Opera version 9.64 (7400 nested elements) XML parsing remote crash exploit.
5cb5b9f155d8943d137b3ca3dc40cdf8fd7267a79da07db420881ea0bb0d5b96Ubuntu Security Notice USN-750-1 - It was discovered that OpenSSL did not properly validate the length of an encoded BMPString or UniversalString when printing ASN.1 strings. If a user or automated system were tricked into processing a crafted certificate, an attacker could cause a denial of service via application crash in applications linked against OpenSSL.
cee5df51081c632f712fb3d0b9d722d7991012f9cf4b08bb96a43b49ea8b8a2eZabbix version 1.6.2 suffers from multiple cross site request forgery vulnerabilities.
8ee865f64b5fc17f842d58dc0c0d58f823ba5646c8e910c5bf3f2f0715f41ee8Zero Day Initiative Advisory 09-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the XUL tree method _moveToEdgeShift(). In some cases this call will trigger garbage collection routines on in use objects which will result in a future call to a dangling pointer. This can be leveraged to execute arbitrary code under the context of the current user.
3724f5c1eebf4bf4363f9863b128d77eea5832e13ed30fc3630b4dc48d27f13bGentoo Linux Security Advisory GLSA 200903-41 - A vulnerability in gedit might allow local attackers to execute arbitrary code. James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983. Versions less than 2.24.3 are affected.
9e87adba1dba5c46b4ee23d357aa895b4dfb255dbdd9f0d78999caa2a952acddDebian Security Advisory 1758-1 - Leigh James that discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server.
3482db6bd388e318f9f09628d19de5e80409cc0a347911f98bdff01d0d965cafCommunity CMS version 0.5 suffers from multiple SQL injection vulnerabilities.
73fbe3292e9e458e7884a31a8156020bcbd6ced7946fc0f38efc248f58d2a2c4The DeepSec organisation is happy to announce the Call for Papers for the next conference in November 2009. The conference will take place at the Imperial Riding School Renaissance Hotel in Vienna, Austria.
ed5292cd4338fd3cf6defc69e1390e5db40bce6dfaaad49a43f39ea57052aa47Ubuntu Security Notice USN-749-1 - It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program.
044d8cd4689b433bcb2bda5fe39b7eea86415e2189918f2d823ccd627677a476During an audit of the MapServer version 5.2.1 source code, five vulnerabilities were identified. They include stack and heap overflows, a relative path writing weakness, a file content leakage, as well as a file existence leakage.
ea08f38ca944f2d2526dcf0c76fe5347f4cdd2310e493157f2d5b7394f380a75
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed