Secunia Security Advisory - A weakness and multiple vulnerabilities have been reported in Sitecore CMS, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks.
731fef840f3213963e162f633ea7b022fe5af69e90ca6c74559161c846ba7ddfSecunia Security Advisory - Kees Cook has reported some vulnerabilities in MiniSSDPd, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable system.
25d471b4352ea034c000ecbddcc72fde5ccc9fd48a67f8f55cdc0d40f00d220cSecunia Security Advisory - A vulnerability with an unknown impact has been reported in Hitachi JP1/IT Resource Management.
6dc7af8f00ee5a56965bea264114d8bdedc00fb36baf910daa290ced2b20a576Secunia Security Advisory - A weakness has been reported in UnixWare, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
11ee57117d9a0038bf0b1cb14c9c9e697fd0514e1954cf7fe744e0705e4715e4Zero Day Initiative Advisory 11-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin component which listens by default on TCP port 27000 (this can vary however if the port is in use). When handling a packet type having the opcode 0x2f the process trusts a user provided value when calculating the bytes remaining in the packet. Using this tainted remaining length value the process then copies packet data into a buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the lmadmin user.
db7e59a0376e24785389a9bdd53eb17e30918197fb24d6479b7244441faff253Debian Linux Security Advisory 2288-1 - Hossein Lotfi discovered an integer overflow in libsndfile's code to parse Paris Audio files, which could potentially lead to the execution of arbitrary code.
0942125455ecdca6e7d9c6ac052199e949491719d018fa17cc47170a2500f8b9Ubuntu Security Notice 1181-1 - It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.
14e4949d1f5bc313734e55b50adf2646d195731a6e58ea63f28211c4574fdbcaA heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7eDebian Linux Security Advisory 2287-1 - The PNG library libpng has been affected by several vulnerabilities. The most critical one is the identified as CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite memory with an arbitrary amount of data controlled by her via a crafted PNG image.
3e4ff8efb347ee8c838157bb520547cc9e35f8767d8e12ee5f0743289e6a2a10Red Hat Security Advisory 2011-1105-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
a15792b3f1e80ca14608f17434901abad86b00e590ca41af294df19788e35990HP Security Bulletin HPSBUX02689 SSRT100494 2 - A potential security vulnerability has been identified with HP-UX OpenSSL. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.
410d172768a0ba4e161eff00917672425a62136388aa62870dd61928f6ac75a7Ubuntu Security Notice 1180-1 - Eric Blake discovered an integer overflow flaw in libvirt. A remote authenticated attacker could exploit this by sending a crafted VCPU RPC call and cause a denial of service via application crash.
73488b7895c24ac8ac74d084316a22f34c14b187f20dc4e1f7217d106c0d496bThe PacSec 2011 Call For Papers has been announced. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In an informal setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. It will take place November 9th through the 10th, 2011 in Tokyo, Japan.
dca0f39b75814edf6679ea7e25c56ab736e16bbde5f2457e3596373f50b9883bA vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to gain information from the database with specially crafted URLs taking advantage of the MySQL benchmark. This issue was patched in version 1.1.7a.
77bb79231bbb028fe492542d9e61d644cb065950ffe0899ea78eccb932223ecbHP Security Bulletin HPSBMU02669 SSRT100346 3 - A potential security vulnerability has been identified with HP Data Protector's Media Management Daemon (mmd). The vulnerability could be remotely exploited to create a Denial of Service (DoS). Revision 3 of this advisory.
023f9f0287071bd93ef56a2a9b53002c263f6c32acbfbdbfd8bb60c304c8288dMyWebServer version 1.0.3 suffers from a remote denial of service vulnerability.
673ed7cfec26749b14ec4996ad07fbed7d17e304de1e91825849f7949f92e9baMyWebServer version 1.0.3 suffers from an arbitrary file download vulnerability.
d4996c4c733d4a5b035b5aae5c50a79599b51430fd59a050497f73d8eeff330fRed Hat Security Advisory 2011-1104-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example.
092507d3038dfbf480768d784c2a9a2cdafa92eeddaa12ebcd38a530810d7ef6HP Security Bulletin HPSBMU02691 SSRT100483 2 - A potential security vulnerability has been identified in HP Performance Agent and HP Operations Agent. The vulnerability can be exploited by remote unauthenticated users to delete arbitrary files. Revision 2 of this advisory.
d48b2413875cfdf36d816dcc286b9523aa1e735d9005430b43bc08b4467c992aICQ versions 7.5 and below for Windows remote denial of service exploit.
3a6a1153fe46b2a5d8f478cd4dbaf2afc905b2e7008deeedbe8ac9a11442f4d1ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.
4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767acUbuntu Security Notice 1179-1 - It was discovered that the hash processing code in libclamav improperly handled messages with certain hashes. This could allow a remote attacker to craft a document that could cause clamav to crash, resulting in a denial of service.
9ccd80cbdb629179bdb7f149238901f7768ec936dde8922f437227d26cddb7c8Red Hat Security Advisory 2011-1103-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
9dc92fb24236ca66b3fa9371b984aa55e313f796547e3aad55237ae4d87a267bHP Security Bulletin HPSBMU02693 SSRT100583 - Potential security vulnerabilities have been identified with HP Network Automation running on Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection and cross site scripting (XSS). Revision 1 of this advisory.
20cbc43130c1c87ccf95c28570cd3fa91cfef30974544441bbec0ad97014ac6bA stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed