Secunia Research has discovered a vulnerability in Garmin Communicator Plug-In, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a synchronisation error in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control (npGarmin.dll). This can be exploited to bypass the domain locking and dialog box presented to the user asking for confirmation that the untrusted site may access private data. Successful exploitation allows full access (such as deleting data, retrieving personal information, or installing firmware updates) to any Garmin GPS products connected to the user's system. Garmin Communicator Plug-In (npGarmin.dll) version 2.6.4.0 is affected.
d2f086ac3f174a9241e5c568f24970ed3a5b1893adb4e0b56c252fa22c46ae09Debian Security Advisory 1795 - Stefan Kaltenbrunner discovered that ldns, a library and set of utilities to facilitate DNS programming, did not correctly implement a buffer boundary check in its RR DNS record parser. This weakness could enable overflow of a heap buffer if a maliciously-crafted record is parsed, potentially allowing the execution of arbitrary code. The scope of compromise will vary with the context in which ldns is used, and could present either a local or remote attack vector.
07bc2c872a94cc909bd0fc99b18912317c0adfa1ce9d83e608314726b9497adaDebian Security Advisory 1794-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation, or information leak.
4dd5ca78b1581eba15c84ff4a8157b0c7fb2f4a484b039cab416d46b6e595b0cSecunia Security Advisory - Debian has issued an update for drupal6. This fixes some vulnerabilities, which can be exploited by malicious people to conduct script insertion attacks or to disclose potentially sensitive information.
e7bf22e01e934f2435c4bba740b980f8527274ab9fdc9b57c9a367578cbb4adfSecunia Security Advisory - Secunia Research has discovered a vulnerability in Garmin Communicator Plug-In, which can be exploited by malicious people to bypass certain security restrictions.
a222892bc7d44bb73f3d691a65c009062e73283d9e270f45cd4562cf6c218008Secunia Security Advisory - Methodman has discovered a vulnerability in VerliHub Control Panel, which can be exploited by malicious people to conduct cross-site scripting attacks.
040b577d9980b96ec92ae300cc3ce9547099c353645a75bec27dd537d7555d5eSecunia Security Advisory - Some vulnerabilities and a weakness have been discovered in freePBX, which can be exploited by malicious people to disclose certain system information, and to conduct cross-site scripting and cross-site request forgery attacks.
a9b5a3dfd1fe231792d31beeaabc629663ebc661ddc0f3e3160adc8197777cedSecunia Security Advisory - A security issue has been discovered in Coccinelle, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
26dac76e07248c1d6130087fa1d76e6a94ca32866dd37acf896f3ca232f20b96Secunia Security Advisory - Debian has issued an update for kdegraphics. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
ffb074554af501aab311e7495c3eaabd712f16b267287bd2c57c10d3f6167ffdSecunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can potentially be exploited by malicious people to compromise a user's system.
60ac39938d3cac504f5966b303deffbaa4b6fdaf456eb37521ba069bfcd1a50bSecunia Security Advisory - Debian has issued an update for ldns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
5f5e803c6129bab79a425e4742de19a5313950805976e2fcbd6bc32abb75a5baSecunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and bypass certain security restrictions.
1e9bf61baf6cafa3c517f3b38706617d185914121f1ff5b838bd5cdd2b23ed27Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
a99567cb19e766174a54af36ba1f623a6b7c9b42c332017c83945dd2c694a438Secunia Security Advisory - Debian has issued an update for linux-2.6. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, expose potentially sensitive information, and gain escalated privileges, and by malicious people to potentially compromise a vulnerable system.
7721db45a10a35552307828eb23b1c11d4908f65cf43f843c11fc4aa6bd04baaSecunia Security Advisory - Red Hat has issued an update for acpid. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
d08867157d582f7cb2560a7001bf4d9d58d4b4d80014463c905a0e263753c234cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.
f10d60c51661fe4bb06dbd97638d45b27392522bad1f294096122cb187193cb7Netragard, L.L.C Advisory - The GoGo Inflight Internet service fails to encrypt wireless connections between users and the access point.
e15a68a398d9fbb9df850bb9e64eb1d67cbb71a7114d0a7fa4d220d64af99af9Mandriva Linux Security Advisory 2009-107 - The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. The updated packages have been patched to prevent this.
d94fd35c4764320bd601a47485976ca2678d1034fb77663aa166536a148e38dcA persistent cross site scripting vulnerability has been discovered in Kayako Support Suite version 3.04.10.
3ccbe914fa63fed3536b149427f819e5382b4beba195b050915cf278eb0c5b30Debian Security Advisory 1793-1 - kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790.
b23d78885ee2f7f2ae0596c7da062bf5b220086cc14e2def2e10e1a0d7721933Debian Security Advisory 1792-1 - Multiple vulnerabilities have been discovered in drupal, a web content management system.
8c1e6616a93cc6679ce5cb34784418dd80f5e7a851235a8651100e1a08b3eae8Debian Security Advisory 1791-1 - It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachments or performing other sub-actions.
3ae5e30c1170b20c9791d19e903cad613381a9ae18a2b48249517bba2d9ca090VerliHub Control Panel version 1.7e suffers from cross site scripting and iframe injection vulnerabilities.
7635916779b1974ce826340348988295154a3a9bfc52105687d3677be7db0d46HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control suite for Linux (ICE-LX) running Nagios. The vulnerabilities could be remotely exploited via cross-site request forgery (CSRF) and remote authentication bypass.
705ec91f5f467524c9fce9e62505f8c8bf65546431a3dd799716c3c4b2975f50
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed