Technical Cyber Security Alert TA06-200A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
729654164b51a6a62c67a7fc463fa5e4908171755072dd0b90197fb632583582rPath Security Advisory - Previous versions of the libpng package contain a weakness in processing images that is known to create a denial of service vulnerability and is expected also to allow unauthorized access. This weakness is triggered by malformed png images that may be provided to applications such as web browsers by an attacker.
32f2e1977a6be9cee119a0f457b46c0c4d26ac2322445ba8f7d03d2f5c6150e9Gentoo Linux Security Advisory GLSA 200607-06 - In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Versions less than 1.2.12 are affected.
c52c1fdc9df9fae168bd21bb5d44e810ceff1c721841f8a39adffea4bc0ea41dCisco Security Advisory - Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains vulnerabilities related to third-party software and the command line interface (CLI). CS-MARS ships with an Oracle database. The database contains several default Oracle accounts which have well-known passwords. If access to the database is obtained, the default accounts may be used to access sensitive information contained in the database. CS-MARS ships with the JBoss web application server. A component of the JBoss installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of the CS-MARS administrator. The CS-MARS CLI contains several vulnerabilities which may allow authenticated administrators to execute arbitrary shell commands with root privileges. All vulnerabilities addressed in this advisory have been corrected in CS-MARS software version 4.2.1.
6d8365bbd3df900adf1c27abe88979a9285dccdcd49ddb8df480d3c4b145d83crPath Security Advisory - All versions of the ethereal and tethereal packages contain vulnerabilities in packet dissector modules, which may allow various attacks including subverting the user who is running ethereal. Since ethereal is generally run as root to view network traffic directly, this may allow complete access to the vulnerable system.
c44a6d6485544a4f0867e5c2113e2255a5f08d8b4523239a0d24aa294287a2efUbuntu Security Notice 320-1 - Multiple vulnerabilities in php4 and php5 have been fixed in Ubuntu.
ed4325f174f86f7991aa6c241942bd4940d3f151a71e55e144c77ccbc88a385bThe Demo Store version of AFCommerce Shopping Cart is susceptible to SQL injection and cross site scripting flaws.
af49e1fb5a31ada2438785fe63a8aee4c5ffc469e25e30ba194fe642e1d3ac99RPS, or Rigter Portal System, versions below 4 suffer from file inclusion and SQL injection vulnerabilities.
eb30668f52a301223fdc15b4a56edd24bd66ea7a0c2f648136d2163df0b6182eWinRAR versions less than 3.60 beta 7 and greater than 3.0 suffer from multiple buffer overflows due to a lack of constraints while copying data.
f8b7381f74499f50992c3a3cf3c3f915a313f8b38f1c339d779fb109ce1a2ea2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed