Ubuntu Security Notice 576-1 - Code execution, cross site scripting, arbitrary upload, and a large amount of other vulnerabilities have been patched in Firefox.
6e23fc127e8464927d11756844b98df4706dfdbbb98e8fae12e67bec66a1da4dA design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission. Affected software versions include Adobe Reader 8.1.1 and below and Adobe Acrobat Professional 8.1.1 and below.
2e19644bffa577bd8701a1948a0501cf5426c7953565f785203c1835fdf9c479iDefense Security Advisory 02.07.08 - Remote exploitation of a memory corruption vulnerability within version 9.1 of IBM Corp.'s DB2 Universal Database Administration Server (DAS) allows attackers to crash the service or potentially execute arbitrary code in the context of the affected service. iDefense has confirmed the existence of this vulnerability in the DAS (db2dassrm) as included with DB2 9.1 with Fix Pack 2 for both Linux and Windows platforms. Previous versions, as well as builds for other platforms, are suspected to be vulnerable.
05cdded353cd4797405eeb5933263493101277c8236530276f0fecda19bf5ec0iDefense Security Advisory 02.07.08 - Local exploitation of a library loading vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to gain root privileges. When the DB2INSTANCE environment variable is set, the libdb2 library will use the corresponding user's directory in place of the DB2 instance directory. This allows an unprivileged local user to control the directory structure on which several set-uid root binaries operate. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with FixPack 2 installed on a Linux system. Other versions, including those for other UNIX systems, are also suspected to be vulnerable.
001fbc3f1ab8c8f9aca0ac41697d2e04d1ad568a1539fce5f3ce4ed6e5d256f5TinTin++ / WinTin++ versions 1.97.9 and below exploit that demonstrates buffer overflow and file creation vulnerabilities.
693115c054b0c412eb8390d8f27d3d159800f45e8199968de3bee6ea46969993TinTin++ / WinTin++ versions 1.97.9 and below suffer from buffer overflow and file creation vulnerabilities.
457ec53a00e25a13c4b27ddaca3b39ba40b22f5d0e054226a7f99c05bc952a27Proof of concept exploit for Ipswitch Instant Messaging versions 2.0.8.1 and below which suffer from format string, NULL pointer, and file creation vulnerabilities.
7174ed248d7cb08d20269162c186c165e5380d243eed1610bb07eb743ac302bdIpswitch Instant Messaging versions 2.0.8.1 and below suffer from format string, NULL pointer, and file creation vulnerabilities.
0293b0690033eb44098fdcf57059877ac0df7b1c86523344cbbcbcd616c8f80dbcoos versions 1.0.11 and below suffer from a SQL injection vulnerability in ratefile.php.
38bdb1c93d65f5d868b72f8a95e3185a35d71b228320eb5188cdca4fd3a3bb51Mandriva Linux Security Advisory - The ReadImage() function in Tk did not check codeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact.
f398b921a0bfa7f65e225844058f729e3d3192a847ac229846308e781bfb5577Mandriva Linux Security Advisory - The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code.
a328f3e6cb1a2eb64d3d33a02451f11d7793fa5034d168ae7fbf4adf8843165dMandriva Linux Security Advisory - A buffer overflow in the giftopnm utility in netpbm prior to version 10.27 could allow attackers to have an unknown impact via a specially crafted GIF file.
aefbd16a2a6b6ba80d1aa2d4b1550c6064e700048028378b5cd0a8adb2454d31Mandriva Linux Security Advisory - Buffer overflow in the LWZReadByte() function in gd_gif_in.c in GD prior to 2.0.34 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. This was originally fixed in PHP's embedded GD with MDKSA-2006:162; patches had not been applied to the system libgd at that time.
75a743379f48b6ad6a3bc634014ed7d730aae593d12cd133a70e5ea462fbefd2Mandriva Linux Security Advisory - A stack-based buffer overflow was discovered in libcdio that allowed context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image file that contains a long joliet file name. In addition, a fix for failed UTF-8 conversions that would cause a segfault on certain ISOs was also fixed.
fe300ce6a848ba735287c86ae67cf808b28b2815e1bcb3b14c563d7ecc112b29Backup Exec System Recovery Manager versions 7.0.1 and below file upload proof of concept exploit.
ee1e884145bd69e458fc0939f1a4ccdf7815e2de211d2ce86ec7cc531ae21e68SapLPD version 6.28 remote buffer overflow exploit for win32 that binds a shell to port 515.
37e3b45b3309b550f9869d20af68f0056d76a34e939c11d46b2d98983436f323Total Video Player version 1.20 M3U file local buffer overflow exploit that can bind a shell or spawn calc.exe.
fd85f017df72ab2ea29022df809d712f6806a9665f23acea21418f9fb1fc2abdThe Joomla component Commonwealth Business Council suffers from a SQL injection vulnerability.
3e3c377fda0dfa70c13354936f7d6200f0bbf845c97745d32f23f46835f909b4Checkpoint SecuRemote/Secure Client NGX R60 for Windows VPN-1 suffers from an insecure credential storage vulnerability.
f1b4f746f7f2046948fb59914e8e10b59a612b89d8f9545c996c0641313f08daMODx CMS versions 0.9.6.1 and 0.9.6.1p1 suffer from cross site scripting and cross site request forgery vulnerabilities.
81bb0829b1520253b4f76af5c77c69518d95da6d64726c5e3ab9489ee88a74a7Secunia Security Advisory - Trend Micro has reported a vulnerability in ACDSee Photo Manager, which can be exploited by malicious people to compromise a user's system.
a627ff8f1b29aeae6f59ef36a0d6160a00ffb61312b5529ec04b5b55968182f7Secunia Security Advisory - rPath has issued an update for icu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
8809555e89d6d9a56a2ff5af8948b913f9f2d5244f69ac49ab084a260ab223c7Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Edge Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
f407abeb28d72c7c15de0352fc763fa4f94f76aeb242643d776f49eeeba0bd7bSecunia Security Advisory - Moubik has discovered a vulnerability in Mihalism Multi Host, which can be exploited by malicious people to conduct SQL injection attacks.
2af5eade220b0b2c2575fa24d2814bdf8be2e77b5d6d55c5a208094a85c754c5Secunia Security Advisory - Some vulnerabilities have been reported in SAPSprint, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
530b9527629a4ac0e3cfe081da81d71c358b292a0674754085a157fb16920f4a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed