Debian Security Advisory DSA 1727-1 - Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon.
47abce559e797db348b4d30522fc51cbae738bb95901abb7c97f0871b5df8ee3Golabi CMS suffers from a remote file inclusion vulnerability.
4a8cf76b26d3c596d2e6a349ff1c9c509a40e4132df27d520db5f2b9b43dc755Sopcast SopCore Control Active-X SetExternalPlayer() code execution proof of concept exploit that leverages sopocx.ocx version 3.0.3.501.
5fa2489d39dd257067a34cb4a4c40c6ecee84847500eac51b5077ce71cb1fbe3The Cisco Unified MeetingPlace Web Conferencing system is vulnerable to a stored cross site scripting vulnerability.
df9ddfe51280f84ea7084cd93067cf5dc3c71d635cb29a58a61b63a95d344716Apache Tomcat versions 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 suffer from an information disclosure vulnerability.
768d53d9e66098ca1617ffada6c18d5bb474b2b3a0457418984e05a53b42a23eSecunia Security Advisory - Fujitsu has acknowledged a vulnerability in some Interstage products, which can be exploited by malicious people to potentially disclose sensitive information.
673f1b578979624fec138d7027cfe9584aeded0d3f8c250493093221ad766577Secunia Security Advisory - Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks or disclose sensitive information.
9a408181fe00340fc5bf55be918180a0bd1f801d82d6a2d200d836708b7d204dSecunia Security Advisory - A vulnerability has been reported in Drupal, which can be exploited by malicious people to disclose potentially sensitive information.
9474866b50fc23c69af5c8059e6888a762ed7982f4e013b14f4d057cd64b406eSecunia Security Advisory - Digital Security Research Group has discovered a vulnerability in JOnAS, which can be exploited by malicious people to conduct cross-site scripting attacks.
97abd4b40dfc48f0f19402a95f1b50400de00c95ebe56707a74ca0db9d8885d2Secunia Security Advisory - Some vulnerabilities have been reported in BarnOwl, which can be exploited by malicious people to potentially compromise a vulnerable system.
ec4b872dda3948d0573e750da2b7fad87591bd06fe1c380d91faf1fa05ebdc9dSecunia Security Advisory - Val
922314b2561f998b25f6483c414a61ca75ac118fc0d05e14732903af7b0b32faSecunia Security Advisory - Ubuntu has issued an update for Squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4a5883717bd2064274ee18eb2ddf4779e456c2e20ba3bed42eec620c405f0a5aMandriva Linux Security Advisory 2009-056 - The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to source/destination IP address confusion. The updated packages have been patched to prevent this.
cc74b832c434166e9630357395f6fe99e4f51343ac13cba9aed815b7345b4402Mandriva Linux Security Advisory 2009-048-2 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Epiphany working directory. This update provides fix for that vulnerability. The previous update package was not built against the correct (latest) libxulrunner-1.9.0.6 library (fixes #48163)
b032696b04660af22c37e518a131132cba8eb6c58825fe4808fe2fa0e0faa622SkyPortal WebLinks version 0.12 suffers from a contents change vulnerability.
7aafa1da61786fb87d31bac8d19d6a7dd5136f8a146ddb6992543af25db888e7SkyPortal Picture Manager version 0.11 suffers from a contents change vulnerability.
daa3082a33f397255d1a05615bc0033abd58f185c852100f563b9153e9e2bff2SkyPortal Classifieds System version 0.12 suffers from a contents change vulnerability.
b25fdfd2ccbd25222985fc7fc6f708edb1fb59202cbb317a9067228e0e579af0Secunia Research has discovered some buffer overflows ksquirrel-libs, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "mt_codec::getHdrHead()" function in kernel/kls_hdr/fmt_codec_hdr.cpp, which can be exploited to cause stack-based buffer overflows by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Version 0.8.0 is affected.
eb1d8112400b196dea2591dccfd81df121f28ffaee5ad333a604b160533fee4eSecunia Research has discovered a vulnerability in SHOUTcast DNAS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when receiving data from a relay master server. This can be exploited to overflow a static buffer by tricking a SHOUTcast admin into setting up a server to act as relay for a malicious server. Successful exploitation allows to e.g. overwrite the password of the web administration interface. Version 1.9.8 is affected.
2d7b85e2f2f5d2dc651c63804b70e4fb20f7e54604685f128142095eef9b9acdCisco Security Advisory - Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.
0f16dc8eb3c4018632232f216a4fff3a707aaf6894267ca2b15a1c4bb1f339cdCisco Security Advisory - The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can could result in administrative access, privilege escalation, and denial of service conditions.
21613419103799fc852a5f672fc0e98ebc60990ec3ec131cb87cc6938cc64d76Cisco Security Advisory - Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an unauthenticated user to gain administrative access to the MeetingPlace application. Cisco has released free software updates that address this vulnerability.
2f4ac0a59461989a540256dd74f76a1c81666efbe5df31943db981eda2c53f55Debian Security Advisory 1726-1 - Mike Wiacek discovered that a buffer overflow in the ARC2 implementation of Python Crypto, a collection of cryptographic algorithms and protocols for Python allows denial of service and potentially the execution of arbitrary code.
ba165e0a0e50093403abd4d48c8645ca1d66ff27f61ea2a6a3e92f78fb2caa4dApple Safari 4 Beta suffers from a NULL pointer dereference denial of service vulnerability in relation to the feeds handler.
2a2602ebbdda5234530d8b159eb8732d4ae55700178e1a03437137bc29fb4961Mandriva Linux Security Advisory 2009-055 - Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a.gro file containing a long string. The updated packages have been patched to prevent this.
ae1f1654d4936b7ec0e959946a7bb87bac1fc867b7d2764838172b46977fcb54
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed