iDefense Security Advisory 11.09.07 - Local exploitation of a directory traversal vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. This vulnerability exists due to insufficient checking for directory traversal sequences when processing the DBLANG environment variable. By using values containing directory traversal specifiers, such as "../", an attacker can cause set-uid binaries to use Native Language Support (NLS) message files under their control. iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable.
c580928cdff87079ff8049a71654f53cd2a67db3f7aabda25d920e7032f5199biDefense Security Advisory 11.09.07 - Remote exploitation of multiple buffer overflow vulnerabilities in AOL's AmpX ActiveX control could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Several methods within the vulnerable ActiveX control (CLSID B49C4597-8721-4789-9250-315DFBD9F525) were found to be vulnerable to stack-based buffer overflows. In each case, variable length attacker supplied data is copied into a fixed-size stack buffer using the strcpy() function. Since no input validation is performed, it is possible to corrupt stack memory, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in version 2.6.1.11 of America Online's AmpX.dll. Other versions are suspected to be vulnerable.
58fb3b132c0f5e5b01a3d0d2f2b52bbe4987d0a31920d069c961cff7e5c92dbayappa-ng version 2.3.2 suffers from a remote file inclusion vulnerability.
60a22e1d844cf5729d91d16365e8e701e76f442ee5a962d6f93743923c0ec10dThe Xoops Mylinks modules suffers from a SQL injection vulnerability in brokenlink.php.
fe6036e4b4c3667e632ef3201fbc1f4dabcbf3f7a849c1331dbdbbd38469fb71Secunia Security Advisory - Mandriva has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
cc5c3b24fd133e272ba87ef218c7422a01ad475a91eee106c7b836ae567d0416Secunia Security Advisory - Red Hat has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
21e6426aad56deb9048f42921004946fe291e7a01ade9d1943e594a3ca294e8aSecunia Security Advisory - A security issue has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.
be4050aa83ab8150007ac4a45cf497d2a54f4b4bd585c80afe118daa69e653baLI-Guestbook version 1.2 suffers from a SQL injection vulnerability.
6309a2cd2eee23ce23d4f075c562bc06028873d09b6fedf182953e0da6693edaCanSecWest 2008 Call For Papers - The ninth annual CanSecWest applied technical security conference - where the eminent figures in the international security industry will get together share best practices and technology - will be held in downtown Vancouver at the the Mariott Renaissance Harbourside on March 26-28, 2008.
9a2ca1ef1d2567c85bbf4828b39e771caa2e78e1c1da3f59bb0b9646d3960dc7The ShockwaveVersion() function in Adobe Shockwave appears to suffer from a stack overflow vulnerability.
fe8fd484cabb433c1ba41a8398e35ea851e20401d6e8ff421bee6696cd58876dMandriva Linux Security Advisory - A flaw in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes was discovered. A local or remote attacker could create an LDAP request that could cause a denial of service by crashing slapd.
582e0ef16c686a308ecb0edceb79c2ecf92ce1a095f886cf1c511aa4f000f7f3Susanoo is a simple editor written for Konqueror browser that allows for manipulation of cookies.
97526b4b62ddc620bc9c854a2a10d2537201c7f9b4b7210b9616072b62cd1c7bSecunia Security Advisory - A weakness has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
42e0c7f08eb79ca018c1aaf85192dab66ad67a7fe69a7b867f052cbf49202878Secunia Security Advisory - Bas Wijnen has reported a vulnerability in Pioneers, which can be exploited by malicious people to cause a DoS (Denial of Service).
64535d14959ab582ce755aa8bc44acfa647fdd9527ad46daf4e40614e26dacacSecunia Security Advisory - A vulnerability has been reported in Oracle Database, which can be exploited by malicious users to compromise a vulnerable system.
22c1b7c05b98141f4e0867a606e6b2599faa6c3147c49a4e1e46bbba83feac58Secunia Security Advisory - Gentoo has issued an update for libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
d112e0bbb28cafe5affba55befa127d845c3d3cae3dfc616961fff4e47ec0975Secunia Security Advisory - Gentoo has issued an update for madwifi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
08de51d7f951a8a80b8caa65370c580cea2124e0812a019053fdf925ca8e9deaSecunia Security Advisory - Some vulnerabilities have been reported in Poppler, which can be exploited by malicious people to compromise an application using the library.
88e9084e649499614a2df33e1a5fb68ba17977e8cfa3c8bb88b093f695db8576Secunia Security Advisory - A vulnerability has been reported in Net-snmp, which can be exploited by malicious people to cause a DoS (Denial of Service).
a3272d00e0ac351832ceae0423d46e15542363e810ec29107a648676434bebcdSecunia Security Advisory - Gentoo has issued an update for apache. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks and cause a DoS.
269aa5908c27c3531b99c808b1092b2a6c044435322c8c0f4c8b0265867622acSecunia Security Advisory - Red Hat has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
5b1758f8ec242d1b85dbb5b363e0326609fb46be3023eadd2913fe1428750b1eSecunia Security Advisory - Red Hat has issued an update for tetex. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6cb9a297ecc966cc036a09953efb530e6225c36d19a413b2b09a5cdcb3dc7d4fSecunia Security Advisory - Chris Evans has reported some vulnerabilities in PCRE, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
e7d48fa739aded1b1f916daa4fda91b25809c24a28023983133df02559735eb7Secunia Security Advisory - Gentoo has issued an update for mono. This fixes a vulnerability with an unknown impact.
905ca6dc206b94a14232bb027f715115795e76fca7a3ac0826ddbaf38f8f7f25Secunia Security Advisory - Red Hat has issued an update for openssh. This fixes a vulnerability and a weakness, which can be exploited by malicious people to disclose certain system information and to inject certain data.
76d0a20fecd2e81b88e2285eb7917c3b5a6e9f1321edaa717745d51cf3d7fbe9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed