
3aa3884576efd33f1cc6e7dafb153230240df48fd8f1cfe16f6dc5539c3ec2da
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed