Gentoo Linux Security Advisory GLSA 200606-01 - SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buffer overflow to execute arbitrary code because of the very large amount memory that has to be copied. Versions less than 8.54 are affected.
64302d11bd4e4c3d1c80d7083cdceb788f3b773d686433443bbe2bb8296ad21aGentoo Linux Security Advisory GLSA 200606-08 - rgod discovered that WordPress insufficiently checks the format of cached username data. Versions less than 2.0.3 are affected.
41d2e410a1dd1a79f44f9970d33cfdf5c3f27fe00dd35698221d6da902fd8963Gentoo Linux Security Advisory GLSA 200606-07 - Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid() in do_command.c fails due to a user exceeding assigned resource limits. Versions less than 4.1-r9 are affected.
08f1ab55b1098347b15f0fac06486462d349b590b805b7aafbf82763035ec0e7Mandriva Linux Security Advisory MDKSA-2006-098: PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
72e10c81a5cd123278fd9215d83709106a3e9428320c85218c591158b0992092Mandriva Linux Security Advisory MDKSA-2006-097: SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
f086c8f04e1ca9777203babe1b5b2fff630064bdf27c35a097720601ad7cbb99Mandriva Linux Security Advisory MDKSA-2006-096: A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname.
4cfece0cdbbde6d543e012f5bb8e8d20d5a311057d6d9dd3e01111358aa7b5a0Mandriva Linux Security Advisory MDKSA-2006-095: A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename.
0343f3b420c0ec45d47b8a592d88bec30011c8dbd89cdcaf0bf916d2d7846250Debian Security Advisory 1090-1: A vulnerability has been discovered in SpamAssassin, a Perl-based spam filter using text analysis, that can allow remote attackers to execute arbitrary commands.
02af200793b7e244c4a6b4fe5d2841488b69e1beab1bc69d7f7aa68a87ab8331Debian Security Advisory 1095-1: Several problems have been discovered in the FreeType 2 font engine.
0787142dcd4868da1f2fb0a20d0559fadb319bc2d91ff63c1056d908be2d4bc6Debian Security Advisory 1094-1: Joxean Koret discovered several cross-site scripting vulnerabilities in Gforge, an online collaboration suite for software development, which allow injection of web script code.
ea4e76e50df20b3ad10c37936618719ec062d9555422fae80ceae4f0aa4ee712Debian Security Advisory 1093-1: Several format string vulnerabilities have been discovered in xine-ui, the user interface of the xine video player, which may cause a denial of service.
d97cc69d069992890e9c1cc5156f98d9b24201b09e3467a673ed66b8ad2d67b9Debian Security Advisory 1092-1: Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL database, incorrectly parses strings escaped with mysql_real_escape() which could lead to SQL injection. This problem does only exist in versions 4.1 and 5.0.
9cd677d7cab0d5299bde3ef5872d558a13d09edfdb77e41de4b88733ee229e5cDebian Security Advisory 1091-1: Several problems have been discovered in the TIFF library.
66343940af8c0223f2a8631a194f7e7297a14918d31e5d5732112e6f4543f34d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed