Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Photoshop CS3, which can be exploited by malicious people to compromise a user's system.
23cefb02f39d2573efca8902dbc39f7011b79b133bfd9f4f7b3dca38822f4ffaSecunia Security Advisory - Some vulnerabilities have been reported in KV AntiVirus 2010, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
53e8286f3fb116a77d292db544efb52ab7b0844df34ec8ac828bf57da00fca5bSecunia Security Advisory - A vulnerability has been discovered in Ziepod, which can be exploited by malicious people to conduct script insertion attacks.
e87997de28f167e6f239eda9767a56f538b9cd65e9dca68441c3686facd54d3eSecunia Security Advisory - A security issue has been discovered in Knowledgeroot Knowledgebase, which can be exploited by malicious people to bypass certain security restrictions.
4a3f17b9c71416cd9d02cc9f612c9cf08ff15047b3b86f3f09d42d43c0823233Secunia Security Advisory - Two vulnerabilities have been reported in 360 Safe, which can be exploited by malicious, local users to perform certain actions with escalated privileges, cause a DoS (Denial of Service), or potentially gain escalated privileges.
ade5c9fd218e6fe9113f79b22469ba77e5e9d823e01e6340daeefe8c12212b0dSecunia Security Advisory - A vulnerability has been reported in 360 Anti-Virus and 360 Security Guard, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
dac2b9ed0340286b46a409c1779710b4879e5699a3d60ebab7bc2b7ec57826a1Secunia Security Advisory - A vulnerability has been reported in 360 Anti-Virus and 360 Security Guard, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
e62ff03279721347c5df5f889d6a7a04630283ca81d6c2c740ccafd76b6bd505Secunia Security Advisory - Red Hat has issued an update for httpd and httpd22 for JBoss Enterprise Web Server. This fixes two vulnerabilities, which can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service).
62273d9008f3c8898a8b35bc247f7a48f9ee668a6110423b8b831ddb7a455589Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service), and by malicious people to cause a DoS.
c29930e31220b1ba1c7b7119a92a04ccd63d01cf08394e59fb4961adb068919eSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
7e1384bb16fadb56efd506c88a8148fc7ce798d891fbdf821c243cf4404e608celiteCMS version 1.01 suffers from a cross site request forgery vulnerability.
1c6b22e991aafca486d5d9f136825bf46856c5c7bb5188eaf6aa0335d56f8750Zikula Application Framework version 1.2.2 suffers from a cross site request forgery vulnerability.
8f921a9905f04920469c4ad4be5af76d8f98eff4329486ab2c0da7972286b714Core Security Technologies Advisory - Prior to MS10-024 the Windows SMTP Service generated DNS queries with trivially guessable values in the transaction ID field. The issue was addressed in MS10-024 by adding a call to the 'CAsyncDns::GenerateRandWord' method when building the DNS query. Prior to MS10-024 the Windows SMTP Service did not check that the value of the ID field of a DNS response received from the network actually matched the value of the ID field of a corresponding DNS query packet previously sent. The issue was addressed in MS10-024 by adding validation logic to the 'CAsyncDns::ProcessReadIO' method.
f9f3d7f24dfb5f26df59a62a6054cd9aaf1939a9958a82a13d2f856165222d6aMandriva Linux Security Advisory 2010-091 - This update provides a new OpenOffice.org version 3.1.1. An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing. A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file. Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file. OpenOffice's xmlsec uses a bundled Libtool which might load.la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.
8d9c5f17ff17abb01c346325d44694318ba9b0991da8314b424d66dd738fe7f5REC0N 2010 Call For Papers Reminder - REC0N is a security conference taking place in downtown Montreal from July 9th through the 11th.
f3694d0bdbd88eac9bef2c626e0e33a9e79df9ec45e25ac40db87e0a4ea14a67thEngine version 0.1 suffers from a local file inclusion vulnerability.
d031ad56172e09f98df1fa9c912f57b9c53ae6544afdf73be3fc3fa2adbbc1d733 bytes small Linux/x86 execve("/bin/bash","-p",NULL) shellcode.
cfaa5b5b6456a7736b0887b9dcfe7b971a523d979d04def460f60fdf878fd352Wing FTP Server version 3.4.3 suffers from a directory traversal vulnerability.
d7fb4ac82e2b9d3473faa005fc39eebb2473b9c4233535710d7434aa884e0454Mandriva Linux Security Advisory 2010-090 - client/mount.cifs.c in mount.cifs in smbfs in Samba does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. client/mount.cifs.c in mount.cifs in smbfs in Samba allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file. The updated packages have been patched to correct these issues.
ccfda0113d596bf024ec0360c4b46676053de6e3625e6ae746bb90f51efa9c31Whitepaper called SQL Injection - Working With MySQL. Written in German.
a6b1548d65f07d81d842b7e94aaf26483dcaecae4a856edc4829b214b4f9bfa3Acuity CMS version 2.6.2 suffers from a cross site scripting vulnerability.
ea95c9c269be5d443a90f5eb227dfbb767e6e256db1a8ba12e83fa0efb3635f2Whitepaper called Technique Of Quick Exploitation Of Double Blind SQL Injection.
6fd6d8f9f3df57755617038b830d13a062458ae3a6053f3f323e9e60bed9e712Knowledge Root version 0.9.9.5 suffers from a remote shell upload vulnerability.
77750d0a1084389df3ffa46dce6384fb28c90ce9b509ada90c8569e803c09b4celiteCMS suffers from a cross site scripting vulnerability.
ecad1e917d010d68a5c8d5fdbe2658eb710f3ff72925e62c627725b4e3f12af2ecoCMS suffers from a cross site scripting vulnerability.
59be35be497e3769b700f2f33e796250a3a07afce482f7a80a1e1368a8f0cd91
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed