Rocketmedia suffers from a remote blind SQL injection vulnerability.
2ce98d0f684d84d9b0446692bd90c6cd93d6ccf1edde2f7acef2522cd358c41d
Red Hat Security Advisory 2011-0841-01 - SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system. Additionally, a privileged user could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. Various other issues were also addressed.
83a3245143352b55f2a14786aedf6c975c0e124352b29ce5e82166a801a48ca5
Red Hat Security Advisory 2011-0840-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Various other issues were also addressed.
812fe63dbde8488452a02a75040e52b7f39ea4252aaa8e63e8379bc9ac78f5d4
Red Hat Security Advisory 2011-0839-01 - The GIMP is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
dcaf51b46ecd247f153bafce0036f31b4e7f1e81aa7d1824c6e0a3af4dfb1e1c
Ubuntu Security Notice 1140-2 - USN-1140-1 fixed vulnerabilities in PAM. A regression was found that caused cron to stop working with a "Module is unknown" error. As a result, systems configured with automatic updates will not receive updates until cron is restarted, these updates are installed or the system is rebooted. This update fixes the problem. Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service.
5d201859cf56d4bf364b41135aa2c9404cb69d1a53679b2460baf65020bf8b0f
Red Hat Security Advisory 2011-0838-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
bcebaf7eecce22dfae82e4c81db212616345165a850f2049b859bb2f8f85043e
Red Hat Security Advisory 2011-0837-01 - The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. Various other issues were also addressed.
bc734d04701963c119db99658f1e8c5db3d1bb7653d5c791749605209f890f90
Secunia Security Advisory - Debian has issued an update for jabberd14. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
06c2745e1cb988c61f6f8fd4d80074b835fba6b07af4ffc83c41569f87ee2de2
Secunia Security Advisory - A vulnerability has been reported in AnyMacro Mail System, which can be exploited by malicious people to disclose sensitive information.
703f96bb5c5c5a06bb5467c62728067f9a15bc7d1d04ddbd4c0476840610c98f
Secunia Security Advisory - Georg Fritsch has reported a vulnerability in Wyse ThinOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
0b1a3c1e66a6c5f8478cbddcac3d8a54c43b1ed541381546ee4321878b634ad0
Secunia Security Advisory - A vulnerability has been discovered in Pika CMS, which can be exploited by malicious people to disclose sensitive information.
1967edad28d8b0df91ad371f6a4e3343282ce4dcf0305d67ab80bafc967113ec
Secunia Security Advisory - A vulnerability has been reported in various Symantec products, which can be exploited by malicious people to compromise a user's system.
a8a2ca8d40e8a8dda29cb6a29f591ec7d5fb3d00666d82985bd62dfbaa8a52d3
Secunia Security Advisory - A security issue has been reported in GNOME Display Manager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
7c66d8c2dc9be344109f19ef22c530911fd270b60da242fc5ceac9a6a4ccb801
Secunia Security Advisory - Debian has issued an update for citadel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
37756d40e12d7ce3935705712f0e08c431c7ddf9457d37d8b13a5842fd365ef1
Secunia Security Advisory - Ubuntu has issued an update for linux and linux-ec2. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system and cause a DoS, and by malicious people to cause a DoS.
fcdc5bc540ad6aa56ab401090db46a87cd05dec7927c242c567f08aad6ca7708
Secunia Security Advisory - A vulnerability has been reported in ejabberd, which can be exploited by malicious people to cause a DoS (Denial of Service).
62751cf27c34476fe96b349bbd31d4efee11690f72e8aaf5cf1ff7cfa3739ce9
Secunia Security Advisory - A vulnerability has been reported in WatchGuard XCS, which can be exploited by malicious people to manipulate certain data.
473d7b7128532915880f26b010be1b6fcd127695f012d822a3d9397e11e160fe
Red Hat Security Advisory 2011-0833-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. Various other issues were also addressed.
6c8017bb07a6916f0d7d7287b1de37c93f29942577ec63e233b807942ce1a0c5
Serendipity version 1.5.5 with the serendipity_event_freetag plugin suffers from a cross site scripting vulnerability.
80f380cee14afc2bf6ffc4f765065bf2355d85b4916e4a9dcb1b7a2096a79e6b
This archive contains all of the 253 exploits added to Packet Storm in May, 2011.
3bfe1448e63a35e61e4f6614a659dc1481879f4fe7b179f5ea443690c00161a5