Samba versions 3.0.1 through 3.0.22 suffer from a memory exhaustion vulnerable in smbd that can result in a denial of service.
1c9411dbbaeac6fd644a07a5c95f32c0a1ec7c957eb8c03bee5c98c1c2a81ab7Symantec Vulnerability Research Security Advisory SYMSA-2006-007 - There exists an overflow condition in Microsoft Office when a malformed string included in an Office file is parsed by any of the affected Office applications.
689c6a06cb79ec97ff09858e907e94060db81942741e0816ff8293a07b831f96The Juniper Networks DX System log is vulnerable to a persistent, unauthenticated XSS attack. This vulnerability can be exploited by an attacker to obtain full administrative access to the Juniper DX appliance. Versions 5.1.x are affected.
a1ed4a3e719624facdc99fa06c2d783d53aeb9a14ae8ced2f440bd4576ba2f62Farsinews version 3.0BETA1 is susceptible to local file inclusion flaw.
dd0e0496df41daa0fb53aec2052b78a9c6aca83508abb8c03692a835121cecaaDGNews version 1.5.1 is susceptible to a cross site scripting flaw.
9ac93d2f4f32ee32d72dbf68e7d524c2437686957a22ecf7603d824b10ad9683CommonSense CMS version 5.0 is susceptible to a cross site scripting flaw.
50adcbb0e51280dbd1e3aa31c76350bff1c769e1a9a50bfa0f52860123c1dc76Ubuntu Security Notice 312-1 - Henning Makholm discovered that the gimp does not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
fc69650f5c8d4e00e9efe185a3bbd68de6da78a1e1cfe56b2aedc66377f68f8aDebian Security Advisory 1107-1 - Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings.
2c9454d390114cbdc832e9da53e0d01a244e8f26abe28c2730d72a01a772cff1The FlexWATCH camera server is susceptible to cross site scripting and authorization bypass flaws. Vulnerable versions include 3.0 for FW-3400-A (PAL), 2.0 (PAL), and 2.3 (NTSC).
d00b80e3d459ef346173e38b77c9d041c91c10831f289b171f1745421734cd84It appears that phpPolls version 1.0.3 allows for direct creation of a new poll without enforcing administrative privileges.
15d0c329320af44b9cb24ac711947d89b3f695c2b4250e8feeedd88dae024c32Debian Security Advisory 1106-1 - Marcus Meissner discovered that the winbind plugin in pppd does not check whether a setuid() call has been successful when trying to drop privileges, which may fail with some PAM configurations.
ff9f850ab2cc29f08959025ed97a5db0d218f5709994b7bcca8ee798e73c83cfpc_cookbook Mambo/Joomla Component versions 0.3 and below suffer from a remote file inclusion flaw.
81305486d7754754bf3b7e1425cdddd26a32b0926d6a1c06f145b0f1d3ff32d9The sipXtapi library from sip foundry contains a buffer overflow when parsing the CSeq field. This flaw can be used by an attacker to gain control over EIP and execute arbitrary code.
77a6625b68a7a0f0d9aa5020695192031b2e9a9b5fe7b3694ab20b03088f38cdsmf forum for Mambo CMS versions 1.3 and below suffer from a remote file inclusion flaw.
ecad8e8165118b91710866537d13142418da40dc8872875330ae77beb3b2a6ebGentoo Linux Security Advisory GLSA 200607-05 - The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the Description, URL, Genre, AIM, and ICQ fields. Versions less than 1.9.7 are affected.
68de65b0b0c12a4962796506d226a400d8e99d7559c3100116b5a0995fa45128Gentoo Linux Security Advisory GLSA 200607-04 - PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by Akio Ishida and Yasuo Ohgaki. Versions less than 8.0.8 are affected.
b6faaf9c93f325d407c51cf5f2c1c17ff1c9746ffc4aaa7db780fcd4d9b0f48aMicrosoft Word local hlink exploit. Written for Word 2000 and XP. Binds a shell on port 49152.
9b99652817778008a3de8bc072c1f4a7b1b1b7a752b90c2d414e691abf0967f2Gentoo Linux Security Advisory GLSA 200607-03 - A buffer overflow has been found in the t2p_write_pdf_string function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow has been found in the handling of the parameters in tiffsplit. Versions less than 3.8.2-r1 are affected.
1c8c666e6c6ee49bcda798d77a803f460ef1b7062a7ace933af5fc22a2b76742Gentoo Linux Security Advisory GLSA 200607-02 - Multiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c). Versions less than 2.1.10-r2 are affected.
da2a7d97d19671c08a52378e566fd3b35f266b1a5038e1b690f2e1b26c2ca565MIMESweeper For Web version 5.x suffers from a cross site scripting flaw.
e9e0cb9cd745a51c4a7fc4d3dbf8c415305da5f7817956e0380f01bd97b1c08eSQLNinja is a tool that can assist in performing SQL injection tests on web applications that use Microsoft SQL server on their backend. Written in Perl.
ea981a213e47b91e4641af1cbc57fe4b588e461f5ae2492c6e89a48acebcbeeaWebmin / Usermin arbitrary file disclosure exploit for versions below 1.290.
26df64b339f3c6e96203965593eddaf4e3dbfc84f8cc18992edf84b8f460390cGraffiti Forums version 1.0 suffers from SQL injection vulnerabilities.
56d2c26a4ca1a61cb85a700408c765487020b686942975869595f1d622bce15bWebvizyon Portal 2006 is susceptible to a SQL injection flaw.
49ff890b6796ce8672953d2702921331e9e37cafab308d706c6b52fa84e3354eSecunia Security Advisory - Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.
4de7f868996cab5a4af72a6e319ccef598c14d1e5ce83fde1f6013659cba4c9f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed