iDEFENSE Security Advisory 11.15.05 - The Microsoft Windows API includes the CreateProcess() function as a means to create a new process and it's primary thread. CreateProcessAsUser() is similar but allows for the process to be run in the security context of a particular user.
1289dfa440366d67d45c72d716be67b8b1c2b302380404923caf3d7fb037ddf8iDEFENSE Security Advisory 11.15.05 - Remote exploitation of heap overflow vulnerability in various vendors' implementations of the GTK+ gdk-pixbuf XPM image rendering library could allow for arbitrary code execution. iDEFENSE has confirmed the existence of this vulnerability in gtk+ 2.4.0 compiled from source. It is suspected that previous versions are also affected by this vulnerability.
9a1e17f88fa6218b97ce0ae4ed138dc184c63e9e937e052785cc119ca6a574caA serious security vulnerability have been found in authentication system of Belkin Wireless Routers. The vulnerability has been confirmed in Belkin Wireless Routers models F5D7232-4 and F5D7230-4 with latest firmware 4.05.03 and with firmware 4.03.03. Previous firmware versions are also likely to be effected. Other Belkin wireless devices are likely to be vulnerable.
98f635054633bca917f22e9458132c65582acf61c13b8d3338113d4c51434170SCO Security Advisory - A vulnerability has been found in OpenSSL which potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.
bdc10ddc12e02eb7b618303927e2aede4194e4f2011bac78505358a0fc1988aaAffiliate Network Pro version 7.2 suffers from SQL injection, code execution, and cross site scripting flaws.
b68e33f43a3e04ebcaa708511893cd0724696a199e0423be9e92141c50125a03PHPNuke version 7.8 is susceptible to SQL injection attacks. Exploitation details provided.
21b8d150f83a85c6b7a830edacbb89dc5a9a8dae43863c11ad091c4d36771c70Gentoo Linux Security Advisory GLSA 200511-13 - Colin Leroy reported buffer overflow vulnerabilities in Sylpheed and Sylpheed-Claws. The LDIF importer uses a fixed length buffer to store data of variable length. Two similar problems exist also in the Mutt and Pine addressbook importers of Sylpheed-Claws. Versions less than 2.0.4 are affected.
9ddef99fc01945b88dfcd367cb4e132bfd1a2ac4a6ac3afa7b9a0caa61268a2fGentoo Linux Security Advisory GLSA 200511-12 - Luigi Auriemma discovered multiple flaws in the Scorched 3D game server, including a format string vulnerability and several buffer overflows. Versions less than or equal to 39.1 are affected.
01747ab61553e3346d3162fde37cda91d487778d4345cc2d612405155307ae3fphpMyAdmin is susceptible to HTTP response splitting and path disclosure flaws.
276bb54ac4016a353496481ef1ad8f22a98807ff7fb2fbe6ed62b6a6ade94f06phpAdsNew and phpPgAds versions 2.0.6 and below suffer from SQL injection, HTTP response splitting, and path disclosure flaws.
cc54c367b1dd5d4187fc18555121f8a95684f16cc6b4251c7e091c02aad54394Debian Security Advisory DSA 897-1 - Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application.
e45a4727d0dbabf891df3473359c64c7b6c1e5efeff94f588a45e498240caa09Debian Security Advisory DSA 896-1 - A buffer overflow has been discovered in ftpd-ssl, a simple BSD FTP server with SSL encryption support, that could lead to the execution of arbitrary code.
9eadfcd782ddd17713c708e3399d6d772bfd32759c34cca4b085e9dc470273f6Certain antivirus software is unable to scan files marked by Windows in a special way.
fc08ddde0fe5f7f43871d30274ebb49d3376e857109ddc598756e8f95a2df73ePHPWCMS 1.2.5-DEV is susceptible to multiple cross site scripting and directory traversal attacks. Exploit details provided.
03939668efd23b836d4ebf352a7ce435dcca79d5e8e8db44df52321906754b46Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Winmail Server, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks, and overwrite arbitrary files.
20c83331ea5fa4613eb4e2541dccdf8fd0d1d695c7aeacfe876c04acb0d5529cSecunia Security Advisory - Some vulnerabilities have been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. 1) An integer overflow error in /gtk+/gdk-pixbuf/io-xpm.c when processing XPM files can be exploited to cause a heap-based buffer overflow. This may be exploited to execute arbitrary code when a specially crafted XPM file is opened in an application that is linked with the library. This may be related to vulnerability #2 in: SA12542 2) An error in /gtk+/gdk-pixbuf/io-xpm.c can cause an infinite loop when processing a XPM file with a large number of colours. This can be exploited to cause an application linked with the library to stop responding when a malicious XPM file is opened. 3) An integer overflow error exists in /gtk+/gdk-pixbuf/io-xpm.c when performing calculations using the height, width and colours of a XPM file. This may be exploited to execute arbitrary code or to crash an application that is linked with the library when a malicious XPM file is opened.
284d9c0ad71f7be1eabec56dee3c82c1a8a1c92bde64455b7cd12dc3c98dfc64Secunia Security Advisory - Red Hat has issued an update for gdk-pixbuf. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17522
936839687806bd66bef61e8ba80e52c9c72ab12a8013c4712e3ff194196ecbf5Secunia Security Advisory - sp3x has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the query parameter when performing a search isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been confirmed in version 7.8. Other versions may also be affected.
3993cad7d84f7bc89a7c4e923ce3b31452141da928a0a44ec2d49a0e6c7024edSecunia Security Advisory - Rafi Nahum and Pokerface have reported a vulnerability in Walla TeleSite, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to various parameters in ts.exe isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability has been reported in version 3.0 and prior. Other versions may also be affected. Note: It is possible to enumerate webpages by manipulating the numeric value that is passed to the tsurl parameter. In addition, it is also possible to detect the presence of local files by providing their full pathnames to ts.exe and observing the error messages.
2e7e5be7090c1e60bea289ec76cc8e40c0f41f838d411efb0560608600965198Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
9aaf148ed6e7d2493f3f52c96746a22acb8f4794bc6f91daaf5e2fd3d77b3e4fSecunia Security Advisory - Some vulnerabilities have been reported in PHP GEN, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
5811958d3dda1165f15ed6bc92fb401aa39d1f2172ed92f1ae3ff669de0cfe50Secunia Security Advisory - Ubuntu has issued an update for gtk2-engines-pixbuf / libgdk-pixbuf2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. For more information: SA17522
1dab73d07cdd0c861122b8c738e29a6907faec9e31f45a7a132abcb29552ce68Secunia Security Advisory - A vulnerability has been reported in PEAR, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a design error in the PEAR installer. This can be exploited by a package that is installed using the PEAR installer to execute arbitrary PHP code when the pear command is executed or the Web/Gtk frontend is loaded. Successful exploitation requires that the user has installed a malicious package using the PEAR installer, or installed a package that depends on a malicious package. The vulnerability has been reported in version 1.4.2 and prior.
64857895c4183a2a8fcf130b2a1c67d4f78aa65bf10a86596ab30510fa21eb04Secunia Security Advisory - Claudio Sverx has discovered a weakness in Internet Explorer, which can be exploited by malicious people to trick users into visiting a malicious website by obfuscating URLs displayed in the status bar. The problem is that the browser fails to show the correct URL in the status bar if an image control has been enclosed in a hyperlink and uses a form to specify the destination URL. This may cause a user to follow a link to a seemingly trusted website when in fact the browser opens a malicious website. This weakness is a variant of: SA13156 Example: The weakness has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.
fd820c69e1e10faa546c4bf1697f7f7ff2de1eadf49e8b11d861fa83d3d2cb29Secunia Security Advisory - Multiple vulnerabilities have been reported in phpGroupWare, which potentially can be exploited by malicious people to conduct cross-site scripting attacks and manipulate certain information.
e1df08ad1c2fa78044cb9262d294bd9c74a87548c15203c7c5b181ddab42084c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed