Heimdal ftpd versions 0.7.2 and below suffer from an uninitialized vulnerability.
ee9cb5236fcfeed9f448b5af280bde0bc5fa08a609f39bbce890bdf0269a4745CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596netkit-ftpd/ftp version 0.17 suffers from an uninitialized vulnerability.
f907547ba12d8c5979e36a77d84fc37e0812d02c75e06aa91b564345075a484aRapid7 Security Advisory - JFreeChart version 1.0.8 is susceptible to cross site scripting vulnerabilities.
db2f22da130be7712b7839f2603c7dfac9b6b42c4068044300f28e7c16a589f4Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the CGI applications that handle the management of the NNM server. Due to lack of bounds checking during a call to sprintf(), sending overly long arguments to the various CGI variables result in a classic stack overflow leading to compromise of the remote server. Exploitation leads to code execution running under the credentials of the web server. Further techniques can be leveraged to gain full SYSTEM access. OpenView Network Node Manager versions 7.51 and below are affected.
af2e7b4fea5306f492b6105526815249c897430e2fe51c525fc855c05e67e2abA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Versions below 3.6 Gold are affected.
b8b9dc1486f4327fc4af4eed9b1a2d1243fc1e2235dddac13457c36c9b6e799bUbuntu Security Notice 554-1 - Bastien Roucaries discovered that dvips as included in tetex-bin and texlive-bin did not properly perform bounds checking. If a user or automated system were tricked into processing a specially crafted dvi file, dvips could be made to crash and execute code as the user invoking the program. Joachim Schrod discovered that the dviljk utilities created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. Joachim Schrod discovered that the dviljk utilities did not perform bounds checking in many instances. If a user or automated system were tricked into processing a specially crafted dvi file, the dviljk utilities could be made to crash and execute code as the user invoking the program.
eafa4e047d9a941c4af2be60d32ed94667686a759839e25a4d77b5c6d0fd2847Mandriva Linux Security Advisory - The NFSv4 ID mapper prior to 0.17 did not properly handle return values from the getpwnam_r() function when performing a username lookup, which could cause it to report a file as being owned by 'root' instead of 'nobody' if the file exists on the server but not the client.
ac1cb4be91bfbf1ee4fc8d14e72ca2d598c5658f34480e57767359c20dfb139fMandriva Linux Security Advisory - It was found that the gss_userok() function in Heimdal 0.7.2 did not allocate memory for the ticketfile pointer before calling free(), which could possibly allow remote attackers to have an unknown impact via an invalid username. It is uncertain whether or not this is exploitable, however packages are being provided regardless.
af072875662beab8a39561d2b3487f35410259a0492ad91cdd4326174a0b2841Mandriva Linux Security Advisory - Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
207e106306883d0256f4ee1b81f7363e992f3f3ba75db422ac12a0da4c66f0fewwwstats versions 3.21 and below suffer from a persistent cross site scripting vulnerability.
5457ca069024fd739d38219ac74f191a2708e419d1729044433de62fb2ba630dThis document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP.
f6784276bc77577f72c09f503deab41ce6fabf7bb9a8b44edd61410211141a2cThe Apache::AuthCAS module appears susceptible to SQL injection attacks via the cookie.
6c3e8b4698c146be668861a2872cbf0a4d87b2fd29b00d223d6693a8f5789115It appears that Ebay.com may be susceptible to a cross site scripting vulnerability.
f42f18554d1ef06cf441213d8530b442008449ebc882df5ab7854314a09421deXigla Absolute Banner Manager version 4.0 suffers from a remote SQL injection vulnerability.
472a876eb370c19c0210e90d1fcf804b149e836387f425a0950a96324cdee6e8Secunia Security Advisory - Sascha has reported a vulnerability in HyperVM, which can be exploited by malicious people to conduct cross-site scripting attacks.
bc598ab071a462e65be5b3c2015eaf8c3402d798c8c8f21900d1e7cd4e485f96Secunia Security Advisory - David Wharton has reported a security issue in MyTV/x, which can be exploited by malicious, local users to gain escalated privileges.
22954db5d51bfdbe373b87189139c717b28069ad96053b554281572e91d67db7Secunia Security Advisory - Some vulnerabilities have been reported in TCExam, which can be exploited by malicious people to conduct SQL injection attacks.
6d9d691129dc3cd04df9244ba448483890761288c1d127793520ba544ab16daeSecunia Security Advisory - rPath has issued an update for firefox. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks and potentially compromise a user's system.
e2d0867b7cadda8b7cd32c570c8e60cc94b1e3e604edb07b7fd7d0775f8f77caSecunia Security Advisory - KiNgOfThEwOrLd has discovered a vulnerability in MWOpen, which can be exploited by malicious people to conduct SQL injection attacks.
b0aa386da19440e67aa50e35593e552097ec1de369d24e7a5dd766f8c3e4e21eSecunia Security Advisory - Joseph Pierini has reported a vulnerability in Absolute Banner Manager .NET, which can be exploited by malicious people to conduct SQL injection attacks.
42389e19e46069e96a3ec574cbe4a36dd2facca3514229e6591cad167e6ee499Secunia Security Advisory - Some vulnerabilities have been reported in JFreeChart, which can be exploited by malicious people to conduct cross-site scripting attacks.
55745102050ba5199f62096028eb187ea300ed5ab08884e2124d7660df051609Secunia Security Advisory - Some vulnerabilities have been reported in IBM HMC, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a vulnerable system.
b7c66ee3a8519965ddfeeefbec13ebd313e0f1304a487ce027b6870a77b6b325Secunia Security Advisory - GoLd_M has discovered a vulnerability in the PictPress plugin for WordPress, which can be exploited by malicious people to disclose sensitive information.
9c1f36957b55cfa70e1093f7a8758adeb4c428a0ff9c0dad91d0eb1ec2447cc4Secunia Security Advisory - Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system.
61e092efab35f844657e3d071b792ce7892b21531e7f701eb13deccc1cfbba98
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed