Ubuntu Security Notice USN-344-1 - iDefense security researchers found several integer overflows in X.org's font handling library. By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges.
59646acadf21a9cdebde263d24d4be33bfeb7303956f7c214e3e852d7b851f6fTechnical Cyber Security Alert TA06-255A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Publisher. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
084beeb18cea8961cb3fbdaa5c07a049bdcc52a2aa8b50a0350ed459f349c742Adobe Flash Player versions 8.0.24.0 and below, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX 2004, and Adobe Flex 1.5 suffer from a remote code execution vulnerability through the simple invocation of a maliciously constructed web page.
c2e62732e89a3add14dd48ce53da3fbb131196dafa28c9ee09bbf5a3edb3beb8LedgerSMB version 1.0.0 and SQL-Ledger versions 2.6.18 and below suffer from a directory traversal flaw that may allow for arbitrary code execution.
b63d208999b7ba0d0fdd5c47f42f47e76efcec435eeffa093535f6e4693c9d98Gentoo Linux Security Advisory GLSA 200609-06 - AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. Versions less than 2.0.1 are affected.
0b94ddee2f5263273e0bea960231ecea02623f09c64d3408f383f0ce596ec2c3Microsoft Publisher versions 2000, 2002, and 2003 suffer from a remote, arbitrary code execution vulnerability that yields full system access running in the context of a target user.
b11478ca1b4f1ca6846df7f7f3ed6ee5ff4d59deabf85210e4d91b95bb0635c0In Lotus Domino Web Access (DWA) version 7.0.1, the session token used to identify the user (called "LtpaToken") is not invalidated on the server upon user logout. The cookie is removed from the browser, but the token continues to be recognized by the server until a configurable expiration time is reached.
aed4fab020bf5946cea878da81dd157b62a3e142ecfbe895fa31a092c15a8709Newsscript version 0.5 suffers from a local file inclusion flaw in print.php.
d5b175e18bd85013db5424ccdf23bd98f5ca37cb59fbd8ade11c6f9a57df8403WTools version 0.0.1-ALPHA suffers from a remote file inclusion vulnerability.
2cbcd5737f172555abd9ecf79ac228ca04e6be96946750c269808ce6ce582d34Multiple PHP applications, including phpBB and punBB, suffer from a poison NULL byte vulnerability.
f11f44724c2f056f01589de173ca4fbf94d6c615eb5160f25decab04aae9da8aDeja Vu, which is bundled with Roxio Toast 7, creates ruby scripts in the /tmp directory. These scripts contain commands which are executed with escalated privileges. A race condition exists which makes it possible to execute arbitrary commands against the system or gain root level access.
dceb4c62c12876daaa9c13d289451d6a39385dd8a1b2de27fbeba98c759b1b3bThe vCAP Calendar server versions 1.9.0 Beta and below suffer from denial of service and directory traversal vulnerabilities.
fcf14fec53b897407562c5f3d3d9dc7cbf943f38eb9d639ce1c7c0a039ae19f4Debian Security Advisory 1174-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
a706ca8daebe1a20162ca9c0a63080077b01003906a46dfb43df58631c265f21XHP CMS version 0.5.1 suffers from a cross site scripting vulnerability.
b99ebb0c64935a47c2b965431215b64bcf60516c294ae7d751ad19c09834e05dHotPlug CMS config file inclusion exploit that compromises access to the database.
f8c49e1c288dd71f867cf2b3e6013f7f63e3959f00152818682f8680ecccf4a3Secunia Security Advisory - Red Hat has issued an update for ncompress. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
c75b06f5fb8c34f40de19f45353b55296e8701d1400f9f8cf39f35243383cdfbSecunia Security Advisory - Gentoo has issued an update for adplug. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.
3d4be29db402c2dd8653b628fd62fa1e27558d0ff7b9015f2140e2a66d663d98Secunia Security Advisory - SHiKaA has reported a vulnerability in signkorn Guestbook, which can be exploited by malicious people to compromise a vulnerable system.
a00cec0a41199d9dcd9ad1e42252b0dc660fd5b2a620213a740c727c2747d97fSecunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya Predictive Dialing System (PDS), which potentially can be exploited by malicious users to cause a DoS (Denial of Service).
1d6a8e31c2cf72b629592b2a33dc76e22dcfd122a8ef4b114551654ac8a25167CMS.R suffers from a SQL injection vulnerability that allows for administrative authentication bypass.
db8aca92cdacc50127776f42b16318d861940a41254f30d81f92b338708161d8ASP Auditor is a cool utility that helps identify vulnerable and weakly configured ASP.NET servers.
22b08d70e26b29d9a3afa3a356e492dca110e8254c50dcc2aaf30ba04a542080PHProg suffers from cross site scripting and local file inclusion flaws.
93b466caa26b9cce7db8eca898f622659062b5ef5a00507d7dd04e38b62450b4SmartStore.biz versions 3.5.11 and 3.5.13 suffer from a price manipulation flaw. Advisory is in both German and English.
3471ca21aee3c84f8e9535886f41b80b18da0e2a16a050e0f5be7a5b4ab6d166KorviBlog suffers from a cross site scripting vulnerability. Advisory written in French.
7a0f6f0c625b862ac1d424180b07e9d157d6ccdb878a73a6e26c103e8efb0986ppalCart version 2.5 EE suffers from a remote file inclusion vulnerability.
d97023b482dd851fff738c9f0a9eea3459ea08fade0c1f537ae45adc323b0fba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed