Flatnuke3 suffers from remote cookie manipulation and privilege escalation vulnerabilities.
5fb21f33a6f7431df6408c27baa203db2b9e93b5f3b0fd19bec1aeab85d554143proxy suffers from a double free vulnerability that can cause instability and potentially crash a service. Versions 0.5.3i and below are vulnerable.
a9a783384f00b64eec16444c543b97b53d9ddba880b60f23cad51e899880db4eSymantec Vulnerability Research SYMSA-2007-013 - Lotus Notes and Domino are susceptible to a vulnerability in the IPC functionality between NLNOTEs and NTASKLDR.
7de0e438003f14b51adeb9d77bdce9c0799d30834e20093b16bcf507c47d2f97Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes.
890157468a36afba607e7e752659d2e88a1469381478ce7e639aee37185addbcAirscanner Mobile Security Advisory #07101401 - Mobile-spy.com's user administration web application contains a critical bug that allows anyone to inject spoofed incoming/outgoing phone records, SMS messages, and URL's into the backend database for ANY user of the software. In addition, since the incoming records are not filtered, it is trivial to inject malicious JavaScript/HTML into the webpage viewed by the user of the software. Finally, the user/pass is stored locally on the victims phone as plaintext.
1ccdeecf84bcfefb43e142a2d3d704e40e44cf7bdd76226f2439fca9febd313aGentoo Linux Security Advisory GLSA 200710-24 - iDefense Labs reported that the TIFF parsing code uses untrusted values to calculate buffer sizes, which can lead to an integer overflow resulting in heap-based buffer overflow. Versions less than 2.3.0 are affected.
7b27a63ec705a743f8dea1f85957f1c1d82334922e89302a8a24c3c92681bb31The call for papers for the upcoming Hack in The Box Security Conference 2008 in Dubai is now open.
fd301687abefc09721256e5dce44925233e33bf1d6cdfcf2864ed84d72002368Ubuntu Security Notice 535-1 - A large amount of flaws related to Firefox have been fixed under Ubuntu. These include forced upload and javascript insertion vulnerabilities.
e937e8ad5d0b409d665ed543ec76877c5a6c7850fb23798031b11ce6ee1da4edSecunia Security Advisory - Ivan Sanchez and Maximiliano Soler have reported some vulnerabilities in SocketKB, which can be exploited by malicious people to conduct cross-site scripting attacks.
ab8c66eaffde003c2552082734d8a040e16808c2423434a7f0221066f6981779Secunia Security Advisory - Some vulnerabilities have been reported in PHP Project Management, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
1abb0601326f190ebd4ed7a0591099aad477e74084c7c23d5523acd77e456f7bSecunia Security Advisory - A vulnerability has been reported in Mono, which can be exploited by malicious people to disclose potentially sensitive information.
96bdc0f2b1ceadf87fb313cffefc5ed7f4d55319c2c06a3b698fd1c06fe25639Secunia Security Advisory - Ubuntu has issued an update for util-linux. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
7e1838935240e3b1261717971ff4d2dc60d0fd0540394ff08a68c94ae0b54191Symantec Vulnerability Research SYMSA-2007-012 - Microsoft Windows CE suffers from a IGMP related denial of service vulnerability.
2a7a4f96a971f94fa1cb4df40898c68ed0b5b2fd36736921625d3dfb242c518dSecunia Security Advisory - A vulnerability has been discovered in RealPlayer, which can be exploited by malicious people to compromise a user's system.
77b62f5ec8fb09157f75358e248b9d6a350390023fc1dcbae2aa95c5c3ab5ea2Mandriva Linux Security Advisory - A vulnerability in the hpssd tool was discovered where it did not correctly handle shell meta-characters. A local attacker could use this flaw to execute arbitrary commands as the hplip user. As well, this update fixes a problem with some HP scanners on Mandriva Linux 2007.1, particularly HP PSC 1315, which wouldn't be detected and also fixes a problem with HP 1220 and possibly other models when scanning via the OpenOffice.org suite.
5a39c612fb3014e19117c3edc274a16f5bed20cb4f52e731b981114761f49ec8Gentoo Linux Security Advisory GLSA 200710-23 - Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the has_dotdot() function which does not identify //.. (slash slash dot dot) sequences in file names inside tar files. Versions less than 1.5_alpha84 are affected.
96ed2a60e1bd98b2263cd164ec0f2d7fc102eec295f50607ace9254f4c434c00The Citrix Access Gateway product suffers from a flaw that allows an attacker to gain access to an authenticated user's session ID.
01037c80d3fc5f9b8cef26ca90fb92ab47bbd0fb82f264f1211453f55312eb38Ubuntu Security Notice 501-2 - USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript. It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.
11388cfcc387fd482c29011d81aaefee39a8deafdc25825cb291c70ebbc6aebcUbuntu Security Notice 534-1 - Andy Polyakov discovered that the DTLS implementation in OpenSSL was vulnerable. A remote attacker could send a specially crafted connection request to services using DTLS and execute arbitrary code with the service's privileges. There are no known Ubuntu applications that are currently using DTLS.
a455a8829cdbb892ee170e6094e373948ebc9837f3b4f811e857e42664ff51e7Ubuntu Security Notice 533-1 - Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs.
452e663fa6ac02624ced4b9e311d931598da9b08d6c91f7ebe13d2f56c4521f4Exploit for the iTouch/iPhone libtiff vulnerability. This will work on iTouch/iPhone firmware 1.0.2 and 1.1.1.
7900a48bb73cf7d320a24b4a6659a542ab4c1a27be2a82684e47548881923783Ubuntu Security Notice 532-1 - Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.
677e5058f12e473d485da0af4be16886fabcf37a7ba5d0487a4a71af1f170bd9Ubuntu Security Notice 531-1 - Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.
a1fb6cf29b876fa198b009eb277b54ba51717c315148dd2775b4f39016f4aceeThis Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.
159b79d396cc6be73eddeb8db6cd9975c0d95b50f6eb41571ed8f34e088a507fThis Metasploit module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload.
ba86f554ff58ec884739058eb80af65e4d58a0973721425b952d586468e13d92
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed