A vulnerability in versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured.
f4b129b457b402f8fe7136fcc31d2b398212b4e009abebc6478cb32c7649e9e9Multiple security problems were fixed in PostgreSQL 8.1.3.
149b68c33bae1ccb9882f6bb0ae5bee0d3f0db5c2e009239c51d58c503d9a394A bug in Mirabiliz ICQ could allow an attacker to trick users into executing files inside an uploaded directory.
10228c07178e00f18f25f0c83f9b4267a5e75001f5907b2cb5739f6183a36609CYBSEC S.A. Pre-Advisory - Phishing Vector in SAP BC (Business Connector)
38427b713375493d62502bf8a2ad755a64cdfbd6cddd57837ab27a3786d3835bCYBSEC S.A Pre-Advisory - Arbitrary File Read/Delete in SAP BC (Business Connector)
e48e2421d15b01e38e4bf6a4383cf00fbc0283589a16f72c470b94c15e0db169Fedora Legacy Update Advisory - Updated Apache httpd packages that correct three security issues are now available.
a69b6dc10322e845044b15e0f381ea47ba9bf02a6ea37d3cf8a0cc69a42bdfd1Fedora Legacy Update Advisory - Updated openssh packages fix security issues.
c756750f6f72b44cea9d2dc0e01aa41b88c37d744c47b6af4bd1874c0850f26eFedora Legacy Update Advisory - Updated squid package fixes security issues
5ad1a6b35111bf69307d0137f87edd4ccc519ef768f24e62b0e2ff42c237235bOpenPKG Security Advisory - Ulrich Drepper discovered [0] a weakness in OpenSSH [1] version 4.2p1 and earlier, caused due to the insecure use of the system(3) function in scp(1) when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp(1).
ee13382478b98d5e9881b80b1408c8c48aeeed9bf2b32c680e97029ede7b0f16OpenPKG Security Advisory - According to a vendor bug report [0], an incomplete blacklist vulnerability exists in the Sudo [1] utility which can lead to a privilege escalation. The vulnerability exists in Sudo 1.6.8 and earlier and allows local users to gain privileges via the "SHELLOPTS" and "PS4" environment variables before executing a shell script on behalf of another user.
28de1fcf53a0e1381e1d99865c44e5a080b319b72148122d44c1a342dd7d770cOpenPKG Security Advisory - According to a vendor security advisory [0] based on hints from the Gentoo project, a false positive signature verification bug exists in the GnuPG [1] security tool when unattended signature verification (e.g. by scripts and mail programs) is performed via "gpgv" or "gpg --verify".
030d5186472ca2cf801586a6e775ee3dc225f67896549cd95db4fe648c5a120cMandriva Linux Security Advisory - Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file.
44d7a8979e68fd33adaed91abd8253c2690295581d59c1ae97761699eff92164Mandriva Linux Security Advisory - Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.
743d04b2a7e12107364aac1661ac40034fb785e6547fe9be74a5daaf35f7437dMandriva Linux Security Advisory - Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
9179d8c07b5785da86fb2ee9478380f48c015e92720ca46bd638335bcfd909b0Mandriva Linux Security Advisory - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
0625be009bc7a0dc8e3cd217cdc1e5b248ace316664750db0d0c561fa1c48678Ubuntu Security Notice USN-253-1 - A remote Denial of Service vulnerability was discovered in the heimdal implementation of the telnet daemon. A remote attacker could force the server to crash due to a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast.
f709c2b5400710d731c3b8735b6afeec0940fcd00b9b3d760610dfd2a9140030Ubuntu Security Notice USN-252-1 - Tavis Ormandy discovered a potential weakness in the signature verification of gnupg. gpgv and gpg --verify returned a successful exit code even if the checked file did not have any signature at all. The recommended way of checking the result is to evaluate the status messages, but some third party applications might just check the exit code for determining whether or not a signature is valid. These applications could be tricked into erroneously reporting a valid signature.
d3c1a9360cb47ce36438718ec628347bab4744c51a7e70b6c60c81571abf7712Debian Security Advisory DSA 979-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content.
030d75aadac96f0c9268153216a66ead1e5a5e6e611784367b477e694aaae10fDebian Security Advisory DSA 978-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, verifies external signatures of files successfully even though they don't contain a signature at all.
1786989a0bddd559cd039639bb948e883343009810bc468a7dc56c0c2fc417f7TZO-062006-SafenSec - Insecure File execution and Auto-startup
d74e41285a6e36ab1423145edffb11a10cf1d1c911e75311f125375c6e4e6021Gentoo Linux Security Advisory GLSA 200602-10 - Tavis Ormandy of the Gentoo Linux Security Auditing Team discovered that automated systems relying on the return code of GnuPG or gpgv to authenticate digital signatures may be misled by malformed signatures. GnuPG documentation states that a return code of zero (0) indicates success, however gpg and gpgv may also return zero if no signature data was found in a detached signature file. Versions less than 1.4.2.1 are affected.
a4188a11a5bc0b714c163a0dfef29a9e2bd9905347dbd41d929d5ca23e15972dSecunia Security Advisory - Secunia Research has discovered a vulnerability in NJStar Word Processor, which can be exploited by malicious people to compromise a user's system.
0473116fe1f17f868babf83b9b3029a0dfa2b7708439a6457f7ca3987e1cfed1Secunia Security Advisory - James Bercegay has reported some vulnerabilities in Geeklog, which can be exploited by malicious people to conduct SQL injection attacks, disclose potentially sensitive information and potentially to compromise a vulnerable system.
b3d46b13a5e1d1a01107dfcf1f29df4b19bece576afea9babe277d8b897e7087Secunia Security Advisory - James Bercegay has reported some vulnerabilities in ADOdb, which can be exploited by malicious people to conduct cross-site scripting attacks.
e0b9a87da4d7735a0f0c81fb90908d397cd331953c6374df141f0e881eb049ceSecunia Security Advisory - x128 has discovered a vulnerability in BXCP, which can be exploited by malicious people to conduct SQL injection attacks.
534cc043c0cd15a5103f3b96ea0e2cd6762bb9fadf23759fbd5e5662134d2e1f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed