HP Security Bulletin HPSBUX02608 SSRT100333 2 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. Revision 2 of this advisory.
8eece32cf8d4c7962e639b291a8349a0Sielco Sistemi Winlog versions 2.07.00 and below suffer from a stack overflow vulnerability.
fd15be8690f40b824ec26215e48d42a3Alguest version 1.1c-patched suffers from a remote SQL injection vulnerability.
7c036e7846f5e32926f7a2edab5eac87Debian Linux Security Advisory 2143-1 - Several vulnerabilities have been discovered in the MySQL database server.
190b1586ae0725ffb7c7de007fc74f13Mandriva Linux Security Advisory 2011-009 - Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png. Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to cause a denial of service (application crash) or have unspecified other impact via a GIF file that contains many images, leading to long extensions such as.p100 for PNG output files, as demonstrated by a CGI program that launches gif2png, a different vulnerability than CVE-2009-5018.
d3e60d005b03aaa97579f20e42a1b48dMandriva Linux Security Advisory 2011-008 - Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.
b7d7c18882351e92ba9195d839592af5Mandriva Linux Security Advisory 2011-007 - Buffer overflow in the MAC-LTE dissector in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of RARs. The updated packages have been upgraded to the latest version which is not affected by this issue.
da23e42d38bc494560f636ae0090873fMandriva Linux Security Advisory 2011-006 - The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
21f68cfded4bb3660d0d738cd1483079Objectivity/DB includes many different tools for administration. The problem is, anyone can use these tools to perform operations on the host running the lock server, advanced multithreaded server, and probably it's other servers as well, without any authentication. This design flaw puts the host running these servers at risk of potentially unauthorized operations being performed on the system, locally or remotely. This exploit demonstrates this issue and was tested on Objectivity/DB 10 running on Windows.
b3a1c91160229b1a6518a12d9b050459Joomla People component version 1.0.0 suffers from a remote SQL injection vulnerability.
ae3a083eb30b5c9ae00492154c410d3eICQ 7 does not check the identity of the update server or the authenticity of the updates that it downloads through its automatic update mechanism. By impersonating the update server (think DNS spoofing), an attacker can act as an update server of its own and deliver arbitrary files that are executed on the next launch of the ICQ client. Since ICQ is automatically launched right after booting Windows by default and it checks for updates on every start, it can be attacked very reliably.Proof of concept code included.
800c022bdc9d8cf1f3d850bdd9aaf7cdBlackmoon FTP version 3.1 build 1735,1736 denial of service exploit.
91d06b7cc606a36b669c148d1e27793dPHP Dompdf File suffers from a remote file inclusion vulnerability.
c708d88494f009faddfd156f4ed4deddWhitepaper called Session Hijacking Basics.
4f9d1dc616b049a5b82564cd89077ac7Secunia Security Advisory - Two vulnerabilities have been reported in Mosets Tree component for Joomla!, which can be exploited by malicious users to bypass certain security restrictions.
9d2ea4a3ba6c700de8a99af7fc5d5e4bSecunia Security Advisory - Debian has issued an update for mysql-dfsg-5.0. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
13dbe3a3070a68a744f3c4f742ab9641Secunia Security Advisory - Two vulnerabilities have been reported in Sybase EAServer, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions.
4ee5731dfc07098311240cc31d881743Secunia Security Advisory - Red Hat has issued an update for gcc. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
9cbbd000db387563c2f8fc7fec2c06c4glfusion CMS version 1.2.1 suffers from a stored cross site scripting vulnerability.
236cf3a2b70166ea6972316935790722Secunia Security Advisory - Fedora has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
0af1c9503d28a8b199152e817f387e01Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Winlog Pro, which can be exploited by malicious people to compromise a vulnerable system.
d532f4a88c601699ab1827b2a6f123daSecunia Security Advisory - Fedora has issued an update for pcsc-lite. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
eddcd50933a222fa78ebc61c374924a4Secunia Security Advisory - Fedora has issued an update for Django. This fixes two security issues, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).
39f828180fb0fac70d3121c8b910e38cSecunia Security Advisory - A security issue has been reported in Objectivity/DB, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
7b9ba71c08dcfbc621c7ae3e4326aae5Secunia Security Advisory - Two vulnerabilities have been reported in the NVIDIA CUDA Toolkit Developer Drivers for Linux, which can be exploited by malicious, local users to disclose potentially sensitive information.
3a50d75333564445c385ec7061935235
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed