Secunia Security Advisory - Red Hat has issued an update for redhat-ds-admin. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.
abf883b08aaa73b70b079d814e257c4b6d73d1a5fa69c8bb7cb49eb78ee62559Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise a vulnerable system.
9440b2f0cd70b5f428e2cdccb1167bc4da1ce41c4992e6ade2db15bc4eb0f04fA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in WebKit. When nesting regular expressions with large repetitions, a heap overflow occurs resulting in a condition allowing the execution of arbitrary code.
d7226cf9fbed0e7b5e82d1dd575f6e61f1ded367886e94e1a5db1549689e7f83CA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.
b63cbfd73b81137d031f97bd4f2406b126e28b710e79acc9de05299b137471b2Carbon Communities Forum versions 2.4 and below suffer from SQL injection and cross site scripting vulnerabilities.
ec8b6da167cb0ac04f04778c691d037a9cd993aa0d5833d3b0c4f5594180c62eBS.Player version 2.27 Build 959 .SRT file buffer overflow exploit.
8cfbd5de445f4718c1656cc8b0690b95807d0e631cd49dd835765144bcb2a3beiDefense Security Advisory 04.15.08 - Local exploitation of a design error vulnerability in Oracle Corp.'s Application Express web application development tool allows attackers to gain elevated privileges. The vulnerability exists in "run_ddl" function within the "wwv_execute_immediate" package. This package is included in the "flows_030000" schema. This function allows attackers to execute SQL commands as any database user, such as SYS. iDefense confirmed the existence of this vulnerability in Oracle Application Express version 3.0.1.00.08, which is installed by default with Oracle Database 11g R1 (version 11.1.0.6.0). Previous versions may also be affected. However, Oracle Database 10g R2 does not install Oracle Application Express by default.
e62655ecf9cf417e237bbdfa2451137b6da01ab4c98426bae246e30ac759b70bCisco Security Advisory - A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
53c82c43309c5cb46dbf366870f9222e679ccdb752a2d6f78eb6b7ae7538b2c9INFIGO IS's security team has identified a critical remote buffer overflow vulnerability in the latest ICQ version (ICQ 6.0).
f15fcb7c39b1de855c85925767b7a551daaddf85fabc42a30d0971f234fc959eOracle 9i Release 1 through 10g Release 2 suffer from a hard coded password vulnerability.
5a626b3f3db0d29867bfeb5c6c55255678262395a263f8d3e5ad0123e3b0aa0aOracle 9i Release 1 through 10g Release 1 suffer from a SQL injection vulnerability in the SDO_GEOM package.
5c6480feed1ae87a9b01f04e8303b0822b3ea652afdbae60cea161366ac61511Oracle 9i Release 1 through 11g Release 1 suffer from a SQL injection vulnerability in the SDO_IDX package.
d6d0053dc2be5c9cf1894ba082e60dc8f4f2aa3f839d4a47bb79a73fc0baee27Oracle 10g Releases 1 and 2 suffer from a SQL injection vulnerability in the SDO_UTIL package.
014f11cb69ac5e56681ff953324c818122c8520818bfd0427b2c1fb0b6b0c4d1afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
673ffbfd010c1c40cf1b2c6602fbc592d45dc9e5540844d1d8b3d4b95dc6cdd8XplodPHP AutoTutorials versions 2.1 and below suffer from a remote SQL injection vulnerability.
de86652c23159fe36ac35481dc7fe41b5c2e8656a4bb6abf46056f585ab7c0cdSecunia Security Advisory - cO2 has discovered a vulnerability in Lasernet CMS, which can be exploited by malicious people to conduct SQL injection attacks.
b50e6d32d5a2c6fe7ce9190caadc812e3576362e6d9197e5b9f15fc2cfda9887Secunia Security Advisory - securfrog has discovered a vulnerability in DivX Player, which can potentially be exploited by malicious people to compromise a user's system.
1fa7ace65af8a308c0e979a3cfa28e88c4921a4f10c857658befe3667e3dfa52Secunia Security Advisory - Two vulnerabilities have been reported in IBM DB2, which can be exploited by malicious, local users to perform certain actions with escalated privileges or gain escalated privileges.
283d95504a46921fe577783b216e067e3d94f2712b9696a599612ff62db2dcffSecunia Security Advisory - Morgan ARMAND has discovered a vulnerability in DotClear, which can be exploited by malicious users to compromise a vulnerable system.
3f4f841cf84b2892713479e5e131bf2d41298cb9c041ec13ccc872d42a2a629fSecunia Security Advisory - Multiple vulnerabilities have been reported for various Oracle products. Some vulnerabilities have unknown impacts while others can be exploited by malicious users to bypass certain security restrictions, conduct SQL injection attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
c37bd3b2bb8d24aba55976dee3446b830d6040298ba5df01872fbab785b526faSecunia Security Advisory - Matteo Memelli has discovered a vulnerability in BigAnt Messenger, which can be exploited by malicious people to compromise a vulnerable system.
156b5ae4bbdc581476c298b3d49daf911a96f6159c4a9830bf5dfdefcd85940dSecunia Security Advisory - Felipe Sateler has discovered a security issue in Cecilia, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
7f305369490779a5f5ee3deae80ed03d6cb69850e779a6c6f9abbb91cd21e9c8VMware Security Advisory - VMware has released updates for pcre, net-snmp, and OpenPegasus.
05d3cc52d406c326ff1eab9dc8daa8b27e7db3e09c7914fad3295665ea9f50daLasernet CMS version 1.5 suffers from a remote SQL injection vulnerability.
fc72773e3a46fb2aa6f60be12009e84b233fcdf36cbcd4f457ebe1ca79cf2957Mandriva Linux Security Advisory - The isdn_ioctl function in isdn_common.c in the Linux kernel prior to 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which trigger a buffer overflow. The do_corefump function in fs/exec.c in the Linux kernel prior to 2.6.24-rc3 did not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which could possibly allow local users to obtain sensitive information. The shmem_getpage function in mm/shmem.c in the Linux kernel versions 2.6.11 through 2.6.23 did not properly clear allocated memory in certain rare circumstances related to tmps, which could possibly allow local users to read sensitive kernel data or cause a crash.
9d45829355f0a104401e0ff0bc6eb1b4fdb73a895ecae86b1fe47a119c6a9e3b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed