Ubuntu Security Notice USN-808-1 - Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service.
321adf8642de15d5ade0593a9fc17f483a670db20ed3b6b6722571deb78f5934Debian Security Advisory 1846-1 - Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call.
b94adbef572be3d44e0873584f7f7586c9c04d22eb8bc147d2906e2ff0190454The FAQ Manager module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
c67161a57e4dcd8e1bffe24875c6cf44dc5bee095970b1f2b0875173e00c42a1The EventsCalendar module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
03aadd779aea7a2473ae5acbe7b07a1a9884e3b929c1fc7390a5f23588f26783The Directory module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
1498cb20cfdd442dbacf4b1a947895cc66e9eb78a1f615964669357602c5a9b0The Classified Ads module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
69f524bea0e7c10cda41eca871dc1ea269a6ec25fdc943557af1da828a038e25The Blog Writer module for Miniweb version 2.0 suffers from cross site scripting vulnerabilities.
1f1038b0b7a594e38e44422291cde8268e15f0fe642cda5bcd9863b3d4dc5fbdDebian Security Advisory 1845-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation.
ddce2a1f54158deb8c3002cf6fd5f7f63349871281f4dfeaa4907542189e2839Debian Security Advisory 1844-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
3e4337776a6b1affbc02de5ed8349b5fee27fdcee9cda24ab22b8932ebc72584LinksCaffePRO suffers from remote SQL injection and cross site scripting vulnerabilities.
daccd0dddd65bc8092b6d7e7a4e56f8b1669ca3a11261143c59fb7d08a767f2cClassifiedsCaffePRO suffers from a cross site scripting vulnerability.
53a80c1bf9de1dd84b0dc1541f5334a6aaac39606e4e4647fa24d36bc741fe90FreeBSD Security Advisory - When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.
63f6e9c33b817f0e2995a59692b493e8ec93d0332cc4781442f1c4b5e3d35798Ubuntu Security Notice USN-807-1 - Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially traffic traffic that would crash the system or potentially grant elevated privileges. Julien Tinnes and Tavis Ormandy discovered that when executing setuid processes the kernel did not clear certain personality flags. A local attacker could exploit this to map the NULL memory page, causing other vulnerabilities to become exploitable. Ubuntu 6.06 was not affected. Matt T. Yourst discovered that KVM did not correctly validate the page table root. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. Ramon de Carvalho Valle discovered that eCryptfs did not correctly validate certain buffer sizes. A local attacker could create specially crafted eCryptfs files to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected.
76e56d56aac365a9fbbf33f82d67fb4d45dbf243bfe856e1d294cc57021817a8Secunia Security Advisory - A vulnerability has been discovered in the UIajaxIM component for Joomla, which can be exploited by malicious users to conduct script insertion attacks.
d5ce9ebc360eefe888e4221ca46afea031caacc3de6689e287131ff280ac9ef7Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
351fdfe6331db0306b4d160e5fdddbfc029d764b04d92ee6a6b4244c98445dc7Secunia Security Advisory - tixxDZ has reported a vulnerability in MPlayer, which can be exploited by malicious people to potentially compromise a user's system.
79c5903edd8c62db16325465ff24170307457e643353197873c1421bed582a7bSecunia Security Advisory - tixxDZ has reported a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.
a8798fb2f32923777e566ba6cce14429a08bb80f13fcc9c639c8b43270370a84Secunia Security Advisory - Some vulnerabilities have been reported in Cisco Wireless LAN Controllers, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
7058212fa120fb3b92218b90406e394f7d1610848852fa1e5b0e0f471645f35eSecunia Security Advisory - Platen has discovered a vulnerability in Basilic, which can be exploited by malicious people to conduct cross-site scripting attacks.
c99fd66142a059312721a0bb562b61c10894f22fd95408dfe4fc1f0abdd50fc1Secunia Security Advisory - Kingcope has discovered a security issue in NcFTPd Server, which can be exploited by malicious users to bypass certain security restrictions.
91a3ebb561ddf6b31a603fd64dbfd01b805f38169cf746bc89d067eafc38af7eTechnical Cyber Security Alert TA09-209A - Microsoft has released out-of-band updates to address critical vulnerabilities in Microsoft Internet Explorer running on most supported versions of Windows. The updates also help mitigate attacks against ActiveX controls developed with vulnerable versions of the Microsoft Active Template Library (ATL).
ff15492f51e1c3ec3ea228997a0e2940c2a7dddf7f3bf187c4c40e15f9d53421Mandriva Linux Security Advisory 2009-172 - ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding. This update provides fixes for this vulnerability.
48e39060a642bf4ad5cb8769383ababf8543344a7f64bf54d487c6acbfd21677Mandriva Linux Security Advisory 2009-171 - Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that pulseaudio, when installed setuid root, does not drop privileges before re-executing itself to achieve immediate bindings. This can be exploited by a user who has write access to any directory on the file system containing /usr/bin to gain local root access. The user needs to exploit a race condition related to creating a hard link. This update provides fixes for this vulnerability.
849044bfba62baf25c7bf418a0814ff3799bad71d9160681d6e575fa4b939f3eMandriva Linux Security Advisory 2009-170 - Mandriva Security team has identified and fixed a vulnerability in initscripts which could lead to partial wireless password disclosure for WPA/WPA2 passwords of certain length which contained spaces. This update fixes the vulnerability.
1565d56f2db7d5eaae05cc381285e663c59788e86fc1ce87181939fa3cb5d464Tukanas EasyClassifieds version 1.0 suffers from a remote blind SQL injection vulnerability.
2980569ebddbaade4f399d70cfc2aa316e309a8642bfdb432ba5bc94974e7b49
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed