HP Security Bulletin HPSBUX02608 SSRT100333 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.
33d41ce683d2244b9cb2ed8bc782c9c762848f2ce03638f2d726f4593e82eabeSielco Sistemi Winlog versions 2.07.00 and below suffer from a stack overflow vulnerability.
d94010aa6fc723c13bd86c84eb622d7260847f34750e323b8ea30ff2b09cc02eAlguest version 1.1c-patched suffers from a remote SQL injection vulnerability.
74e5612ef1e3a3fcde68e11c4ca0783489410e5644105238488d6626356aed4cDebian Linux Security Advisory 2143-1 - Several vulnerabilities have been discovered in the MySQL database server.
2158a59bdea1b08c78875d4e873f56c5c1d87943faee4872b3536d775cff91c6Mandriva Linux Security Advisory 2011-009 - Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as.p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
76e0bcc1c9ba81bbf81706d454d9420f4d4853d0b97080829654f06c6930215aMandriva Linux Security Advisory 2011-008 - Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
80c2ca4ea49a771bb231a4b2b6e38e246ffca3cc9eb051954b48ef5c808fd0fdMandriva Linux Security Advisory 2011-007 - Buffer overflow in the MAC-LTE dissector in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of RARs. The updated packages have been upgraded to the latest version which is not affected by this issue.
d6555124941bcfbee1373e244767eaccf37588cac85e2d2e2e018011ebf469c9Mandriva Linux Security Advisory 2011-006 - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
699e68d94b0bf5e8d293adb4aa1e03c377f9ff173336de2f1ecaf57f72aa5c02Objectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely. This exploit demonstrates this issue and was tested on Objectivity/DB 10 running on Windows.
e70ea4466739e596a06c0f314f33e2954e9ab0e032242029fe9f8ed5bb3c90b8Joomla People component version 1.0.0 suffers from a remote SQL injection vulnerability.
23697dd7b00593a0a1c80d8fd8349ed03a6940e61d1851e000e29a65e0b8968eICQ 7 does not check the identity of the update server or the authenticity of the updates that it downloads through its automatic update mechanism. By impersonating the update server (think DNS spoofing), an attacker can act as an update server of its own and deliver arbitrary files that are executed on the next launch of the ICQ client. Since ICQ is automatically launched right after booting Windows by default and it checks for updates on every start, it can be attacked very reliably.Proof of concept code included.
04f110048b2b3c991e27e6d5e6a6d9b83938b41ab60b12fc8ec01f2728817316Blackmoon FTP version 3.1 build 1735,1736 denial of service exploit.
4e22f5c1a35e7774bca49073d10bb43c062118b3ae4d95dd0cd1e2380c0a9189PHP Dompdf File suffers from a remote file inclusion vulnerability.
97507fa21f019aa2dbbca49fd9a22d4af24728e86af3d91ecfab9fcf19d05b3aWhitepaper called Session Hijacking Basics.
c10ac5549eb8d9b59dd9e96602ae6fea7e357736816f2e636a019f9594454533Secunia Security Advisory - Two vulnerabilities have been reported in Mosets Tree component for Joomla!, which can be exploited by malicious users to bypass certain security restrictions.
be0e22f95fac7352f2c5b554e307aff5cec1ee3b0b0b0ebcca8b474d4fb69314Secunia Security Advisory - Debian has issued an update for mysql-dfsg-5.0. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
781e313b6a59132e7080a257bd5838adc686226f1b61fb42ebe40a3db3b22324Secunia Security Advisory - Two vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
9a26bfd0f80dd43ffd12dfa1eaf6744c9b6661797f8b3f48069e2e5036f59308Secunia Security Advisory - Red Hat has issued an update for gcc. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
02a99c9bb7768caecca07294cfc5f9f4b273498fae5a0ad8a3437040ceef9e6dglfusion CMS version 1.2.1 suffers from a stored cross site scripting vulnerability.
7a3e610c9d58ff611844e59f6bd52516278164a8d1fc59bf3d06bec32059c272Secunia Security Advisory - Fedora has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
f67fb313fb5cd36a190c62350dd77c04b1c214091dc3f886d538c8ce03867a5aSecunia Security Advisory - Luigi Auriemma has reported a vulnerability in Winlog Pro, which can be exploited by malicious people to compromise a vulnerable system.
18f0ee12f5c57f7f65a1b6c03f9c8f4e515ad3a6ee5bb5855a4ba5c3bc0e1ac2Secunia Security Advisory - Fedora has issued an update for pcsc-lite. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
00b241f2e3e5711123fa717a05164b1c7d30f2fd241d7e78567ece71a42f0861Secunia Security Advisory - Fedora has issued an update for Django. This fixes two security issues, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).
c0498dc12aaf70ff9b31c01c365d44012c626ac7c4ef7733bc302694ee3ff77cSecunia Security Advisory - A security issue has been reported in Objectivity/DB, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
84a17025d6619a898a9db498d14d6103713736c63536b5f9ba18ea6ab893843fSecunia Security Advisory - Two vulnerabilities have been reported in the NVIDIA CUDA Toolkit Developer Drivers for Linux, which can be exploited by malicious, local users to disclose potentially sensitive information.
d191f389cdd062226919868891e2831f8f59b629ddb4e32f7f713e4c062ab420
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed