Mandriva Linux Security Advisory 2011-179 - The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. The updated packages have been patched to correct these issues.
28900655297d1ea4816e5de8820317856a37994a5877afdb6697329afc3ec425Debian Linux Security Advisory 2353-1 - David Wheeler discovered a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code.
30834ae6dd79c9c782b27e64bf7d40a0b116914d4d1800c26f3abff17771d053ARP Toxin is a simple Perl script designed to ARP poison a host on the LAN. It uses Nemesis as a packet crafting tool to create and send the ARP packets. It is NOT original code, merely a slightly improved version of the sample arpredirect script from the book "Hacking: The Art of Exploitation". This variant allows one to set their own poisoning interval and interface to poison on.
aaa815740a2967208c32389034fd22ddc713b8769ad0c27475d119c8fbeb276dTitan FTP Server version 8.40 suffers from a denial of service condition that leads to a kernel crash.
63a8fb14cd6960d0567ab112f079bffb34f96fff18a95cef2eb2832dd45cdb0bPHP Video Script suffers from a remote SQL injection vulnerability.
853eb5286c79cf9e5e91ab553b21226f4ac833df597dee8272f8dae63b1082f1This whitepaper goes into detail on how to break 802.11 detailing the various attack methodologies and tools needed to perform the attacks. Written in Spanish.
db2e01888753073cc48af12d04fdc0fce7a3a6f5d76f0cf0f4036c28964010c6Ubuntu Security Notice 1281-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
872fb0971665c7f419fc03b97528a458416b56407dc592de5dc20aa1368746faTinyMCE and flvPlayer suffer from cross site scripting, path disclosure and content spoofing vulnerabilities.
872046dfd1f633c8ebc6d604cc01ec5c313e98caa38f7140a61c93262c92a99dWhois.com suffers from a cross site scripting vulnerability.
e2ac630071eca8340daea335b449a6e12b37cda626e7da1fff0831dc9f413846eSyndiCat Pro version 2.3.05 suffers from a cross site scripting vulnerability.
a881de1b7ecd810c25106d0c9006ec4cb8cf175600183fbd33ec8e537063deffSecunia Security Advisory - Ubuntu has issued an update for linux-ec2. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service).
a48d4e0dd8232d3af91feee97404ec62dba4dd7aaad8f834abc3c9caf65b26a7Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
0d6229d3f53528fc176b553f50fca3625f06851bb0ea89bdb428a00c90e6b555Secunia Security Advisory - Fedora has issued an update for phpldapadmin. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
ce4d69c9271027903bf32ccdea788f9aa506c04f8d4732ccdc0f809f913ff2d6Secunia Security Advisory - Debian has issued an update for ldns. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
4abfb65fb0c981d8433f6c4c84894edc694018e611381a26193d1ed007498c4eSecunia Security Advisory - Multiple vulnerabilities have been reported in SRWare Iron, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
5d0c453a53f2d9bda6320774df9f323ba2bf3c11f3d62252ef30eb831bc7db47Secunia Security Advisory - Fedora has issued an update for net6. This fixes two weaknesses, which can be exploited by malicious people to disclose certain information and conduct session hijacking attacks.
c2a7e80fe5f0c822f558039b4a43cee7f6f447754f1d7d6f855792d1606d25a6Secunia Security Advisory - Multiple vulnerabilities have been reported in colord, which can be exploited by malicious, local users to conduct SQL injection attacks.
27f73f4cf34389ed5d203d1b3c8b6b918f42234b8688cde468ca070001c21d6fSecunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-natty. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and gain escalated privileges.
ad94eaf4783d0359df30a99fd1035ec3f47b6020436422758628a5a97cf33392Secunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-maverick. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks, cause a DoS (Denial of Service), and gain escalated privileges.
e85d5bb4123b782b807b1e79f109a8f41a97748301f87e11e3f7223c4dc14757Secunia Security Advisory - Multiple vulnerabilities have been discovered in iTop, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
7cdfb98749c8e7099a20b5f9b90e8fd0227d93cf4c7f8149fe3243d56a39ff20Secunia Security Advisory - Akin Tosunlar has discovered a vulnerability in Koha, which can be exploited by malicious people to disclose sensitive information.
f349cf3ca9c2b657e61e5276e5d819886c7c7712ff5dd3f9ec7b29e2030c0e5dSecunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to cause a DoS.
63badc3c944278c4bda54367d16093bb01851c90d386fac87e90954904233a25Secunia Security Advisory - Ubuntu has issued an update for linux-ti-omap4. This fixes two vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks and cause a DoS (Denial of Service).
2d674c2e358ec22ee36be08fa197fa90478e405cb35c5bd35b58d5bc1e0e52e2Secunia Security Advisory - Some vulnerabilities have been reported in MyBB, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
3aca6b6c809108060f2b218f2a25fa97a9ca269c68707ea85c0f24fabb339a6fSecunia Security Advisory - A vulnerability has been discovered in the MeeNews plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
57644dd55ecf2be450a918ad94db2972d5ab62e3f8cf479295b90599198e5858
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed