Kaseya VSA version 6.5.0.0 suffers from cross site scripting and brute forcing vulnerabilities.
7fe218cd1c415fe7ecf706fc430277ad0a16b68a9d7aa68e327097eb8897004bKingsoft WebShield KAVSafe.sys versions 2010.4.14.609(2010.5.23) and below suffer from a kernel mode local privilege escalation vulnerability.
17fca34022bf7c6b745aa66d33307d17c847110bb4ff1afb04b49e92d86e465dMandriva Linux Security Advisory 2009-332 - Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Additionally the patch for in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability. Packages for 2009.0 are provided due to the Extended Maintenance Program.
d2b192cd78da8edd2e68f462274472b050263f13b309e1cab890312f91302408Mandriva Linux Security Advisory 2010-073 - CUPS in does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553. The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. The updated packages have been patched to correct these issues. Packages for Mandriva Linux 2010.0 was missing with MDVSA-2010:073. This advisory provides packages for 2010.0 as well.
8bc79655fa60e411cb4fc6c4176a462670c99e50077d17a036d4c694df5c95cfMandriva Linux Security Advisory 2009-316 - The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than and CVE-2009-3720. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The previous (MDVSA-2009:316-2) updates provided packages for 2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased release number which prevented the packages from hitting the mirrors.
65a319ba6e69c9835b128c925cf1694bfae7fe20c0b9a69df9bd5a8c82228cc1Mandriva Linux Security Advisory 2009-332 - Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Additionally the patch for in MDVSA-2009:296 was incomplete, this update corrects this as well. This update provides a solution to this vulnerability.
a17d6153f5063f0ff22cb23f02d1a912a4bfd94c9b0d868d6b8cfcfba044824aMandriva Linux Security Advisory - An integer overflow flaw was found in Pidgin's MSN protocol handler that could allow for the execution of arbitrary code if a user received a malicious MSN message. In addition, this update provides the ability to use ICQ networks again on Mandriva Linux 2008.0, as in MDVSA-2008:103 (updated pidgin for 2008.1). The updated packages have been patched to correct this issue.
7d84696431ca3cbdcdd7bc3811cc4ffa055ddcf1c20c7cb29c685bb32ae3d154Presentation discussing the hijacking of VSAT connections.
6dfeb2819f6eea9512236553e50c0bf610cc640a2964f073804f8b09f78b57b8The Visionsoft Audit VSAOD server allows unauthenticated remote uninstalls.
32402fc81e4ee4ae9e23d1ceb60cacbf198a7d5fc6b22292f9f6fc8f8265bdf5The Visionsoft Audit VSAOD server allows remote execution via replay attacks.
004207ae5040f7c23e2f7d9ad194d7a20cac4fec06e9f90ca3090225f8f4378bThe Visionsoft Audit VSAOD server uses a weak algorithm to obscure passwords on the wire and within configuration files.
b6fd4cef86a7b3de8087f1a06c1b54ae2bd07778dc4aaa91dcebb564068f580aThe Visionsoft Audit VSAOD server allows unauthenticated ini file overwrites.
080c13ef81c71eead5eac67e36b28638bf7df5074f26812c3f11e624fd39d0bdThe Visionsoft Audit VSAOD server has input validation flaws which can result in an unauthenticated heap overflow.
35bcdad69de32a6aedc37641dbe69fac6033d3ecd0cdbb3c608b7eb0b1ca6942The Visionsoft Audit VSAOD server allows unauthenticated arbitrary file overwrites.
6d06f3e515cfdc1f95baad70dd94df729268176755bcede76369cf643d89352fiDefense Security Advisory 03.14.07 - Remote exploitation of a divide by zero error in Trend Micro AntiVirus may allow attackers to cause a denial of service. The vulnerability exists in the kernel driver, VsapiNT.sys. This driver is responsible for scanning various file formats for malicious content. The code that parses UPX files takes an integer value from an attacker supplied file and uses it as a divisor. This results in a divide by zero error in kernel mode. This causes a kernel fault resulting in a blue screen of death (BSOD). iDefense has confirmed the existence of this vulnerability in Trend Micro AntiVirus version 14.10.1041, engine version 8.320.1003. Previous versions may also be affected.
e71e229da9c2d9659bd65c2398587b06e024b67717615b38e8e15a4c3c405bc7A local buffer overflow vulnerability in the VSAPI library in Trend Micro VirusWall version 3.81 on Linux allows arbitrary code execution and leads to privilege escalation.
2c17540c6c33d93e818379d4381bc07d96560541c42d1a823b05b1f8a97aec8aLocal root exploit for vscan/VSAPI in Trend Micro VirusWall version 3.81 on Linux.
9d755b5bafb1a729d747106a19b5bdf4cf329021970131996e1098b977f41310HITBSecConf2006 Presentation - Hacking a Bird in The Sky: Hijacking VSAT Connections.
6825e8ca8ed3d1a6b4854ce53a2b77dc9b5e8ab847b0ca259814c15bda9a296bTechnical University of Vienna Security Advisory - TUVSA-0605-001: Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities.
116598115df5855f3f838faa7225662e9a788449d8b4c836a106d8d7f5cffc6dVICE Security Advisory VSA-2004-1 - VICE versions 1.6 through 1.14 on all platforms are vulnerable to a format string vulnerability in the handling of the monitor memory dump command.
51874a9d9c5210599a173e589857775ad51874245713cf5292ebac779544b9a7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed