Ubuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service.
43d50612434fbd4b8c923a8b6beac063Serenity Audio Player playlist buffer overflow exploit that creates a malicious .m3u file. Versions 3.2.3 and below are affected.
0d5ccd038d4d630629baef93f693c5e1phpBazar versions 2.1.1fix and below suffer from a remote SQL injection vulnerability.
489762af1f6fadc7f5eada367701202bThe Joomla Lyftenbloggie component version 1.0.4 suffers from a remote SQL injection vulnerability.
cb9da27b63591515c16b9f892ee1dd0aMandriva Linux Security Advisory 2009-304 - Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO. Additionally BIND has been upgraded to the latest point release or closest supported version by ISC.
c8fbf818bbf185917fccf79da8519a38Gentoo Linux Security Advisory 200911-6 - An input sanitation error in PEAR Net_Traceroute might allow remote attackers to execute arbitrary commands. Pasquale Imperato reported that the $host parameter to the traceroute() function in Traceroute.php is not properly sanitized before being passed to exec(). Versions less than 0.21.2 are affected.
55f456c6df96434e2cdfce9599d58ccdCacti versions 0.8.7e and below suffer from cross site scripting and privilege escalation vulnerabilities.
c9b52762868a585b0277459094ec071eDebian Linux Security Advisory 1940-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor.
b2fb41b3070c564c6d204476172d0ad2This Metasploit module exploits a format string overflow in the BolinTech Dream FTP Server version 1.02. Based on the exploit by SkyLined.
55e93a8c4908c4d63480497ce0fc8a2aSecunia Security Advisory - Gentoo has issued an update for PEAR-Net_Traceroute. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
141a53809bd87d66954ed25399db738dSecunia Security Advisory - A security issue has been discovered in RADIO istek scripti, which can be exploited by malicious people to disclose sensitive information.
e8937e686b7317a02444366b31d66ae3Secunia Security Advisory - A vulnerability has been discovered in the GCalendar component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
836039b4b8890ac1898d83d9d54f4061Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, some of which have unknown impact and others that can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service).
ee44a9d6aaa2b47c6cfaafbe96f94cb5Secunia Security Advisory - kaMtiEz has discovered a vulnerability in the LyftenBloggie component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
58122dba9470a1b1ffaf288857a01d42Secunia Security Advisory - A vulnerability and a weakness have been reported in DotNetNuke, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.
4a40d018bf71aa1bf11d1587c112ea0fSecunia Security Advisory - leinakesi has reported a vulnerability in XM Easy Personal FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service).
e1d1858e0569853d9cd04027d15b2a93Secunia Security Advisory - The Wee Free Men have discovered a vulnerability in Robo-FTP, which potentially can be exploited by malicious people to compromise a user's system.
e1d71c493fb0c0b5f9f3cb3b95418929Secunia Security Advisory - Gentoo has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
3f827bb76718776767dbe5609fc20698Secunia Security Advisory - Fedora has issued an update for php-pear-Net-Ping. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
4403405c6048c27e8b896032e200e4abSecunia Security Advisory - A security issue has been reported in Dstat, which can be exploited by malicious, local users to gain escalated privileges.
57f0838769358e02aac2e3b97787beceSecunia Security Advisory - A security issue has been reported in IBM DB2, which can potentially be exploited by malicious, local users to perform certain actions with escalated privileges.
f37011f422bffecb9030a831114ba2a4Secunia Security Advisory - Gentoo has issued an update for dstat. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
7f2470be61c4e8597a73fbf8caa7caadSecunia Security Advisory - Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
a82c58cb3699b6b547076e97aaaabf8aSecunia Security Advisory - HP has issued an update for OpenSSL in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
1bec7e9d647b3fd272c507b5259ca28bSecunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to poison the DNS cache.
d382c2e2c110e7b89c583a8c12235852
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed