Secunia Security Advisory - Ubuntu has issued an update for irssi. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions.
9a1be618f94390cbb1100658e21095f5dc665c52d14ddcdaf9cd96c030010db6Secunia Security Advisory - Lincoln has discovered a vulnerability in Archive Searcher, which can be exploited by malicious people to compromise a user's system.
4a64aaf9144f6d36cb196fd54f3567c4f31668ffaabac44ee720088b236a22b5Secunia Security Advisory - A security issue has been reported in IBM Lotus Notes, which can be exploited by malicious, local users to gain escalated privileges.
1cb6bf6b831aa040f4a4f30dbab0aa9fd39cbb08bad73098fb7bfa86b020bf04Mandriva Linux Security Advisory 2010-075 - OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.
23ab26a558f6ee10fc5753b67472cba4b55f9540928eebeb46b588ba97cdd500Debian Linux Security Advisory 2033-1 - It was discovered that in ejabberd, a distributed XMPP/Jabber server written in Erlang, a problem in ejabberd_c2s.erl allows remote authenticated users to cause a denial of service by sending a large number of c2s (client2server) messages; that triggers an overload of the queue, which in turn causes a crash of the ejabberd daemon.
e7edd775ac43feec7d97a50aeb98d39cfcf4474425ecb6a5d37f562bdd25cfebSiestta version 2.0 suffers from cross site scripting and local file inclusion vulnerabilities.
bee016f0371e25202211f563de552870728eab883435d92420c3efa45517088bUbuntu Security Notice 929-1 - It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
591dd365d779ce5c360c93bf7c0aa20059dc2ce95cebcad97cb333b90ee94e22Ubuntu Security Notice 890-6 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
1f32136aec10fe43a90bf2ba1b04fc4cb7a66b529d203b5c07c70c2fef09e488Ubuntu Security Notice 928-1 - Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426.
df59af3d86e31c22e26814b4aa1ab11c9bd89f40477850b2aff9f197b5257410The Joomla Manager component version 1.5.3 suffers from a remote SQL injection vulnerability.
9115add5895fa978a7381a4fc5415566555a6464d23efc8212d58b9f5c67f1c722 bytes small execve("/bin/sh", 0, 0) shellcode.
895dc725c45e22d2e8b7b7b86fc38834256bd514eec1dd87f75bf0b468892a88Oracle Financials R12 suffers from a remote SQL injection vulnerability.
bc6073b73bb7d906eb7b8c0c493c1fba57d3478f2f57be2d7035684045cce015Mandriva Linux Security Advisory 2010-074 - A vulnerability has been found and corrected in kdm. KDM contains a race condition that allows local attackers to make arbitrary files on the system world-writeable. This can happen while KDM tries to create its control socket during user login. This vulnerability has been discovered by Sebastian Krahmer from the SUSE Security Team. It is advised to reboot the computer after applying the updated packages in order to the security fix to take full effect. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
6e44ca1184ea3d7240884fb255869f8532643ab9fbb175bc2751a3c59775512eThis is the Next Generation Web Scanning Presentation. It includes a methodology to scan the webspace of an entire nation using some new tools and techniques. WhatWeb, bing-ip2hosts, gggooglescan and basedomainname are open source security tools developed by MorningStar Security that were published during the first presentation of this at the KIWICON III conference in December, 2009.
5ba140b88894b5c3a0203028fb94ebcd13b23d6d1cb59e76c0371405ab41ddfcThe Softbiz B2B Trading Marketplace script suffers from a remote SQL injection vulnerability.
f49bf09a5ac9756e14ab3a04629d45aab0c9164ebddf3cd251087ce538aad748The Joomla iProperty component version 1.5.3 suffers from a remote SQL injection vulnerability.
1bd782b2c41f21f57474c9eb77515cc9b2737b387e86aa1280aedc825b283de4Magneto Software Net Resource Active-X control version 4.0.0.5 NetFileClose universal SEH exploit.
dafefbd5a052860e28f1d8e9700565ab0968b540cdced6a2cbaa906f1feb6536Magneto Software Net Resource Active-X control version 4.0.0.5 NetConnectionEnum universal SEH exploit.
b9d10fbbbac55c6ecb0fb0eba1ffc33a39c1f7370d0dd65dc9d8ebf8764a0ca6sydbox is a ptrace-based sandbox implementation. It intercepts system calls, checks for allowed filesystem prefixes, and denies them when checks fail. It has basic support for disallowing network connections. It has basic support to sandbox execve calls. It is based in part on catbox and strace.
5004fd112d61aad54f9760fd1e280ac74d0173b401438d498c6c8a02be52ae59The IBM BladeCenter Management module suffers from a denial of service vulnerability.
2fdefac0d8be7e6b47669981826466ac5d6de34aad57eb161e0f1651ff4e02b5RPM Select/Elite version 5.0 .xml configuration parsing unicode buffer overflow proof of concept exploit.
9034335ebbaa40be41e9489ec6f3ae07375784a6405bd4596cb75dead04ed4aaMagnetoSoft NetworkResources Active-X control version 4.0.0.5 universal NetShareEnum exploit.
e5e9dd457a5d47a4167714edcf50f29f18d400bc390885e0b371d105f6e66821Camiro-CMS version beta-0.1 suffers from a shell upload vulnerability.
f4fbcf2c7f7e9d9f60cd7f053d758f8cdf3727328c2933d739eed989fcb5183fA vulnerability has been discovered in WinAsm Studio, which can be exploited by malicious, anonymous individuals to compromise a vulnerable system. The vulnerability is caused as a result of improper bounds checking when reading *.RC files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a maliciously constructed WinAsm project. Successful exploitation of this vulnerability enables execution of arbitrary code.
cac61971a806256c82d88639df3941d774e2d8d97822a4753e3252dbfc46d176A vulnerability has been discovered in Crimson Editor, which can be exploited by malicious, anonymous individuals to compromise a vulnerable system. The vulnerability is caused as a result of improper bounds checking when reading words from dictionary files. This can be exploited to cause a stack-based buffer overflow by tricking a user into using a maliciously constructed dictionary file.
77d71adfa6feb8523e2123fc6e21a10f3bc85e3124fc21eadbf2165dad3e156a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed