Secunia Security Advisory - Laurent Gaffi
f6ef1656bcb3335ba85cafb9932052ed889992ff409d6deb6e63874773dadd34Secunia Security Advisory - A vulnerability has been reported in HP Tru64, which can be exploited by malicious, local users to gain escalated privileges.
fc0978bd5dfb0de9d690ed73e0a68856c678df2d2c33aadb3bb71b80dc28e14020 byte Linux/x86 shellcode that reboots the system.
94f1faff10f9bedfe3cd5057c2bfe06d3ec14d006792926f227319b5f5e08e52Securing LAMP - A whitepaper that discusses a methodology to configure, test, and run a Secure LAMP environment.
0a73c4ff31794a44f95f44d0961f1120c44546bc0cf54caca727cf680291cce0A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Marshal MailMarshal (formerly of NetIQ). Authentication is not required to exploit this vulnerability. The specific flaw exists within the extraction and scanning of ARJ compressed attachments. Due to incorrect sandboxing of extracted filenames that contain directory traversal modifiers such as "../", an attacker can cause an executable to be created in an arbitrary location. Affected are MailMarshal SMTP 5.x, 6.x, and 2006 and MailMarshal for Exchange 5.x.
96fb3659a81e9afceb913739fbac7b19661a909a3df69a48bb514072d63a0f23Gentoo Linux Security Advisory GLSA 200611-05 - Paul Szabo reported that an incorrect seteuid() call after the chdir() function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, for example when the NFS-hosted targeted directory is not reachable by the client-side root user. Additionally, some potentially exploitable unchecked setuid() calls were also fixed. Versions less than 0.17-r4 are affected.
f3c4ec227e937ca7d1a7514d3394bd1a6aa5ea9e3dbf07284e41f8873b096c80OpenPKG Security Advisory OpenPKG-SA-2006.033 - Evgeny Legerov discovered a vendor-confirmed denial of service vulnerability in OpenLDAP. The vulnerability allows remote attackers to cause a DoS via a certain combination of LDAP "Bind" requests that trigger an assertion failure in "libldap". The flaw is caused by incorrectly computing the length of a normalized name.
f298e21b67c62cc61561c562fe81bcf25b76c0493617dca53ced2a579adadcbdNetragard, L.L.C Advisory NETRAGARD-20060810 - libpthread suffers from a buffer overflow vulnerability which may enable an attacker to execute arbitrary commands on the system. This vulnerability may potentially be exploited by a creating a specially crafted buffer and inserting it into the PTHREAD_CONFIG variable. Version 5.1b is affected.
987de219a762a82acd64d995906ea3a9208ed3a544ba195b808c097d325cf8e8Mandriva Linux Security Advisory MDKSA-2006-206 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.8.
825c6e50331e1bfa5698e1caa8d1a798090692b4e9fd5286767921aa79184f8bMandriva Linux Security Advisory MDKSA-2006-205 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.8.
bfbc7f9917c3d4bb2a2ac822cf3f34102b6d5c00d02f7ba49fa4e9251b714cddGentoo Linux Security Advisory GLSA 200611-04 - Bugzilla is vulnerable to cross-site scripting, script injection, and request forgery. Versions less than 2.18.6 are affected.
4b0fecd0208c38704fc573e5a4bd0fda12683230bc38650becd1d00172337690Wheatblog suffers from cross site scripting vulnerabilities.
992190041a3ceba8a6f33eb07dde7d3f00c201418b022cf53cd33a679bf10bcdUbuntu Security Notice 379-1 - Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges.
1e789714fd59aa9ed0be597252639e409cce1d9171c9b62c772e7bc500a8cfdaThe LandShop Real Estate software suffers from SQL injection and cross site scripting vulnerabilities.
64dd74bfd46cd3d25e8e2421db6e16cb3b55ffa4cfa4f2b985e87b4510cd3dccDebian Security Advisory 1207-1 - Several remote vulnerabilities have been discovered in phpMyAdmin that allow for everything from CRLF injection to cross site scripting.
ada8e0398cb473593cabaec5b5fc2e29190d0cbce81de3ed54c4b75b5bf4ff51A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix MetaFrame Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine IMA_SECURE_DecryptData1() defined in ImaSystem.dll and is reachable through the Independent Management Architecture (IMA) service (ImaSrv.exe) that listens on TCP port 2512 or 2513. The encryption scheme used is reversible and relies on several 32-bit fields indicating the size of the packet and the offsets to the authentication strings. During the decryption of authentication data an attacker can specify invalid sizes that result in an exploitable heap corruption.
85f81d263737b72b51ceb60707eb84886803fabd9d979123dee1461b13db004fiDefense Security Advisory 11.08.06 - Remote exploitation of an input validation error in Citrix Systems Inc.'s Metaframe Presentation Server 4.0 IMA service may allow an attacker to cause a denial of service (DoS) condition. The IMA (Independent Management Architecture) server component Citrix's Presentation Server (previously known as Metaframe) contains an input validation error in the handling of certain packet types. By constructing a specific packet, it is possible to cause the service to reference an unmapped memory address. This causes an unhandled exception, which in turn causes the service to exit, resulting in a DoS condition. This vulnerability has been confirmed to affect Citrix Presentation Server 4.0. Previous versions may also be affected.
6cbb80e9d1121039d25d51965a6e8224a96c1c5c2f11e6ae1accdb5784cfc172Bitweaver versions 1.3.1 and below suffer from SQL injection and cross site scripting vulnerabilities.
5be0fc23df07e33436c07f4cf8c318d0751177af831fac85d50fe817de6c8820GNU gv version 3.6.2 is susceptible to a remote stack overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers.
f79e70f699933fa7558eb05a1eef26d630ad090d7eea37ea2ad8585c935bec02Secunia Security Advisory - Paul Szabo has reported some vulnerabilities in the Linux NetKit FTP Server, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, or perform certain actions with escalated privileges.
9a3f9b22233f261f0e876ce7c070c84870423044f1f1c5643759d37c68a910c7Secunia Security Advisory - A security issue has been reported in Novell BorderManager, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions via replay attacks.
93120ccb56e637aa8260ef45d54f89b0048155eb703f5d879e78d273f7318700Secunia Security Advisory - A vulnerability has been reported in various Juniper products, which potentially can be exploited by malicious people to bypass certain security restrictions.
81ba8675868f11fecc4cf4eb82c4c06ed3a44c85cf369a9164165f0283650786Secunia Security Advisory - David Vieira-Kurz has reported some vulnerabilities in xenis.creator, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
a435b04da8358d87208658cdf1fe2263a637d6e1ff0d98fd6f8d55572344f179Secunia Security Advisory - LMH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service)
c3c1331fd69188880786c74fb3a24f2c3427dbc92de9176d6593814a15f12afaSecunia Security Advisory - r0ut3r has discovered some vulnerabilities in ContentNow, which can be exploited by malicious people to disclose certain sensitive information, perform certain actions with escalated privileges, or to compromise a vulnerable system.
dd6bfa78f65410e9e082103700676780d0241498ec9059bcaa3ef33367096430
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed