iDefense Security Advisory 04.03.07 - Remote exploitation of a design error in certain kernel GDI functions in multiple versions of Microsoft Corp.'s Windows operating system may allow an attacker to cause a denial of service condition. During testing of the MS06-001 WMF (Windows Metafile) vulnerability, a flaw was found in the handling of WMF files. This flaw can cause the kernel to perform a bug check, also known as a "blue screen" or system crash, when it tries to parse the file. The cause of this bug check is an attempt by a function in a kernel system call to read a value obtained by dereferencing an offset into a kernel structure. This value had been previously created and then reset by previous system calls, and at the point it is accessed it does not contain a valid memory reference. This results in an access violation error, which in turn triggers the bug check. This vulnerability is different from both the Microsoft MS06-001 WMF vulnerability and the MS05-053 WMF vulnerability and is not fixed by either of these patches.
fdb46849d9f76d152ab6e6cebaabd4b8f591b50d77c6a09dfcafae4521d8a637The stat12 script from samphp.com suffers from a remote file inclusion vulnerability.
1f32fedf3d24f7e29d15c11393814b8a5bd0073914dfa4c28f891c42b0482816MyBulletinBoard aka MyBB versions 1.2.3 and below remote code execution exploit.
6dea563dfd93a98a244015d060b022f01495a14a52faec6b3fb00bc6d2c685f1holaCMS version 1.4.10 suffers from cross site scripting issues.
2731c88264c8b49c8e4646382800faba394f21efdf8c44b06b3ba74be029dc6bHP Mercury Quality Center runQuery exploit that performs a blind SQL attack.
6a4f978744fe571dbcec22a21d1f67295dec3fd4a0a58de10fa3a8337aa8cb0dDebian Security Advisory 1275-1 - A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of zope web pages.
4eeab3b990fa51069d157fd349284b5198861d20377c63fa5881436aac6405e3Secunia Security Advisory - David Vieira-Kurz has discovered a vulnerability in holaCMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
9a52a1bbcf5349a154b85a931f3afc4b0cf0ec50644b7251a301da9653a70a6fSecunia Security Advisory - Multiple vulnerabilities have been reported in Netscape, which can be exploited by malicious people to conduct man-in-the-middle, spoofing, and cross-site scripting attacks, and potentially to compromise a user's system.
5e3dcd0f2de439877b1c8dd931b781b2b21a8bbcfa0702ff44f05deab60fad19Secunia Security Advisory - Slackware has issued an update for qt. This fixes a vulnerability, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.
ad1e431011aa95d7ce516212c8c0a03f4271c419cfe61a5b06fcf97ceeaa5fedSecunia Security Advisory - A vulnerability has been reported in TinyMUX, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
3b084f750718c0f3fde8a0903f23e8ea70875eed3c9eba27e866f83d6b7edee6Secunia Security Advisory - Gentoo has issued an update for mit-krb5. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
1bdda6296fdce996a2dfb3274b3c52be780308f8dcc761ad17e654713494e7d5Secunia Security Advisory - Debian has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
cde31466928178b768291eed78cf8f66edbfc1cc0cc44d151eadf0ac37a15bb5Secunia Security Advisory - Some vulnerabilities have been reported in Kerberos, which can be exploited by malicious users to cause a DoS or compromise a vulnerable system and by malicious people to bypass certain security restrictions.
32c426d372f3911a79fb7cf4cc5d9daa8339c13d51a05d2a75d4bdcceb1c83caSecunia Security Advisory - Some vulnerabilities have been reported in X.Org X11, which potentially can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
d5d4187e0655cede45ccec9d2f41d2008fd616b6a14a6beb549cb429361b3699Secunia Security Advisory - A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
93e6770a0f98e2a2e29c33c9a4ee7cb3367c6f03760c899f7fec470b247dd342Secunia Security Advisory - Red Hat has issued an update for MySQL. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
48d45c9fb256f418b2c4a56cfb1f32bbb2d00bdf84f6576f43169c9c77015883Secunia Security Advisory - Red Hat has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
c09c972596e21a6627df63d55db1da66704f1c7fb22872f7d4d4508545cedb56Secunia Security Advisory - Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
15ae68a67e167c8381bb6625e99fa17285d2810fdfe615475aee4fa7650cdf0dSecunia Security Advisory - rPath has issued an update for freetype, xorg-x11, xorg-x11-fonts, xorg-x11-tools, and xorg-x11-xfs. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
d655f67db78fcac190af8dc0a0560d7ff0bfbd86bde845f3f446abc1ff77ffd5Secunia Security Advisory - rPath has issued updates for krb5 packages. These fix some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system and by malicious people to bypass certain security restrictions.
e274102506e01660bacdf82895dc1ad8ff7d001b8182dc083d1af5d93ffc83a9Secunia Security Advisory - Will Dormann has reported a vulnerability in SolidWorks sldimdownload ActiveX control, which can be exploited by malicious people to compromise a user's system.
24bb989a399faf845fc53c689563c6b6ac4255ad58f4bb22610b147e45e2887bSecunia Security Advisory - Ubuntu has issued an update for freetype, libxfont, xorg, and xorg-server. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges.
a43897052f696f2760d01564b837f52cbffc55819c1d3f0e83871be0575e2c0aSecunia Security Advisory - rgod has reported a vulnerability in Winmail, which potentially can be exploited by malicious people to bypass certain security restrictions.
b927688ef71d2d675e7f3d2edcd986b042b5ef3ea2c78936e60857bb031eb1adSecunia Security Advisory - A vulnerability has been reported in Metamod-P, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
daeb804ab2908c143f2f1d288a8a8460c2ac43eb681db7b25358e4060b4adf91
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed