Debian Linux Security Advisory 2287-1 - The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image.
3e4ff8efb347ee8c838157bb520547cc9e35f8767d8e12ee5f0743289e6a2a10Red Hat Security Advisory 2011-1105-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
a15792b3f1e80ca14608f17434901abad86b00e590ca41af294df19788e35990HP Security Bulletin HPSBUX02689 SSRT100494 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
410d172768a0ba4e161eff00917672425a62136388aa62870dd61928f6ac75a7Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
73488b7895c24ac8ac74d084316a22f34c14b187f20dc4e1f7217d106c0d496bThe PacSec 2011 Call For Papers has been announced. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In an informal setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. It will take place November 9th through the 10th, 2011 in Tokyo, Japan.
dca0f39b75814edf6679ea7e25c56ab736e16bbde5f2457e3596373f50b9883bA vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecbHP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
023f9f0287071bd93ef56a2a9b53002c263f6c32acbfbdbfd8bb60c304c8288dMyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.
673ed7cfec26749b14ec4996ad07fbed7d17e304de1e91825849f7949f92e9baMyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330fRed Hat Security Advisory 2011-1104-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
092507d3038dfbf480768d784c2a9a2cdafa92eeddaa12ebcd38a530810d7ef6HP Security Bulletin HPSBMU02691 SSRT100483 2 - A potential security vulnerability has been identified in HP Performance Agent and HP Operations Agent. The vulnerability can be exploited by remote unauthenticated users to delete arbitrary files. Revision 2 of this advisory.
d48b2413875cfdf36d816dcc286b9523aa1e735d9005430b43bc08b4467c992aICQ versions 7.5 and below for Windows remote denial of service exploit.
3a6a1153fe46b2a5d8f478cd4dbaf2afc905b2e7008deeedbe8ac9a11442f4d1ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.
4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767acUbuntu Security Notice 1179-1 - It was discovered that the hash processing code in libclamav improperly handled messages with certain hashes. This could allow a remote attacker to craft a document that could cause clamav to crash, resulting in a denial of service.
9ccd80cbdb629179bdb7f149238901f7768ec936dde8922f437227d26cddb7c8Red Hat Security Advisory 2011-1103-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
9dc92fb24236ca66b3fa9371b984aa55e313f796547e3aad55237ae4d87a267bHP Security Bulletin HPSBMU02693 SSRT100583 - Potential security vulnerabilities have been identified with HP Network Automation running on Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). Revision 1 of this advisory.
20cbc43130c1c87ccf95c28570cd3fa91cfef30974544441bbec0ad97014ac6bA stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39Midori Browser version 0.3.2 suffers from a denial of service vulnerability.
deb589c219ec48802776ce4086a3f468b0a54ffa47bd8d8841912deec989fbadRed Hat Security Advisory 2011-1102-01 - libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.
2d111ef0e64d2744457f6d7bec28ca03c7a869c7b009fdbc59b288e639888134Multiple games using the Quake engine suffer from remote shell injection and code execution vulnerabilities.
40d5a0eda94f7c3b08a03211b96c36f7794a9900ae0eccda97964850b880b469
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed