iDefense Security Advisory 11.09.07 - Local exploitation of a directory traversal vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. This vulnerability exists due to insufficient checking for directory traversal sequences when processing the DBLANG environment variable. By using values containing directory traversal specifiers, such as "../", an attacker can cause set-uid binaries to use Native Language Support (NLS) message files under their control. iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable.
c580928cdff87079ff8049a71654f53cd2a67db3f7aabda25d920e7032f5199b
iDefense Security Advisory 11.09.07 - Remote exploitation of multiple buffer overflow vulnerabilities in AOL's AmpX ActiveX control could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Several methods within the vulnerable ActiveX control (CLSID B49C4597-8721-4789-9250-315DFBD9F525) were found to be vulnerable to stack-based buffer overflows. In each case, variable length attacker supplied data is copied into a fixed-size stack buffer using the strcpy() function. Since no input validation is performed, it is possible to corrupt stack memory, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in version 2.6.1.11 of America Online's AmpX.dll. Other versions are suspected to be vulnerable.
58fb3b132c0f5e5b01a3d0d2f2b52bbe4987d0a31920d069c961cff7e5c92dba
yappa-ng version 2.3.2 suffers from a remote file inclusion vulnerability.
60a22e1d844cf5729d91d16365e8e701e76f442ee5a962d6f93743923c0ec10d
The Xoops Mylinks modules suffers from a SQL injection vulnerability in brokenlink.php.
fe6036e4b4c3667e632ef3201fbc1f4dabcbf3f7a849c1331dbdbbd38469fb71
Secunia Security Advisory - Mandriva has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
cc5c3b24fd133e272ba87ef218c7422a01ad475a91eee106c7b836ae567d0416
Secunia Security Advisory - Red Hat has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
21e6426aad56deb9048f42921004946fe291e7a01ade9d1943e594a3ca294e8a
Secunia Security Advisory - A security issue has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.
be4050aa83ab8150007ac4a45cf497d2a54f4b4bd585c80afe118daa69e653ba
LI-Guestbook version 1.2 suffers from a SQL injection vulnerability.
6309a2cd2eee23ce23d4f075c562bc06028873d09b6fedf182953e0da6693eda
CanSecWest 2008 Call For Papers - The ninth annual CanSecWest applied technical security conference - where the eminent figures in the international security industry will get together share best practices and technology - will be held in downtown Vancouver at the the Mariott Renaissance Harbourside on March 26-28, 2008.
9a2ca1ef1d2567c85bbf4828b39e771caa2e78e1c1da3f59bb0b9646d3960dc7
The ShockwaveVersion() function in Adobe Shockwave appears to suffer from a stack overflow vulnerability.
fe8fd484cabb433c1ba41a8398e35ea851e20401d6e8ff421bee6696cd58876d
Mandriva Linux Security Advisory - A flaw in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes was discovered. A local or remote attacker could create an LDAP request that could cause a denial of service by crashing slapd.
582e0ef16c686a308ecb0edceb79c2ecf92ce1a095f886cf1c511aa4f000f7f3
Susanoo is a simple editor written for Konqueror browser that allows for manipulation of cookies.
97526b4b62ddc620bc9c854a2a10d2537201c7f9b4b7210b9616072b62cd1c7b
Secunia Security Advisory - A weakness has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
42e0c7f08eb79ca018c1aaf85192dab66ad67a7fe69a7b867f052cbf49202878
Secunia Security Advisory - Bas Wijnen has reported a vulnerability in Pioneers, which can be exploited by malicious people to cause a DoS (Denial of Service).
64535d14959ab582ce755aa8bc44acfa647fdd9527ad46daf4e40614e26dacac
Secunia Security Advisory - A vulnerability has been reported in Oracle Database, which can be exploited by malicious users to compromise a vulnerable system.
22c1b7c05b98141f4e0867a606e6b2599faa6c3147c49a4e1e46bbba83feac58
Secunia Security Advisory - Gentoo has issued an update for libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
d112e0bbb28cafe5affba55befa127d845c3d3cae3dfc616961fff4e47ec0975
Secunia Security Advisory - Gentoo has issued an update for madwifi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
08de51d7f951a8a80b8caa65370c580cea2124e0812a019053fdf925ca8e9dea
Secunia Security Advisory - Some vulnerabilities have been reported in Poppler, which can be exploited by malicious people to compromise an application using the library.
88e9084e649499614a2df33e1a5fb68ba17977e8cfa3c8bb88b093f695db8576
Secunia Security Advisory - A vulnerability has been reported in Net-snmp, which can be exploited by malicious people to cause a DoS (Denial of Service).
a3272d00e0ac351832ceae0423d46e15542363e810ec29107a648676434bebcd
Secunia Security Advisory - Gentoo has issued an update for apache. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks and cause a DoS.
269aa5908c27c3531b99c808b1092b2a6c044435322c8c0f4c8b0265867622ac
Secunia Security Advisory - Red Hat has issued an update for poppler. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
5b1758f8ec242d1b85dbb5b363e0326609fb46be3023eadd2913fe1428750b1e
Secunia Security Advisory - Red Hat has issued an update for tetex. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6cb9a297ecc966cc036a09953efb530e6225c36d19a413b2b09a5cdcb3dc7d4f
Secunia Security Advisory - Chris Evans has reported some vulnerabilities in PCRE, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
e7d48fa739aded1b1f916daa4fda91b25809c24a28023983133df02559735eb7
Secunia Security Advisory - Gentoo has issued an update for mono. This fixes a vulnerability with an unknown impact.
905ca6dc206b94a14232bb027f715115795e76fca7a3ac0826ddbaf38f8f7f25
Secunia Security Advisory - Red Hat has issued an update for openssh. This fixes a vulnerability and a weakness, which can be exploited by malicious people to disclose certain system information and to inject certain data.
76d0a20fecd2e81b88e2285eb7917c3b5a6e9f1321edaa717745d51cf3d7fbe9