Firefox 2.0.0.11 appears to suffer from an INPUT denial of service flaw.
106de90631ae727c057e777f65c56f3e54f8d09f1d807d7aa7fb49cf8f679345Gentoo Linux Security Advisory [UPDATE] GLSA 200711-29:02 - Samba contains two buffer overflow vulnerabilities potentially resulting in the execution of arbitrary code. The original GLSA only resolved one of the two vulnerabilities due to a regression. New packages are available that resolve both buffer overflows. Versions less than 3.0.27a are affected.
5557de32405923b2805ccfe30b4853e9a647f880a50d5de4f71ef0a5b640500bGentoo Linux Security Advisory GLSA 200712-02:02 - It has been reported that the local_graph_id variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Versions less than 0.8.7a are affected.
da4a4b89600f7f51dc73aa6b1ce47f4768e8e260621ae035de1d06f41a1443afGentoo Linux Security Advisory GLSA 200712-01 - Suse Linux reported that Hugin creates the hugin_debug_optim_results.txt temporary file in an insecure manner. Versions less than 0.7_beta4-r1 are affected.
f72a55677a24c843f1f060ea87e950a2a91ad0269c80bcf1ee72aa118b7377c1ezContents version 1.4.5 suffers from a remote file disclosure vulnerability. Exploitation details included.
836281b1587a26e996351b905a3aabb5dc4198eb9ac3b026a7c8ab57163f12adDebian Security Advisory 1420-1 - Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.
d23d17f90a2adf746f2242041c32d79d54e57c8fc7b7d073a784c2b395e16d41Cisco Security Advisory - A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.
d6feb3ae1ee89b617ef815ece5040454f7d85e317d3b91ac3b902fda7d1785b4The Cisco 7940 is susceptible to a denial of service vulnerability when sent a sequence of SIP INVITE transactions. Demonstration exploit included.
a26c3e610685427175a09dd9c6263f17dfcce7d29309566957189aa762b24539The Nokia RM-159 version 12.0.013 suffers from a denial of service vulnerability when accepting a special sequence of SIP messages. Demonstration exploit included.
982d32bb063c52ac57973b7647ceca386a41fd00f3d6fafc909e609396e52d0cDebian Security Advisory 1419-1 - A vulnerability has been discovered in HSQLDB, the default database engine shipped with OpenOffice.org. This could result in the execution of arbitrary Java code embedded in a OpenOffice.org database document with the user's privilege. This update requires an update of both openoffice.org and hsqldb.
c16330dba85aa9cc4f0f76fb8674472566d62d50cb9be41f7f80f5c8f1b448b7This is a script to obtain a basic shell remotely on unix systems behind firewalls. Client gets commands by periodically polling the server and sends the output back after executing them. Traffic traverses firewall as standard outgoing HTTP GET/POST requests. HTTP requests/responses carry payload b64 encoded.
bcbe505bee2a0877ae0ac0de00bbeda57cfbcbba46d50332bd6b6a0dde1abf18CiscoWorks versions 2.6 and below suffer from a cross site scripting vulnerability.
e82d3e33fc9023b1641db87b491be48e638aec82f23c25a91a6e65ed97d725a4strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
d4503fd2d730443d0c3918048a4fb1482c4e87a55a81e6c6fb92df13accec2bdNuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
ee8e022d60a4f225a981bf8408d6c35ffc30b4726665854ced05778cf7c0feffSineCMS versions 2.3.4 and below with the Calendar module suffer from a remote SQL injection vulnerability.
b0ff2a7916ae3e6728f3450b14ecfd23a3ece8b3aee17a731eb923f882626a4eThe Mambo/Joomla component rsgallery versions 2.0 beta 5 and below suffer from a remote SQL injection vulnerability.
dcb1c4abb718a08363c440ddbec0a9390ab1be55a36bdff64af572c3269968f2Opera is vulnerable to a remote denial of service attack, using specially crafted BMP files, that causes the browser to freeze for a short amount of time (around 4 minutes on fast computer).
93b879e9a06d7e933fad2efbb0ff9f866107dcf04c983da9154afa99bd7a2b12The MPAA web site suffers from cross site scripting vulnerabilities.
b8242db2e9de0aa143117b12d1ed5ede37fa7cba62a658fbeacf46f6219df6a6Mandriva Linux Security Advisory - A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users.
f791a9296c8d4400be0291b24e5962d68ebe3bd47ea912792d38fd87a0988fd5Mandriva Linux Security Advisory - A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
b9a5ce7c195cf23dc93bea4b0e8421b2c3846ed1d22327a5e165ead7aa461f41Eleytt has discovered cross site scripting and username enumeration vulnerabilities in the IBM Tivoli Provisioning Manager Express, a HTML injection vulnerability in the Computer Associates eTrust Threat Management Console, and a denial of service and remote user addition vulnerability in Gadu-Gadu.
fda1f78dbc21e6774b76805b3b3221c77386552903d0b01b908867ea83063cbbUbuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.
a5ca1e30ea861e4166a60a266a86b1e6214e7fd247ffec66450a64a54d59bf70Ubuntu Security Notice 552-1 - It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.
2f2bc258abbaf3c5f0854911699f361757f636eec99c67a0c470e681692e7f70Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.
cd6620ec6ef11dcd2e4ad14c25d074f47f1e99e49f81174d1ae8cd195e713a76HP Security Bulletin - A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited remotely to gain unauthorized access.
f778ace1842d805c54d5c2c7d179191b9389baafbe1938ad271c0a143f9a7230
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed