Debian Security Advisory 1634-2 - Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. A regression was discovered in the original patch addressing this issue for WordNet, which this update fixes.
0b1a015d9c2dbf861498f679ae61a545d8164bf3135bf3645c81408026ffc049Debian Security Advisory 1642-1 - Will Drewry discovered that the Horde, allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting.
86fa3fafadc64c5326f69589f6e81f393290a5626436c792773c3cc89611f794Debian Security Advisory 1641-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web.
6951024ce21cd3f9ffdd42b0fc285e8f843fcdeec6e27d7d33ee1110977642e6Debian Security Advisory 1640-1 - Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. The is possible regardless of the Django plugin to prevent cross site request forgery being enabled.
30351b8797d4bde99b857e633d429bdb41ac9026496fee8fe750b38e9e027d43Mandriva Linux Security Advisory - A number of vulnerabilities were discovered in Wireshark that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.3, which is not vulnerable to these issues.
47971e079bf45734339fd0f533d789363fc8928891232a1c4d30b4404e25506eExplay CMS versions 2.1 and below suffer from persistent cross site scripting and cross site request forgery vulnerabilities.
26e1a5dc0c7920f5f2f226e65b518086844659c9a5d6cdfc0a96c4d5f0212dbfMyFWB version 1.0 suffers from a remote SQL injection vulnerability.
bce220ad099560538daf2d2ac79ac49fdb4a6cc57f66b67a2b32ed2dd9c291b7easyLink version 1.1.0 suffers from a remote SQL injection vulnerability in detail.php.
f10b35a00d5accdff38a63e3b3afb3a8c377e44d12eda0210d6e48442a0aa905Achievo version 1.3.2-STABLE suffers from a cross site scripting vulnerability.
a14c798136eb44fd0388628d2ad233df9724051fa5999d78092b15b404d25e7fAn IKE_SA_INIT message with a Key Exchange payload containing a large number of NULL values can cause a crash of the IKEv2 charon daemon. The problem is strongSwan dereferences a NULL pointer returned by the mpz_export() function of the GNU Multiprecision Library (GMP). strongSwan versions 4.2.6 and below are affected.
a3597b49066b341935ee93779ea9ca112ab0a8104c7b1a8d4db0e4628d8bde6aDESlock+ versions 3.2.7 and below probe read local kernel denial of service exploit.
9b2d6d121d0e3ae16c49ee05aa2bdfabde347da1accaf8a8bacfa6fce5baafa2DESlock+ versions 3.2.7 and below local kernel race condition proof of concept denial of service exploit.
56b9e98449f73ed6597c17181fd6cf4b2214eeee2ca449e24187029fa75c03c6DESlock+ versions 3.2.7 and below local kernel overflow proof of concept exploit.
8beb788ab58e64d09723299b23349716f368a91d73ba5cd050071ef8073e8673Advanced Electron Forum (AEF) versions 1.0.6 and below suffer from a remote code execution vulnerability.
6b7cad6edd71c0decb297e6dfa8f90c22132ac89bc5b7f3919c9f73a320b9989Drupal CMS fails to set the secure flag in the session cookie allowing for session hijacking.
6d5d4657228cd6039e3ccbfbac2cd8adc8cdb25a11f076f03f379e89ca0016dbArcadem Pro suffers from a remote SQL injection vulnerability.
cf6b9be7b638894a9d6be877c864c82a1a83b01b059d802d2beff216ca3991aeGentoo Linux Security Advisory GLSA 200809-09 - A memory leak in Postfix might allow local users to cause a Denial of Service. It has been discovered than Postfix leaks an epoll file descriptor when executing external commands, e.g. user-controlled $HOME/.forward or $HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix instances running on Linux 2.6 kernels. Versions less than 2.4.9 are affected.
9c8335b7774c98cfeaed558a9d598717ed37fac34ab4a3fb906fe1da12090605ENG, or Encore Next Generation, is a false-negative morphic tool that can bypass IDS/IPS via the randomization of return addresses, random writable addresses, junk code injection, and more.
98147acc62fc6afb8a017830278e2f8800d2ded4cc07b1e6e2a203b3c93a17d2Secunia Security Advisory - t0fx has reported two vulnerabilities in H-Sphere, which can be exploited by malicious people to conduct cross-site scripting attacks.
3445e5adf95b92bfaa0c72781a8c7a37f2c4fba6e7339d6858f5a25595f5407cSecunia Security Advisory - Some security issues have been reported in emacspeak, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
b4df1814657e7be5a1e3abba1954a6c0976ef20a7bc0e5ca48b387c1be43a86eSecunia Security Advisory - A security issue has been reported in the Cluster Project, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
4f4786ab099f54a327f07d29f4e9a540468b22e836f980ebc997d6ce91596c3bSecunia Security Advisory - A vulnerability has been reported in the Secure Directory (kw_secdir) extension for TYPO3, which can be exploited by malicious users to compromise a vulnerable system.
895bd70a2d31b15c6e1ce46ada5b05e6ec87574a100451c69ecfa325354091b5Secunia Security Advisory - A vulnerability has been reported in Xerox ESS/Network Controller, which can be exploited by malicious people to compromise a vulnerable system.
48a1f691294e2f252159a410e2d05a873b3df37a4826c2155d18dae98e3b02ffSecunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
ecb748fa2ce51a5055c40c8f1a601af4f2c89d09671100b737d472210f4fa038Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
caa0f967228228303c79bffa3c030056003724d20445ba40d88b896371c62fb5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed