OpenPKG Security Advisory OpenPKG-SA-2006.009 - According to a vendor bug report [0], a buffer overflow in "libbfd" of GNU Binutils [1], as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
4e228c7335b4bb680bd81837a45a3be2d02c522caf410378669c62a3ddf8abdfMandriva Linux Security Advisory MDKSA-2006-092: An unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3.
272f837a769d4568ff3a5c2bc643ecc2e1daedfd39456ef43f4c89bad2aeaa78Debian Security Advisory 1079-1: Several vulnerabilities have been discovered in MySQL, a popular SQL database.
860b41d7785394158809348ab62002f84f0aedf0636beda1c8d18b4138f0b854Debian Security Advisory 1078-1: Andrey Kiselev discovered a problem in the TIFF library that may allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values to crash the library and hence the surrounding application.
7a6d99eb0359d15d77ab433b391e7a31d1e06e4db08cb5d53855ad718e3c79ffDebian Security Advisory 1077-1: Michael Zalewski discovered that lynx, the popular text-mode WWW Browser, is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML. The same code is present in lynx-ssl.
4ccbb0226a47aa74d61576733444cb233439312abfd43ed8d0853fe7cff8b90bDebian Security Advisory 1076-1: Michal Zalewski discovered that lynx, the popular text-mode WWW Browser, is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML.
219718ec04d7b2dab6f92879428c758f8092a0e2edd929ea53cc2cd6d00c7eb7Debian Security Advisory 1075-1: Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidently, it was not fixed yet.
88cf5acf3b8e1e9efe8730579c1c91d27616a1fe36699c1960664b09e81dcf93Pretty Guestbook v1 suffers from XSS in view.php
f07f3f02c78b7383cedef740f51ac07e9ba8031ba638a917030356e040329bb2BuHa Security-Advisory #13 - Memory Corruption Vulnerability in Internet Explorer: <mshtml.dll>#7d519030
cca125b5b8284368bb98332937a952f3a5250f601865b614f12fe1d1c4173de5BuHa Security-Advisory #12 - Denial of Service bug in Internet Explorer: <mshtml.dll>#7d6d2db
3937f7d6f2244af02292778fa73fa73947cac6a88d4350675a084c1c48b24389V-Webmail 1.6.4 suffers from a remote file inclusion vulnerability.
2fe933d5ce79a0383b793f795ba79493400b6b896764106686f0ede16723855cDocebo LMS 2.05 suffers from a remote file inclusion vulnerability.
4fd03771dd7ffd588c5319b2efe27f26fe51697d032fa7df2c325c5dc2e1a2bcTikiwiki 1.9.x suffers from multiple XSS vulnerabilities.
264ce24505d5ad6a1ee2221743e2fc046e44eca7525e4458100060b10fa73c4bmy Web Server versions less than 1.0 denial of service exploit.
921cfa55377aaf3935dd7fa871e62330545920453430dfe85471315e317449c2Vacation Rental Script v1.0 suffers from XSS
d103ee0fb58d48f0198eea395363192537f1de6d9e4dc8994e7f136a0b0e7dcbSocketmail versions less than or equal to 2.2.6 suffer from a remote file inclusion vulnerability.
ab8307d878a31a8963e9c067d6de6c745e0b75833fd240797df7675d40810d2fqjForum suffers from a SQL injection vulnerability in member.asp
e3f47455d05f52f61928e604f0ca07acf8c7b8532aafec1fe6fb7657fc2fda73phpjobboard allows anyone to edit or add a new job by bypassing the administration login.
69bc1077942e4af8d3a3ef699091f328f215a40e7e2bfb721a6319edd7d82e1aToast Forums 1.6.44 suffers from XSS
db2e749edb4e0019d49232ad8c1f0fec40953b60acb35bb7d455f2b5987ed0c8Tamber Forum versions less than or equal to 1.9.13 suffer from multiple SQL injection vulnerabilities.
fb296d26937f250ef67ea65c1d325e7d8dba39a2b8843f170df6ae0f589efd69Monster Top List | MTL 1.4 suffers from XSS
d7a99c7ba6ccc2d188ac173f2497b4cf4b2d7e1fe0f814ffc041d0009900bdd6Super Link Exchange Script v1.0 suffers from SQL injection, XSS, and directory transversal vulnerabilities.
462f84533ca58711cff2583ea9793dcd2b846813e7795a01dab32aea14d66becPHPSimple Choose v0.3 suffers from XSS and html injection vulnerabilities.
8f831d2b423aa8c7415c601a52d2dcdf2781fdaf82ac8fbeea8be40c95fb6f1ciBoutique.MALL suffers from a directory transversal vulnerability in the function variable.
92b0ab4edd89a65210653f7ef0ea1298941cec300b13fb91f26cd3d85c690428Seditio suffers from a XSS vulnerability.
72c1522211405e3d9e9484e081625db4f094c77b54633c0321f583a02f14113f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed