Mandriva Linux Security Advisory 2009-066 - PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within.htaccess, which causes this setting to be applied to other virtual hosts on the same server. The updated packages have been patched to correct these issues.
ca933f1a927d0df3b27c6a1b7eeda71f826379ed09c2498ed13db80970312993Mandriva Linux Security Advisory 2009-065 - A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files using a special URL request. Improved mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c. PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within.htaccess, which causes this setting to be applied to other virtual hosts on the same server. The updated packages have been patched to correct these issues.
81600b7210442d8910e0548f3b3b74df0d0b40a044f36901a7a75ad77feb28fcZero Day Initiative Advisory 09-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the browsers garbage collection process. When multiple DOM elements are cloned and linked to one another and the browser is reloaded, a memory corruption occurs resulting in a double free. This can be leveraged to execute arbitrary code under the context of the current user.
0bb471f99cb66d2fc4546dadd4aae02b2dace0754a8ccc7acff4816edca47a99libc:fts_*() suffers from a denial of service vulnerability. This affects multiple vendors.
f1f7b02d628966dda851d771301cd67c0c164e16441e34b7ea9c6101aecb9818CelerBB version 0.0.2 suffers from information disclosure, remote SQL injection, and authentication bypass vulnerabilities.
0c342572d915e21b74cfb7c2197aa40577eb1cccf57a7196c439f8d999413940Amoot Web Directory suffers from a remote SQL injection vulnerability that allows for authentication bypass.
f0c557dca5195c66b5b216ea2029e3057a78cd2578305378a0b02d8e522b2c93Whitepaper called TippingPoint IPS Signature Evasion through Packet Fragmentation.
fb443bf9924fe8e7be65e5ed6fa20814c640898d19822ad5151f928081513346Whitepaper called Compilation and interpretation of exploit in Perl, PHP, Python, C, and C++. Written in Spanish.
9ed32ef51af5089ba0487b867388896bad2a6f52c94dad8b84338fc35e87a10bWhitepaper called Security in the Computer Science Systems, or Seguridad en los sistemas informaticos. Written in Spanish.
62c4ffb7dc3222cb78d7a9f4619266a925e0b5dd226d6d1a0e2fd69aadcd8d2aInternet Explorer 8 beta RC1 has a flaw that allows for domain name spoofing.
18a9e3ecbc14c0c76b54cf49a03ddc3677e5d291ef28940276dc506adef42519SupportSoft DNA Editor module code execution exploit that leverages dnaedit.dll.
b4f171a5e1092d8dd52b815a5ccb43eebcf3330cbda106d95b211bbf4af57c9bDebian Security Advisory 1734-1 - b.badrignans discovered that OpenSC, a set of smart card utilities, could store private data on a smart card without proper access restrictions.
1b75cb3c932d0a9639d9ae1c209e4d5e96fc0e363b607bced179a41b05e1c063Blind SQL injection exploit for the Joomla iJoomla Archive component.
de4fa36fc87561f1ca3be8cda3da36eb798e3a82dc96ddf4510616b6b0a22d21Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
4bab09503632cca180ca6d63e9b714c2a720ca80e8534d3f1d67ce17a33ffcd7Media Commands local buffer overflow exploit that creates a malicious .m3l file.
7ca25845f3bb0815393b872c0f25e86a1b46d43762d96eabee23fef2aa5393a4Media Commands universal SEH overwrite exploit that creates a malicious .m3u file.
fc07ad8a960e401c4030b83347ee666cbfdc0b93b2c03f893e1521e51d57a158Winamp versions 5.541 and below skin universal buffer overflow exploit. Launches calc.exe.
5205111a1315db28c3d3ab7879b96c792bb6fd5b57802735fb65549a6e5b8435It has been confirmed that djbdns versions 1.05 and below lets AXFRed subdomains overwrite domains. Patch included.
03f48b351a5eebe4464acf5d6ae3dc83aa3868d7065e42129d362f28db0c61cfSecunia Security Advisory - Fedora has issued an update for psi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
f0412dd6d6eeaa7cad9afb2ea9391bf729335549a9dc15e2caff968f1910fcd2Secunia Security Advisory - Some vulnerabilities have been reported in IBM DB2, which can be exploited by malicious users or malicious people to cause a DoS (Denial of Service).
8d704a2bb899c0ebf6be739fbf836b6013eaddfa6f6e74e85e41d7bd826825f1Secunia Security Advisory - A vulnerability has been reported in FileZilla Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
0d560d6d8da694b058e7edeee741885222b569f834b2c2dc1eb8428130111308Secunia Security Advisory - Ubuntu has issued an update for curl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
f3e641a12e90a30d0274e31de9b3dbace97a299b678f414bd2004e87c6b784d2Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by a malicious, local users to cause a DoS (Denial of Service).
1ba8055aadf064cb1ff0bab19ed0c067cadd65e107b0f7592c75bcf4b3568393Secunia Security Advisory - A vulnerability has been discovered in Easy File Sharing Web Server, which can be exploited by malicious people to disclose sensitive information.
c2383445480bc4799f4123e976e00b14b8ca7b80a1133861ed5b1cdc8a5d1e5eSecunia Security Advisory - Red Hat has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
3cac7ed8fa88819a9f53d16bcb1e969803a5ddbc9275f0a2d8b6b259a1b11a9e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed