Secunia Security Advisory - Fedora has issued an update for asterisk. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), hijack a user session, and potentially compromise a vulnerable system.
7c61c468b1676041341c58d407f12dc563ce272ebaedc1d905b247eae3d9863fGentoo Linux Security Advisory GLSA 200803-32 - Multiple unspecified errors exist in the SCTP, SNMP, and TFTP dissectors. Versions less than 0.99.8 are affected.
54f405174c260f792a67d4b63d2a0e2d737985c695b15d5c1cc02cae614195f7Gentoo Linux Security Advisory GLSA 200803-31 - Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply. Versions less than 1.6.3-r1 are affected.
687a1a18cfdf1045b45102f44dfce14c62dc95331cc6d0cad7c2e5ba130147aeUbuntu Security Notice 591-1 - Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program. Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion.
43ef2719613b8d5bf9eea3846c82191bc3d3dec5515dd68f8bb516d313dad394Ubuntu Security Notice 590-1 - It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service.
3bcb684072b1f6e181a624582120d6c96ba95391149af0abca403c6de9a7ad51PowerPHPBoard version 1.00b suffers from multiple local file inclusion vulnerabilities.
94fa9c3a5529e03e73503a17f5d87e7783dda85b1c98827da09482802a3e2cc0PowerClan version 1.14a suffers from remote and local file inclusion vulnerabilities.
43ffd14f8566404fb9eb7d7740f2ec864af09d81665a8a7ade327f731b7b3126PowerBook version 1.21 suffers from a local file inclusion vulnerability.
89cfbf8afc1e94b92ae4faa6fd527cf19b6cd7ffd7c9dfddef029f3a1369ec55HIS-webshop suffers from a directory traversal vulnerability.
18089bcbb85dcbdcf98afbd67df51a19989a0a88193f6b6cbe9331fafc4d2b18The phpBB XS-Mod module version 2.3.1 suffers from a local file inclusion vulnerability.
65841f99aa12b72e0fd9d2ed61b19acd97553acc62ac55d4804ad5e413be6f6cdestar version 0.2.2-5 arbitrary add new user proof of concept exploit.
ef45f7aba13469141b69060592098b5b2b3817feafcd7a06541277d2a225d290Debian Security Advisory 1528-1 - Peter Huwe and Hanno Boeck discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed for cross site scripting.
8b7a5884ad63c22596a7bb066cab316ce9b42d0c0b7f165a02256cd5357ff4aaDebian Security Advisory 1527-1 - Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
51baf9a596ae64fd0a619f797a3fea9891741588731893ce0b5a7606be68ac92ircu versions 2.10.12.12 and below and snircd versions 1.3.4 and below suffer from a denial of service vulnerability.
16fca1d1e692453a7d39cd0f20a4a94b85964a7078ebde7c81b411de8adf40c3Alkacon OpenCMS version 7.0.3 suffers from a cross site scripting vulnerability in users_list.jsp.
faf9e36c00c01378622d782f6e9b1985115bf8bf62bf97760e99508deaeb3559Perl Underground Issue 5 - Various articles regarding the release of Perl 5.10 and more.
167b08b3e7ba24a7fc601fc28f9cf823ed06db857bb5f83f6167a061ae38e283The Joomla Cinema component version 1.0 suffers from a remote SQL injection vulnerability.
cc7893a29e9461f722b1f6c09b9ca899cf785ee288e40444362adad5d0563bf7The Joomla d3000 component version 1.0.0 suffers from a remote SQL injection vulnerability.
f390985377baab572acba9ed16a56c7aa20c61a6f0b13c8e0b403e8d1e85faa1The Joomla rekry component version 1.0.0 suffers from a SQL injection vulnerability.
376d19fb92df859e1c0d0f8b19606cf582d0c0c92fbf7eaa4e2c1ac64ea7057aThe Hamachi VPN client version 1.0.2.5 stores the password in clear text in memory.
833ef2415c5686706ca5e52992923ff84b6e7ec39d43d822b97097dcbb9a584bMandriva Linux Security Advisory - Bzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data.
8677ec902890bd6cfe3852477f8ef6cb35604428aa6359fd9ecefeb86ec75eb0Cuteflow Bin version 1.5.0 suffers from a local file inclusion vulnerability in login.php.
48ee8aef2c9a161cee3ee03102d3d8a8b0e6db0da68dfb7cdd759b92a530f492The F5 BIG-IP web management interface suffers from a persistent cross site scripting vulnerability in the audit log facility. Version 9.4.3 has been identified as vulnerable and other versions may also be affected.
28caa41e97f268000dc02e8c3bcf6a6b32bf692497b55892852b622a403cf32aEfesTech E-Kontr suffers from a remote SQL injection vulnerability.
a2d74baa9a195979b09cefe3a3131f24e3d497c99dcba2dcf52276667ec3a5a3The Goolag Scanner is a tool that has been released by the Cult of the Dead Cow to automate Google hacking using 1,500 predefined search queries.
b0e95f32dd1a7d1debe5e540a6fc6f3cf116c92fdddd1737461b586fd3b66187
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed