Gentoo Linux Security Advisory GLSA 200609-13 - Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Versions less than 1.3.5-r9 are affected.
30fcf5b5522c1d10fe551b1d248f87e3659e6eb8846997b7b00e1c760b290dc5Gentoo Linux Security Advisory GLSA 200609-16 - A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of tiki-searchindex.php. Versions less than 1.9.5 are affected.
f2eecb0d5db4bfa1629ca5148414f24a9754c71d23a65baca91a88f11475d48eGentoo Linux Security Advisory GLSA 200609-15 - verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace. Versions less than 1.4.4 are affected.
fa912ed233c18b7bab4dd7b1440863dc41e2e171d4fa1329a0d72cef1e5d811dGentoo Linux Security Advisory GLSA 200609-14 - Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder. Damian Put discovered a heap overflow in the SGI image decoder. Versions less than 6.2.9.5 are affected.
7b4d89d292ba01e50cab46884be9d45aa9daf41deda8b1516aea29a89429648fUbuntu Security Notice 352-1: Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.
ef41dc1fee07a1ae965fe581decc1503ce2decfffe048ae6ce777eddaa2c1b90Bypassing network access control (NAC) systems - This whitepaper examines the different strategies used to provide network access controls. The flaws associated with the different network access control (NAC) solutions are also presented. These flaws allow the complete bypass of each and every NAC mechanism currently offered on the market.
7dc8e38caef9108f721a21493544a4ba21ddafddf32210c7962320556e319394Debian Security Advisory 1184-1: Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
799b73182cd6e5ee3bb6eda6525bd22cba6be99b8731e039bb2255d59682907fDebian Security Advisory 1183-1: Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
2faa9a072bfc51aea394c6ead17fd2f5a173df0362e669e5cadf46b8acec555eDebian Security Advisory 1184-2: kernel-source-2.6.8 - This advisory covers the S/390 components of the recent security update for the Linux 2.6.8 kernel that was missing due to technical problems. For reference below please see the original advisory text.
1c3601bd0c15b034cc1a82a45342e1e3a41e312c008209c84ae5c091bca914eeFreeBSD Security Advisory - Multiple vulnerabilities exist in gzip.
40bd13cb8cb2081691ce02d2adabac8a542bd62b8d47fd3c4d05236d29b0cb78Pie Cart Pro suffers from a remote file inclusion vulnerability in the Home_Path variable.
7a4ecb1e02c979364450299da14442bd5fe538b9e1daea068d190366b4cf8bd9rfdslabs security advisory: RLSA_02-2006 - OSU httpd for OpenVMS suffers from full path and directory content disclosure.
16de47fd65bebc0e046d055c8c96b19a4810c54a3c3841c748cc09991dca61c8PT News 1.7.8 suffers from cross site scripting in search.php
d3cd807a73eac4fb5ec22ad458c9791d1544cd616169a82a734fd90e9ae008c7Mambo's script mambo_hotornot versions 1.2.2 and below allow malicious users to upload and execute arbitrary php files.
e1db3ac6f8a8f905f67e50e753efd1049b3e7ad69cb0aff0b5644aff6c8c9bc8PhotoPost PHP 4.6 - 4.5 remote file inclusion vulnerability.
4017bf6d0707a213d1e1668261ee285786f994f2d0f1c83f9f667f1d23e36c4bPNphpBB suffers from a remote file inclusion flaw in functions_admin.php.
b3b9efc8dd69fd3136a65cf35f5c6be2438a8aa5638793604e190cc64258faf5Techno Dreams Articles and Papers Package versions 2.0 and prior suffer from a SQL injection vulnerability.
10c191951b629a4ef676a092be40c6258e3f6d8efdc34887ebc8bf3e9506d756ECardPro v2.0 suffers from a SQL injection vulnerability
47e1a3da96391f379384df8d10b7b9703b75ceea46951637183fb0af7b821c20PHPQuiz versions less than or equal 1.2 remote SQL injection exploit.
cc00d20894ec963b7a7b4fc0753f725c8a1c20fe67c2d7bc22cacd57706eee68Kurdish Security Advisory #27: artmedic links 5.0 remote file inclusion vulnerability.
f977e352a3a6cf456a6af7414bfd3261fc0baecb4d39b961d5720daf6d643ecaPlume CMS 1.1.10 suffers from a remote file inclusion vulnerability.
83570734e0074fe652424bc5712d1d89dcf971c4f099f79a87994eb1e6d5048eHitWeb v3.0 suffers from several remote file inclusion vulnerabilities.
1db8e70d9e9a641a2cbced9ca9aea7d1adb970b2717ef2a3697baf8259d792afNextAge Cart suffers from a cross site scripting vulnerability.
0184a14b97b555de5fddecb7459888d3cea17928d82b3a9db66ffa2d2c35b87fSite@School 2.4.02 and below suffers from multiple remote command execution vulnerabilities.
ff6a0d11614613f5191f0ad6e4b0439e5b8d31e19d7623056d32f3db781a3e0fTriton Model 98xx series cash dispenser operation manual
b554f64d5fd2f3cf77330af9b8323cd6f7240e06b81247994910f19ed60dcafc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed