Gentoo Linux Security Advisory GLSA 200902-06 - Two vulnerabilities were found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. One also affects edit-utils in XEmacs. Morten Welinder reports about GNU Emacs and edit-utils in XEmacs: By shipping a .flc accompanying a source file (.c for example) and setting font-lock-support-mode to fast-lock-mode in the source file through local variables, any Lisp code in the .flc file is executed without warning (CVE-2008-2142). Versions less than 22.2-r3 are affected.
17c8574bea50c15bdbfc0e4b347a4c54008d41f1d8b905d89aa9b3117651a5ffMandriva Linux Security Advisory 2009-051 - A number of vulnerabilities have been found and corrected in libpng. Fixed 1-byte buffer overflow in pngpread.c. This was allready fixed in Mandriva Linux 2009.0. Fix the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0. Fix a potential DoS (Denial of Service) or to potentially compromise an application using the library. The updated packages have been patched to prevent this.
a74739120bac463b5e67987f05bd7c87e179193dd9d8c7d71e771b76ab1b5b1aMandriva Linux Security Advisory 2009-050-1 - A vulnerability have been discovered and corrected in PyCrypto ARC2 module 2.0.1, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length. The updated packages have been patched to prevent this. The previous update package was not signed.
618fc4a1e35de59495086bd8ccfa8b6f0c0d92c24e82a3883519f85085df6a5ctaifajobs versions 1.0 and below suffer from a remote SQL injection vulnerability.
9f5ef209bfeb754f2b0cb3bcfc2e49211ae53f422bf88602344084e13b513db0libaosc is a library for converting i386 shellcode into randomized ASCII-only shellcode.
8072465fc3fc75f620d483288437c55349c8e70696a6e6d965e1282f5ae7507dMDPro My_eGallery module remote SQL injection exploit.
3046be75a8d626f0ee555076af52c42ca5898127db29bb8393fbbe16983996f5Mozilla Firefox version 3.0.6 BODY onload remote crash exploit.
c0d086a8ac7b4516fd54e0738cd62570544050e97148506a9acda7ad47c72ab2Proof of concept exploit for Adobe Acrobat Reader JBIG2 buffer overflow vulnerability.
5311e72227ac4b3ff87264e11dafaaa40b085ab522f09310081a6faf6c45c1cfAn arbitrary user can for the HP Quality Center to execute arbitrary code via the VBScript workflow files.
34ad47f6a52db68117e3da1097d955e55dc73b32f934cdccb2698ccd9bc769daMLdonkey versions 2.9.7 and below suffer from a double slash file disclosure vulnerability.
c6acee962a39ddeed5b6b74d1eee84ac2e42340ce2c1020099336bde5c303de0The Optus/Huawei E960 HSDPA router suffers from a cross site scripting vulnerability.
a1b55ccfabf6b03502a08309a9aa4bb5ba1571a1e673fcba9a8c621ab8f6e7cePyrophobia version 2.1.3.1 command execution exploit that leverages local file inclusion.
96908c3bb8f930153d1c72cd84d0d9ef9479856a453dcea97919bbd2e156f9d2Libero version 5.3 SP5 suffers from a cross site scripting vulnerability.
45fa5e80ef17455ab47ee63066b1fc648b12b085d0454f936f2990173d3ea75eFree Arcade Script version 1.0 command execution exploit that leverages local file inclusion.
760f3aa37672fbff5e8a85a9b9c8297515e5ef595a4f439550042959705efc3fpPIM version 1.01 remote command execution exploit that leverages notes.php.
91e50b66a552c55d7ec05a6708d1cfe3c82b99d831d0bee24c6e264560138b57The Joomla gigCalendar module version 1.0 suffers from a remote SQL injection vulnerability in gigcal_bands_id.
32b45f87b3446c54ce0e6406e835038a1ce7d5cd690a3e05a9f2312f34875f89The Joomla gigCalendar module version 1.0 suffers from a remote SQL injection vulnerability in gigcal_venues_id.
65f947df3ef37e7f373d9a6ac96f7ab3110d0d8288ae7333e3bee6450d85d1e0zFeeder version 1.6 suffers from a direct access no authentication administration access vulnerability.
93e573eb958f8d7d3448ef742f8773464c443b2a8f738773bb06ddaf80914f77The Joomla gigCalendar module version 1.0 suffers from a remote SQL injection vulnerability in index.php.
ad09d2088f9d082b673a0dc80713ca1888166b8f1ebeb6a67bb4e6ec265bc6fastrongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
0d34ff3fc3eca6539cfb3a6443319ec033d2dfcdee17e6727b8916c8a633e63eSecunia Security Advisory - A security issue has been reported in SmoothGuardian, which can be exploited by malicious people to bypass certain security restrictions.
83394651cdf476e91274aaf145094ca8c1aa7cd3ac77ac5e12417c54c91869a2Secunia Security Advisory - ByALBAYX has reported some vulnerabilities in Professioneller Anzeigenmarkt, which can be exploited by malicious people to conduct SQL injection attacks.
16da2c7c9e7f3951db5c97790f64e9199f84383cb6b309881af082aa690a5bfdSecunia Security Advisory - A security issue has been reported in WinGate, which can be exploited by malicious people to bypass certain security restrictions.
5ec87dd46e74b28597f18de805cfe4834378a5dee5248a19a2f1e618c4f43f08Secunia Security Advisory - A security issue has been reported in Squid, which can be exploited by malicious people to bypass certain security restrictions.
351d3d00afe0e180b99b9f81cd9564559629b01f739721fd47f6124134697c23Secunia Security Advisory - PLATEN has reported a vulnerability in Blue Utopia, which can be exploited by malicious people to disclose sensitive information.
41b14509766dd50eeb272f742df26d82b7a43054274058b8838ef2cda4f303cf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed