Secunia Security Advisory - Debian has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
1c131ad38d132426b7dec64072939adee23527ec7c58cc54d03099dc2f508e5fSecunia Security Advisory - Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
c2857782fa6eb28b2ac11d41f5b7558b08e2a62c1e3d4dab81a6df71a250803bSecunia Security Advisory - Ubuntu has issued an update for mysql-dfsg-5.0. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and malicious users to cause a DoS (Denial of Service).
478084bdd98765787b40c07ebdda0c8f548e9aa699ff37235c44a8cef37ba642Secunia Security Advisory - A security issue has been reported in Flash Media Server, which can be exploited by malicious people to capture content.
b3d4aa9989dab17f6a687f5ac492ff72c88573fdf5eb682b45f0165baee64f07Secunia Security Advisory - md.r00t has reported a vulnerability in KimsON, which can be exploited by malicious people to conduct cross-site scripting attacks.
3a106ae621377ebcb3473165ff70abd67af2203e85bcbd844f22d21f55757e8cThe Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
fc9366a2ab01924e91575352889970e57a551e087c78b5d1dd4287aaf2136a04Secunia Security Advisory - Ubuntu has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
d00f99a609857df78d1775517041c3ba9017101d3887ed96ba3b0d810638c982Secunia Security Advisory - A vulnerability has been reported in Citrix XenServer, which can be exploited by malicious, local users to bypass certain security restrictions.
7d6f3ec629320f55d7251f087e9a8ebf5287d3737e8622298bf62f13919d6b9eSecunia Security Advisory - xenomuta has reported a vulnerability in No-IP Linux Dynamic Update Client (DUC), which potentially can be exploited by malicious people to compromise a vulnerable system.
c27092f9309e143993f415cc2cc9c33b7443ac380fe131fccfaba42511a80cc6Secunia Security Advisory - Ubuntu has issued an update for firefox, firefox-3.0, and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
8aa942dac99ab242a20e125724da0024b3e0571bf56b202fcd6770b3f166b5e9Secunia Security Advisory - x0r has reported a vulnerability in E-topbiz Link Back Checker, which can be exploited by malicious people to bypass certain security restrictions.
9f4d30d4f77ef2642fcc96119d6ee3f93644c0abdd424c47ed351af381f8585eSecunia Security Advisory - Ghost Hacker has discovered a vulnerability in Free Directory Script, which can be exploited by malicious people to compromise a vulnerable system.
f3936819392887ed7ae69a8c98ad8dd217ebdc71ba73f4bddb0452a6e1ca0cbaMandriva Linux Security Advisory 2008-231 - Drew Yaro of the Apple Product Security Team found two flaws in libxml2. The first is a denial of service flaw in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it cause the application to enter an infinite loop. The second is an integer overflow that caused a heap-based buffer overflow in libxml2's XML parser. If an application linked against libxml2 were to process certain malformed XML content, it could cause the application to crash or possibly execute arbitrary code. The updated packages have been patched to correct these issues.
7413d96099e6e8bf2e438e2347de0fdef4b3853b5f304fdd946d81861cdc2526Ubuntu Security Notice USN-673-1 - Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service. Drew Yao discovered that libxml2 did not correctly handle large memory allocations. If a user or automated system were tricked into processing a very large XML document, a remote attacker could cause applications linked against libxml2 to crash, leading to a denial of service.
14aa962cd967df79c253c644c2c8828edaaf504811b1f094c29778d229459c52Pluck CMS version 4.5.3 suffers from a local file inclusion vulnerability in data/inc/lib/pcltar.lib.php.
a76b191f10fc38657780868a71a131bd66e626a9dafafb166d91e8d33d8c87f7strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
bc808f0e652c4eafe9851d3deee8b79d92f612129fd5e9d9d7d258b91d3e3a28Ho' Detector is shellcode that detects sniffing on all interfaces in Linux by parsing /proc/net/packet.
42c881bd2e0d0ad6f16b4cdc86b99656d1572c15c7ee38cf830dbce602f77508Free Directory Script version 1.1.1 suffers from a remote file inclusion vulnerability.vulnerability.
9de9e95253a54d5d8195e150c62dced03c5e92be004745665c337fdab2b13553Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability.
d0194747a05587197d8e8c47a948cf9b3eee714682e19c5c1a8a0ea718f09d2eCUPS version 1.3.7 cross site request forgery remote crash exploit that makes use of the add rss subscription functionality.
6e4f00554a897ed6be22f88ed7198949f40913f4b34db7670960d0d1d9a7cf8fHP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
abfe5378aa1c420b5a843819d5ee86801f09ce9f74415f92a8ad6c7fa7640eb6E-topbiz Link Back Checker 1 suffers from an insecure cookie handling vulnerability that allows for administrative take-over.
6326e1a5778e098db15fb3f2ef47e30000bccc5158b3b5de51056ccf69ec17c4A design flaw in the SSH specification allows an attacker with control over the network to recover up to 32 bits of plaintext from an SSH-protected connection in the standard configuration. The vulnerability has been verified against OpenSSH 4.7p1; other versions may also be susceptible.
8d48ca8b60553c221cb1492df2fd5bc59181cf198fa4fff19a8f69a7c0f813aeMusicbox versions 2.3.8 and below suffer from a remote SQL injection vulnerability. This was discovered in the last version and the vendor still has not fixed it.
76fb9672485dc23ce06389e1199a6f3b07d74f64a42e9bc9e9ecfe73d9417079No-IP DUC versions 2.1.7 and below remote code execution exploit with reverse shell functionality.
45aef2f944054e07955c8413368b1c84c98946f115baffb32a912c5e292375fa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed