iDefense Security Advisory 04.28.09 - Remote exploitation of a stack based buffer overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability occurs when parsing requests on the UDP interface of the RTserver. iDefense has confirmed the existence of this vulnerability in the RTserver version 4.0.10.1. Previous versions may also be affected. The SmartSockets framework is resold to various 3rd party vendors, and in this case iDefense used the version provided with Computer Associates Enterprise Communicator.
6d008d52e91cfd5a4ca4ff613e0e700fd8d4e1656b66671f3a7aa9fae61e7a63Ubuntu Security Notice USN-765-1 - It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
ab4e4559afc19125898711beb3d92a1e8e060a4eacd8ee5f206a43621376f787During an audit of the memcached v1.2.7 source code, it was found that the software divulges its stack, heap, and shared library memory locations. This effectively disables address space layout randomization (ASLR) protection, making potential buffer overflow vulnerabilities much easier to exploit.
2f8e3cddb4d091a7628c65e9dcd58f8e254af82611e835a326c48824dc2d5d55Debian Security Advisory 1780-1 - Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI driver module for PostgreSQL database access (DBD::Pg).
4c1190dcdd77d2ca4d3602c4e6b829968d63e01f45c699b76a5e0cb6aaeb75b2Google Chrome version 1.0.154.53 "throw exception" remote crash and denial of service exploit.
1fd4ca2e8e688fd3ee517eb4b6efdfa11c7e9969f30fa131e3935fb4e5fc6a4fMIM:InfiniX version 1.2.003 suffers from multiple remote SQL injection vulnerabilities.
f43d1aad0582036b8773070a3abe01c14c13b177b3e4c21504ea040d4ea8c889OpenNHRP implements the NBMA Next Hop Resolution Protocol (as defined in RFC 2332). It makes it possible to create a dynamic multipoint VPN Linux router using NHRP, GRE, and IPsec. It aims to be Cisco DMVPN compatible.
cf54ba8cf0525b5235b304e5262386acd66d9919b7626cd6a0bdc41ef08dd707HP Security Bulletin - A potential security vulnerability has been identified in HP-UX running the useradd command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.
0d43e9d2bb8529fed6d01851e133eba86bcf890386ee87229e60dfe3b353175fwebSPELL versions 4.2.0d and below local file disclosure exploit.
133561498523b13aee4a2f2add63fb4c3b4b409b198a90c549f794852524b3a9Secunia Research has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow in ovalarmsrv.exe and can be exploited to cause a heap-based buffer overflow via specially crafted commands sent to port 2954/TCP. Successful exploitation may allow execution of arbitrary code. HP Network Node Manager version 7.53 is affected.
5c00bd4f8d352bd46081ccba370c76751442e5021a0ad1c78da44a1f3aa1c287VisionLMS version 1.0 remote password changing exploit that leverages changePW.php.
355b4c9b088d211fb2b41e0d50a9c7539901f3429c0cfb67173f956a4cac54b8The Formshield CAPTCHA library suffers from a replay attack vulnerability.
a946e21320544258614c2b1013be99c2f90585628b0865e75a0361b07e0f79adOWASP is currently soliciting papers for the OWASP AppSec DC 2009 Conference that will take place at the Walter E. Washington Convention Center in Washington, DC on November 10th through 13th of 2009.
5a3cff1cb7be1cd6e8e708e76a685d8a293e3ee05ccefe86ec1e9daf041495adLinux 2.6 kernel SCTP FWD memory corruption remote exploit.
7ff82e6eae31c3b23fa91ab46cc7407d4e0c84cdc92265c1fdb0e74131295a27Secunia Security Advisory - A vulnerability has been discovered in iodine, which can be exploited by malicious people to cause a DoS (Denial of Service).
5170d65b8fb4b3d11d2157f0ef94e7ea4e5b0b0e90bebd6eb42978a0a91b1cc3Secunia Security Advisory - ThE g0bL!N has reported a vulnerability in Teraway LinkTracker, which can be exploited by malicious people to bypass certain security restrictions.
2f1734268f4d03bc14e43406d096c2d46dcc648969b81e24d57f219f5a2c8d79Secunia Security Advisory - ThE g0bL!N has reported a vulnerability in Teraway FileStream, which can be exploited by malicious people to bypass certain security restrictions.
98937e197a1a9bee837fc139bdf0b7cd899ec962f4528991da96312737c1db68Secunia Security Advisory - Fedora has issued an update for prewikka. This fixes a weakness, which can be exploited by malicious, local users to disclose potentially sensitive information.
d301444b7379176b220df50f768de743c1f994eca5b4f3d2b909811a98a5cfd5Secunia Security Advisory - SirGod has discovered a vulnerability in Flatchat, which can be exploited by malicious people to disclose sensitive information.
289910837ecbf71c579a24b7b24154a44c65a42c3ec7fbe380655471a7b77e05Secunia Security Advisory - A vulnerability has been reported in Samsung M8800 Innov8 and SGH-J750, which can be exploited by malicious people to conduct spoofing attacks.
d186cce2d7f3ab00b5ba58ab5f514455616f52073fce188e617839a323add6eaSecunia Security Advisory - Some vulnerabilities have been discovered in dWebPro, which can be exploited by malicious people to disclose potentially sensitive information.
79df5af5ccbfb6160c407552b5189329f4ebf78706eed88903eec5c3ce93882bSecunia Security Advisory - SirGod has reported a vulnerability in Thickbox Gallery, which can be exploited by malicious people to disclose sensitive information.
0020f7ad10a092ab288119e669085d349ac8e6752079475ec8f0da5baa19ad3bSecunia Security Advisory - Some vulnerabilities have been discovered in MataChat, which can be exploited by malicious people to conduct script insertion attacks.
e00c1481af743f759130692374a2ce9ba62cae2003b1cbe3b4ac62fe8393540dSecunia Security Advisory - A vulnerability has been reported in file, which can be exploited by malicious people to potentially compromise a user's system.
a911a7ff9af20fca92ff381153725d33f6b006acb2c0c482af1c7f3af0500980Ubuntu Security Notice USN-767-1 - Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.
fcbb530895e7326fb202a6aa414fe44c0b4fd21bd3539ceb6f9c9b6147a1e569
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed