Debian Security Advisory 1558-1 - It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.
54cd69b61e3be148c0982afc1ffa91bcd8480dcbf5b5e98263078fe15b23f17aGNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
f89eab83455e2b396fc7450f39661af10d39cf4db79c3be9fec0c57d83687f73HP Security Bulletin - A potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code.
d2c68d01d7d92218a04bd8dd7296a771503451b1a1c38220ecb64fbb76f638f7Debian Security Advisory 1534-2 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. Second advisory released as a regression in mailnews handling has been fixed.
0fb2b2835fb14979cbfd88d025ebea806c302f1580c57ee600cbdbb0f2011131Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.
b57bb9f9b51c75c5e6ff94c19c7379b4494471845ff2dd9879887fcc61ccf135Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
1799df7be8f51f594bdabae4c05cd39abaec64f61706fc8f035aaafe951cdbb4logtamper is a modified version of wtmpclean that also modifies UTMP and lastlog related entries.
5dbf4006c99bb31134bc547b72082e90998cd71495487da8ef3897aefd71d69fBlind MySQL Injection - Techniques for injection without any information regarding MySQL. Written in Spanish.
8d89853d9dcac5bc068947c4c9f8c470ec5a392d5d24061e64d5913b14a15aafLotus Symphony Expeditor suffers from an arbitrary code execution vulnerability via the handling of URIs with rcplauncher.
8cf216c4e59a70e55502fe7fec3941d9c033cef86142adc1d1d5de3cff318816Lateral SQL Injection: A New Class of Vulnerability in Oracle.
0db673b33010a9aa5626bc5198e1ef07be87e36a1d9a04d25e9c098c2c211bbeGentoo Linux Security Advisory GLSA 200804-28 - Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.14 are affected.
2f2fde87331690075ed924224ebebe60af79ae25ffe3b980ec59bd262f2e8538Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.
c557c30f29c0f4d1061cf1d2c155c8d080bd5855a83bc9d1cbe8d1d1f91c09daBadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.
f2c9ac8b86a9e0d33d4b53388eda5237c00d9cc5ea5ae06886e22a0cf1505756T2'08 Call For Papers - Announcing the annual T2'08 conference, which will take place in Helsinki, Finland, from October 16 to 17, 2008. They are looking for original technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English.
0e6b1a7b55856088a3234d7b563519e9a6c49eca693a26a51abc5a6911f08a56The Joomla Jpad component version 1.0 suffers from a SQL injection vulnerability.
b72317489536afc47cd10404a792d0fa9c885d3a63245b45330c76c26cf8b92fDivX Player versions 6.7 and below .SRT subtitle parsing exploit. Spawns calc.exe.
5fd3b0737df96bea702a551de019800d022f49bf0b4c1a37e70f5693b5ad009eWintercore Advisory - Realtek HD Audio Codec Drivers are prone to a local privilege escalation due to insufficient validation of user-mode buffers. RTKVHDA.sys versions below 6.0.1.5605 and RTKVHDA64.sys signed versions below 6.0.1.5605 are affected.
a6fc2d5582e8a71c4fed62361743ae6f26030ad35992614a9525a578ae75632cRSA Authentication Agent is vulnerable to a vanilla cross site scripting flaw on the login page. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services.
5a5d9dea5b1f25761e00eb31cbd27c0bbc1985757d23d7db73ef2b3ac1f40262A HTML injection vulnerability exists in the WebLogic administration console. Version 10.0 is susceptible. remote URI redirection vulnerability affects the RSA Authentication Agent. This issue is due to a failure of the application to properly sanitize URI-supplied data assigned to the 'url' parameter. Tested on RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services in conjunction with Mozilla Firefox 2.0.0.11.
68fa1ad35fc6aa8f665119119b0250479e6e7a337c5f298e8a27980b5aa6d42aThe Joomla Profiler component is susceptible to a blind SQL injection vulnerability.
13d2bc848e882cd514adbbacb85a61bd31db139a20b27fe8177fddb0cc5e6c3dYouTube Clone Script remote code execution exploit that makes use of spages.php.
aa1da564d6c430a3eb32b2b5363013467abab6ada4b8f3eecb09154851b8fcbf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed