Gentoo Linux Security Advisory GLSA 200801-12 - Luigi Auriemma reported that xine-lib does not properly check boundaries when processing SDP attributes of RTSP streams, leading to heap-based buffer overflows. Versions less than 1.1.9.1 are affected.
ff977b76bbb0bdb47718d75eee18d9ff51d49e812da39a5fb8750ae7181746f2Gentoo Linux Security Advisory GLSA 200801-11 - CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession._get_file_path() function before using it as part of the file name. Versions less than 3.0.2-r1 are affected.
daf8abfdb93d6cff9bf00703877e00659ab26e1d72bb605e9a1f33ad266604c9Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS / IR, which can be exploited by malicious, local users to cause a DoS (Denial of Service), or to gain escalated privileges.
814fe5e776fea501cd17527392ddf50cdf38ae980f3f160ab578aecd399c49a5Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in multiple Avaya products, which potentially can be exploited by malicious people to compromise an application using the library.
2f88c2ef70815adcbd425fda28bfb516e805e61174f45bfc5d2fd3c7285d613cSecunia Security Advisory - NBBN has discovered a vulnerability in phpBB, which can be exploited by malicious people to conduct cross-site request forgery attacks.
52ca3ede30ff4eacb2d81dc0ef36d07ce8561603310b2d371eb69be078fc37f4Secunia Security Advisory - NBBN has reported a vulnerability in Woltlab Burning Board, which can be exploited by malicious people to conduct cross-site request forgery attacks.
88ff84df5bf46ed9b90aa038c50e2b156a0f6da1e9fe92f4c4613d0421ba2c4cSecunia Security Advisory - rgod has discovered a weakness in ImageShack Toolbar, which can be exploited by malicious people to potentially disclose sensitive information.
8258821cebe97a7daa2d917bdca475f94cc18e0d81af467be6e20b46c89eb5dcMandriva Linux Security Advisory - A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration.
381c4f1e95696b6696489b294e2642f56831ceb6a838555eea63d08b0115a1d8Mandriva Linux Security Advisory - Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.
a999038e1e8e36b24fcc7d2f55e5e1d342de60b514b62e574149b8f7caa40f7aA simple utility to thoroughly validate DOM, XMLHttpRequest, and cookie security restriction handling in modern web browsers. Notable features include exhaustive hierarchy crawling, cross-domain IPC system for blind write verification, page transition checks, and more.
3193283a884cf29dab7eb6c658285fc4ab255c371456911b95b7541483b34432Secunia Security Advisory - 0in has discovered a vulnerability in Tiger Php News System, which can be exploited by malicious people to conduct SQL injection attacks.
f3ed167548ca31167c693efe2e1f27ebf5110006f64190da939fdc8c07965044Secunia Security Advisory - Elazar Broad has discovered a vulnerability in Move Networks Upgrade Manager, which can be exploited by malicious people to compromise a user's system.
e1cd36b137d8d122d4ad32a94b13be82f7b096f56c00f389ed27ad5268746786The PatchLink Update Unix Client suffers from multiple file clobbering vulnerabilities allowing for privilege escalation.
9edd2c3dea0e2f04c171d8980ce2fe3f0ec1fc649d996bba22558f6b5207870cProficy Information Portal version 2.6 passes a user's password base64 encoded on the wire, allowing for it to be easily intercepted and decoded.
193987184fe40b9994e6689d7dd2c17f6e7439290c4cec09274c18a66ec26f1dProficy Information Portal version 2.6 has a flaw that allows an authenticated attacker the ability to upload arbitrary code on the server.
8fe8e4b4c25860812b02f54a0cb017e1b4fc3b6c4390039ca199adb32e1f2f6bCimplicity HMI version 6.1, 6.1 SP5, and 6.1 SP6 all suffer from an exploitable heap overflow vulnerability.
ca32e6e16dfac1360f0eada284bc6fe1d217d79e79aab976e43fe12f5359abb4E-SMART CART suffers from a login bypass vulnerability via SQL injection.
a2eefcd4a6146713a8c3695864e48664246813d6157f9b64ad2b0215f84fce3ePre Dynamic Institution suffers from a login bypass vulnerability via SQL injection.
286d737bb6f1f5516ff11ab8521d045d3b7d9847676734e6ba70720591bf95b3Pre Hotel and Resorts Reservation Portal suffers from a login bypass vulnerability via SQL injection.
5aab0a18de471d306a7c0b3066f3aef90339e8af6d18a78d11eb53314e753fc3Persits XUpload version 3.0 AddFile() remote buffer overflow exploit with calc.exe and port binding shellcode.
1fea1e695df1df31dfd3cf0867850309b9b7714aaf0ccca6d5403f4254ffba7fCandyPress eCommerce Suite version 4.1.1.26 suffers from multiple vulnerabilities including SQL injection and cross site scripting.
6dea4b9ea36e243e8e32cd02a9ba55d515cf86faf74b42b2271eab1726f8e075Sejoong Namo ActiveSquare 6 Namoinstaller.dll install method exploit.
3596a0ae0a59ddc293d9274943f1efe935b1a7c228600d42353393c0f943047cSecunia Security Advisory - rPath has issued an update for bind and bind-utils. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
fd818876fa237a7582e05b64ea25edb01028a7bf611faea87c926d4f2f037234Secunia Security Advisory - Will Drewry has reported some vulnerabilities in International Components for Unicode, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
a4e794a8373546cea2a26097d87a6dbf82ed49a32f3ce07201eb87fa0c2882dfSecunia Security Advisory - Mandriva has issued an update for x11-server. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
d4492bb3a8c57468dfb513f8a3fd6f291fb4662efcd3309ffd6418ae3bdef7ba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed