Debian Linux Security Advisory 2273-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
2ef146aca09d233410ab44c6e1c9973fa960736b2e7f412227bd5dcfb267e6ffCisco Security Advisory - A denial of service (DoS) vulnerability exists in the Cisco Content Services Gateway - Second Generation, that runs on the Cisco Service and Application Module for IP (SAMI). An unauthenticated, remote attacker could exploit this vulnerability by sending a series of crafted ICMP packets to an affected device. Exploitation could cause the device to reload. There are no workarounds available to mitigate exploitation of this vulnerability other than blocking ICMP traffic destined to the affected device.
47affad59b00044d9ad060263d5a9a48eed230f89c78af4c892b70ed3be57832LuxCal Web Calendar versions 2.4.2 and 2.5.0 suffer from a remote SQL injection vulnerability.
c531b5544e399b0b05f621a353b38e58960f2676c6b38c34ef113df210155c31aTube Catcher version 2.3.570 suffers from an insecure method vulnerability.
44a65c7fda84418a50d45584ee5618db08b4401eb2fe2ad6667112c3fff99959Ubuntu Security Notice 1165-1 - Nelson Elhage discovered that QEMU did not properly validate certain virtqueue requests from the guest. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Stefan Hajnoczi discovered that QEMU did not properly perform integer comparisons when performing virtqueue input validation. An attacker could exploit this to cause a denial of service of the guest or possibly execute code with the privileges of the user invoking the program. Various other issues were also addressed.
e3ccd0d1153d4140f17f1e1ce0c2c4ba9f29570da645f067a3ba6f3b39a4acaaEffective File Search version 6.7 suffers from a DLL hijacking vulnerability.
a87c5df1bec63ec7c29aed5cdd7c0b95e79f47d058ceb03d7144adabcf14174bActivart suffers from a remote SQL injection vulnerability.
3cecc1164ebd86619d73b193d9b613e76c91a42007f6c84a798207d7339230cfAlphabit Online suffers from a remote SQL injection vulnerability.
2735b6518e0af39be6d92e6e972a95e286d73d0db78d4058a9e677c6b44ea056iDrive Online Backup version 3.4.0 suffers from an insecure method vulnerability.
0f2708d94c32bd9303abeeb64b2876314479075db4dd0484443c170f5e29afadHP Security Bulletin HPSBUX02688 SSRT100513 - A potential security vulnerability has been identified in HP-UX dynamic loader. The vulnerability could be exploited locally to create a privilege escalation, or a Denial of Service (DoS). Revision 1 of this advisory.
eeef1db78f13a5fa4ec2c24f3421914be2c402cb016c9299a35af1a06f3c560aMIT krb5 Security Advisory 2011-005 - A remote client of the GSS-API FTP daemon in the krb5-appl distribution can access files using the effective group ID that the FTP daemon process had when it started.
1fe339215ceaa9f7616aea04e0760e9c50130ea0ca8add4046b96df17325d31eThe software referred to as BCAAA (Blue Coat Authentication and Authorization Agent) is installed on a domain server (not necessarily a domain controller, a member server is enough) and acts as an intermediary between a Blue Coat ProxySG and the domain. The BCAAA Windows Service is vulnerable to a stack-based buffer overflow, this can lead to remote code execution running with SYSTEM privileges. Affected are all versions of BCAAA associated with ProxySG releases 4.2.3, 4.3, 5.2, 5.3, 5.4, 5.5, and 6.1 available prior to April 21, 2011 or with a build number less than 60258. All versions of BCAAA associated with ProxyOne are also vulnerable.
54bac8253d4a2373e84fd3215e027da96d0d0887a6fbb0fdaedba7dac543322fBusiness.in.com, Cricketnext.in.com, Hooked-in.com, and Connect.in.com all suffer from cross site scripting vulnerabilities.
a8cace2dd43b47c72530f423365cd7f077325f6b6ec46d04533864ff1108d503Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
972e4c150e3012ba8777f149c858e1e290aeb7ad7976e1551ac1752bc04fb0edESTsoft ALPlayer version 2.0 suffers from a buffer overflow vulnerability. It is caused due to a boundary error in the processing of a playlist file, which can be exploited to cause a stack-based buffer overflow when a user opens e.g. a specially crafted .asx file. Successful exploitation may allow execution of arbitrary code.
5a582f57cd6e6df287f9f89eb693be5d651a9317c7ec5a7a9f97332fdc138cd4foobar2000 versions 1.1.7 and below suffer from an integer overflow vulnerability.
e1be7ed3ad055d54958fd516bb25e5f37b083fd880252d91e6465dc4109cc84cHP OpenView Communication Broker (ovbbccb.exe versions 11.0.43.0 and below) suffer from an arbitrary file deletion vulnerability.
986bc67bf92ec6f9f779b02911e1349819b414d7082a4622ce743f01160246c4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed