Mandriva Linux Security Advisory - Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories via a symlink attack.
c220f0efbae4e4a9ed716672386d7e32b546d8ea170ba357241752871f803b86Secunia Security Advisory - Sun has acknowledged a vulnerability in libexif included with Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system.
5948b719b10e9659e16b9e4fd51e0bd9a2644e9313d71493cc3032832d07c4c0Secunia Security Advisory - Gentoo has acknowledged a security issue in multiple ebuilds, which can lead to the disclosure of sensitive information.
d9af2540bbd73403f5ec9aa466a82421974879f3a399453c16f231767dc09102Secunia Security Advisory - rPath has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
2b7dad8f6550e4eef52185bfff2319bf971153501c1ae24eaba4ccfd19c7d8adSecunia Security Advisory - S@BUN has discovered a vulnerability in the Alberghi component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
b3faed5f80832ce2bf3ad6e383a3fd3c6492ee5766d0ce9f7f9fc0f636bc1b7eProof of concept exploit for xine-lib versions 1.1.11 and below which suffer from six heap overflow vulnerabilities.
c40238e829405db13c7ee310252992fbca51f179dfbe5f4c4b75ec35d593d269xine-lib versions 1.1.11 and below suffer from six heap overflow vulnerabilities.
6d60ac8b4dbe43a588f27309219f24260c8609a2d1b447ad77894e3effaa729bUbuntu Security Notice 589-1 - Tavis Ormandy discovered that unzip did not correctly clean up pointers. If a user or automated service was tricked into processing a specially crafted ZIP archive, a remote attacker could execute arbitrary code with user privileges.
8cc553b6a816c24515cc31acc6cf6171af40bb0e0c2cd4f80121484f410e4e20Debian Security Advisory 1526-1 - Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities have been discovered in xwine, a graphical user interface for the WINE emulator.
fe0ba1c0dcd6222991075c0ec3af51535dfb302cc68ece7524f18b9ac75859cbSecunia Security Advisory - sasquatch has reported some vulnerabilities in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks.
ff74939b586c08ac0467cf8186b1947dc6560691d913bb85a861a9015c1a3634Mandriva Linux Security Advisory - A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response.
2b41229fdd453f1b261dec7ce9c44685e480552457d143f449fd7c6af4a6b31fMandriva Linux Security Advisory - The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset.
a2161f24ca855dc6afcc20b198f4d133bef857767c99052fe5216cedd9f81e9dWebshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. Linux and source tarballs included. Also, a Windows installer executable and a manual are included.
51638e982413115a29be81cbffed0f22ae3d52007b08eee92b6ef462fd1d822bUbuntu Security Notice 588-1 - Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer. An authenticated user could cause a denial of service (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table. This issue only affects Ubuntu 6.06 and 6.10. Alexander Nozdrin discovered that MySQL did not restore database access privileges when returning from SQL SECURITY INVOKER stored routines. An authenticated user could exploit this to gain privileges. This issue does not affect Ubuntu 7.10. Martin Friebe discovered that MySQL did not properly update the DEFINER value of an altered view. An authenticated user could use CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges. Luigi Auriemma discovered that yaSSL as included in MySQL did not properly validate its input. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 in the default installation.
5a8255800f0f13ab0170873f78aa7381ffe3fa764291a6fe05ed17d87fae4f3fDebian Security Advisory 1525-1 - Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit.
8a005f5ec36bdbd53917c342d96a68635121d0d7e8a082ff1e7174217e1c231cDebian Security Advisory 1506-2 - A regression has been fixed in iceape's frame handling code. Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
bc917c9a074c717bec02c4b74ae7fc0455b931a2e434ad745ae25f609e5fd350Gentoo Linux Security Advisory GLSA 200803-30 - Robin Johnson reported that the docert() function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as src_compile() or src_install(), which will result in the generated SSL keys being included inside binary packages (binpkgs). Versions less than 8.1.16 are affected.
ef9e1371be972f0723c6894ed900fd024b24791d49acd335a4e13e40ae2eb07cOpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
40e99e5f04ed9a89382123d88fafcb2a0222f57e39074dd3255d757502f9c54cCenterIM versions 4.22.3 and below suffer from a remote command execution vulnerability.
30698e2ce140f80078987bdf37bf534d5d40549838646eddc2285d1f56c730e4Sun Solaris versions 10 and below rpc.ypupdated remote root exploit that makes use of an input validation vulnerability. Originally discovered in 1994 but still looms in the SunOS 5.10 source code tree.
c3b971dbcd12a59aecaa3d180afc2b2aa6ffed6ff18c6ba616af43efc1377386The Joomla Datsogallery component version 1.3.1 suffers from a remote SQL injection vulnerability.
736d45396f52015c478eb530328b6ef7024b4dc91391619e46aae1b41b60d66eSecunia Security Advisory - Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system.
fb458a0a915f9119f57898d1c71316f5bdc252de5dfc1ab2f8678db1d4e30cb7Secunia Security Advisory - Some vulnerabilities have been discovered in Gallarific, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and conduct SQL injection attacks.
ac34d0dc786e43cd649120f0ee8598cf22631e790cd82000a99b2a27a67d1b03Secunia Security Advisory - Collin Mulliner has reported a security issue in RaidSonic NAS-4220-B, which can be exploited by malicious people with physical access to the device to disclose potentially sensitive information.
d7db54e2eb49e2aecb563098496048549c40cf25530549116746645c99edb7e0Secunia Security Advisory - Some vulnerabilities have been reported in WinRAR, which can potentially be exploited by malicious people to compromise a vulnerable system.
c3b7f600e5cb31f92a1c831aacdd17fa43b5fd5eeaa6a629abaf9372a09dc467
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed