FreeBSD Security Advisory - lukemftpd suffers from a cross site request forgery vulnerability.
f96a133098c7d695b8ed4948a168b5a4bbc1e31a29cf5e7e4ead2bbc59be475bFreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys.
0fb1c7f9876c52b5a471b7b0b3b96ecb570c084c5146b7a0b0b7cd4c332e5a41Ubuntu Security Notice USN-704-1 - It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
a30c92a8f6507461103b7e1f87cb1f4f2cd268532d770dd33938e10e1c178f06CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1.
a62071c482a2724a1868fed40e856bb95649bf2a7c07ab8477daf6ca035387feDebian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite.
5f3741463ecc48ccf8ae4ebfd405196b887e872bd1b70b5a03ec77dabc5422bcDebian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.
154fedd699ba34a05bcf8f64a0d9f5313de39f5e8b2112be12d7f1262c1160b3QuoteBook suffers from a remote configuration file disclosure vulnerability.
8700944c1ea65194af9fbe9d2d8b5e8e26c6da5526384d7b89082369de5c522fCall For Papers for the 2009 International Symposium on Collaborative Technologies and Systems (CTS 2009). It will be held from May 18th through May 22nd, 2009 at the Westin Baltimore Washington International Airport Hotel.
df671cf2f237d97b9175e2894ccefd611d71872245f98dda203d89e17ebe6f95Cisco Security Advisory - The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS.
c1424921b0504320ff3ff004ca557c8e4a8468a3f0dc49081fa19ce1616a14f9Several functions inside OpenSSL incorrectly checked the result aftercalling the EVP_VerifyFinal function, allowing a malformed signatureto be treated as a good signature rather than as an error. This issueaffected the signature checks on DSA and ECDSA keys used withSSL/TLS.One way to exploit this flaw would be for a remote attacker who is incontrol of a malicious server or who can use a 'man in the middle'attack to present a malformed SSL/TLS signature from a certificate chainto a vulnerable client, bypassing validation.
8dbd38114d5639253aa0620ba251aa5bd0a44e9f411e34da95345184528fc4dfSeveral functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.
f5724c1eba1778218b03f1b5af75356b08e95a08bbe2b92274df7f31dea9d59aPlunet BusinessManager suffers from stored cross site scripting and information disclosure vulnerabilities.
bbb6b7efc7455a72e4246a17d17484a00d7d0d57b0db5110e8853ccd42f1c704A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta.
da104f3d68f39d3929b4c38e3bf2f61ce309b27f516300071bd2635ddb8f20f7WinAmp GEN_MSN plugin heap buffer overflow proof of concept exploit that creates a malicious .pls file.
6cc13470a643ecebc9414c4bd17a426ef9b9cd1233f7e12bc459d001d2fd4a32Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included TabOne ActiveX control (sizerone.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. SAP GUI 6.40 Patch 29 and SAP GUI 7.10 are both affected.
e136911cfe27d72e5490b136aeb2053781377bf5055fa3476256cbb7bea1a60aSecunia Research has discovered a vulnerability in TSC2 Help Desk, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included CTab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. TSC2 Help Desk version 4.1.8 is affected.
6431c5ae11ab8eaeab4e6b301d650c2cb842767fe8fabcfc3d3a370c8d34135cSecunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ComponentOne SizerOne version 8.0.20081.140 is affected.
1864b06eeec1d88cdfd1c2ff046c8f677ee6d390a1c5880b9640a21412721137The PHP-Fusion E-Cart module suffers from a remote SQL injection vulnerability.
558f6adbaa7c087b1b2987853e9648a78ab0138b2ee254af603beffcc0e9e744Audacity version 1.6.2 remote off by one crash exploit that creates a malicious .aup file.
c8fd5c94251952b01f4ae7e071e2b3452ff7456c26201ad20e081651d89c527fPerception LiteServe version 2.0.1 remote buffer overflow proof of concept exploit.
501bcc5de54eca133709c17d368196c679fa05ab452b1879b142c8010b154ae3The PHP-Fusion module Members Bewerb suffers from a remote SQL injection vulnerability.
21dd2a7a10d17babd7b1b5a2254a05d87fe40bb2c802f1922f73820c1ab6ad91Secunia Research has discovered vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. HP OpenView Network Node Manager 7.51 with NNM_01168 is affected.
fa7a9736766557f2c0ed917d85e79169437fe85ee69db841ac493df2a1024843VUPlayer versions 2.49 .PLS file universal buffer overflow exploit that spawns calc.exe.
729f0902f6070beb1ba0a8381214ba7f39df71107b9d26e54ebae427021e9191Secunia Security Advisory - Secunia Research has discovered a vulnerability in TSC2 Help Desk , which can be exploited by malicious people to potentially compromise a user's system.
a3e3604212ece3c8d06722de62c74ccce6db623e3939d7eac01802d29c9b4f43Secunia Security Advisory - Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system.
3708d58521c0c9a9a4602dc5494ab750980cdbcd0f1433ec67e8469c72d57e96
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed