Secunia Security Advisory - David Kierznowski has reported a vulnerability in Livelink ECM, which can be exploited by malicious people to conduct cross-site scripting attacks.
97f5403da56761a645fbbb03be375dc2c0b973b0c73b81918dd6ef405c2a9d60Gentoo Linux Security Advisory GLSA 200802-02 - Luigi Auriemma discovered multiple buffer overflows in the D_NetPlayerEvent() function, the Msg_Write() function and the NetSv_ReadCommands() function. He also discovered errors when handling chat messages that are not NULL-terminated (CVE-2007-4642) or contain a short data length, triggering an integer underflow (CVE-2007-4643). Furthermore a format string vulnerability was discovered in the Cl_GetPackets() function when processing PSV_CONSOLE_TEXT messages (CVE-2007-4644). Versions less than or equal to 1.9.0-beta5.2 are affected.
eaa061d64b695f84a7e77d113250243eabc4fd57ed8273f7d1d6a82cdd7bf0beGentoo Linux Security Advisory GLSA 200802-01 - The LWZReadByte() function in file IMG_gif.c and the IMG_LoadLBM_RW() function in file IMG_lbm.c each contain a boundary error that can be triggered to cause a static buffer overflow and a heap-based buffer overflow. The first boundary error comes from some old vulnerable GD PHP code (CVE-2006-4484). Versions less than 1.2.6-r1 are affected.
41799460087c27d9ce78174c9f6d82c619d0b53782aabecefe72c169283071b8Mandriva Linux Security Advisory - Wei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code. As well, the fix for CVE-2007-0720 in MDKSA-2007:086 caused another denial of service regression within SSL handling.
ecabb41b8b78285be0640a5a66957a87738180a417d3ecba60aedebac3f4919eSecunia Security Advisory - Alexander Concha has reported a vulnerability in WordPress MU, which can be exploited by malicious users to bypass certain security restrictions and to compromise a vulnerable system.
57bf8f0bc5dc90dc1eeb063bea8a0cb807e122f19235e35fcfc7f961d0e52abaSecunia Security Advisory - Pablo Gaston Milano has reported a vulnerability in Documentum Administrator and Documentum Webtop, which can be exploited by malicious people to compromise a vulnerable system.
65268d11a405e3192773fd6b74a4a8a0a1a3b1d41e08bacae5a3f816c9793a43A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Backup Exec System Recovery Manager. Authentication is not required to exploit this vulnerability. Backup Exec System Recovery Manager versions 7.0 and 7.0.1 are affected.
2febe6c060baca99c4a70f0ea9a1c410d16626e72a059c4ff90bc5900afd1555WS_FTP Server versions 6.1.0.0 and below and Ipswitch What's Up Gold version 11.03 suffer from source disclosure and authorization bypass vulnerabilities.
75bd56deca56e47f6a433127d3f88bfefa744db877bae4e083301a26545c72ecSecunia Security Advisory - SUSE has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges or cause a DoS (Denial of Service).
f9109eb6579a593ed488cb80a9fae06723bbd66b1ae9f0d7a0e0a129ab189374Secunia Security Advisory - An update has been released for Skype, which implements security enhancements to prevent compromise of users' systems.
765e2e7028e7002577eaa139b8afce86866fb92319993e5406ec5bf7e348d402aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).
a8f60982a8a630fc788e6161b1634249aba747c35573bf9f3166261219467b24Debian Security Advisory 1483-1 - The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
5daffd560a50978facc11fa6d4b0a625eeb355f15b815daf26d5fef26037223fMihalism Multi Host Download blind SQL injection exploit that makes use of users.php.
f3e116d3adf45b7ca3cf246522ab345737e81244b487b16f2576a3a766ca435aThe Joomla Ynews component version 1.0.0 suffers from a remote SQL injection vulnerability.
d4a4d1938055d31983dd1a599ac58c8f616be4a584b14a304ae539585354c502iDefense Security Advisory 02.04.08 - Remote exploitation of a denial of service vulnerability in Hewlett-Packard's Network Node Manager product allows attackers to crash the ovtopmd process. The ovtopmd process contains an implementation error, in which it attempts to access an invalid memory address based on data within the TCP stream. By sending a specially crafted request, an attacker can cause the service to crash. iDefense has confirmed this vulnerability in HP's OpenView Network Node Manager 7.5 with all updates applied as of May 14th, 2007.
729c873c456bce1b31790f282ccf524eff5e30ecb47c3e16b548ea893304c259MyNews version 1.6.x suffers from HTML and Javascript injection vulnerabilities allowing for cross site scripting attacks.
7ea731e2ab60cc85afda394d2c913259d2b356b42ef368a1c66d4f0c9dddf581The paper describes a weakness in the pseudo random number generator (PRNG) in use by OpenBSD, Mac OS X, Mac OS X Server, Darwin, NetBSD, FreeBSD and DragonFlyBSD to produce random DNS transaction IDs (OpenBSD) and random IP fragmentation IDs.
f4d5a9167d760de1ba2fee62eca09913ff2bc2b3ccd64974ce7df7c989bc49c5Astanda Directory Project version 1.2 suffers from a SQL injection vulnerability.
fb8cb0a21ee52f94fa2b4c13fe9aef7b001a816c90e279817023a40d84c8bb8aMyBulletinBoard aka MyBB versions 1.2.11 and below SQL injection exploit that makes use of private.php.
97bb5a7869c51e45e75097a5f9c6e47a0d7e55d856543f8f7f12e49f056c1d24Secunia Security Advisory - A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service).
d22e320f2de5b753dab58846ae91fb315dfb17c1eddb603d770baa4cfc5053abSecunia Security Advisory - Two vulnerabilities have been reported in Sun JRE, which can be exploited by malicious people to compromise a user's system.
3feee2cc6f9f52c19bfa810c9098c8a63fa847cbc67a41f00b14c681829d9d4eSecunia Security Advisory - A vulnerability has been reported in NetBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
9c4e9af6188293fc22efe60fe17d47ec1b8e2de2160a6db76ed4c4da41dbfb2bHP Security Bulletin - A potential security vulnerability has been identified with HP Virtual Rooms (HPVR) running on Microsoft Windows. The vulnerability could be exploited to allow remote execution of arbitrary code.
b7ef85ae94bbc6efafdee99b55405948fba742201816d8d4e7495877ffa60bc9HP Security Bulletin - Potential vulnerabilities have been identified with the HP Storage Essentials, Storage Resource Management (SRM) software. These vulnerabilities could be exploited remotely to allow unauthorized access to a managed device.
b021491f7dacf0c24f2e58a9ae3a6231327901f042c92f5ab0bfc976ae7c0347The http-form module for hydra 5.4 has a problem which causes incorrect pieces of memory to be free'd. This is as a result of the memory leak plugs which have been applied to this module for this release. This patch removes the unneeded free's and allows the module to work correctly.
ac64cac7e7334da4ed8ee10f88a7303460bc4c1f7cbb5b5a81f01e6c8938d0b4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed