Ubuntu Security Notice 526-1 - Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.
0f79713d47922e9699f6f7748e8f256eea58e9743bebd57b333c780201b14f5fUbuntu Security Notice 525-1 - Robert Buchholz discovered that libsndfile did not correctly validate the size of its memory buffers. If a user were tricked into playing a specially crafted FLAC file, a remote attacker could execute arbitrary code with user privileges.
2c6937c22bf119a9f249ebc4002d970ce18187beb7c8a17fa0fb05e51d69fb5eUbuntu Security Notice 524-1 - An integer overflow was discovered in the TIFF handling code in OpenOffice. If a user were tricked into loading a malicious TIFF image, a remote attacker could execute arbitrary code with user privileges.
d679c6e0a877e8dbdd863c4cf4253bbec18d9365f65b6eecc313749f6295aa68Mandriva Linux Security Advisory - A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the application's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code.
e2a55a0ddfe0e74375fa35335a37ec3b8f8a492c3c7d3bbcc030dfe764c45c83Gentoo Linux Security Advisory GLSA 200710-01 - A stack based buffer overflow has been discovered in the svcauth_gss_validate() function in file lib/rpc/svc_auth_gss.c when processing an overly long string in a RPC message. Versions less than 0.16 are affected.
5dcb345310412b72c5ee993c17657da7411898965c17fe4fe7957de2cfc7e000The NetSupport Manager client that listens on TCP port 5405 does not properly validate input supplied during the initial connection sequence. Specifically, during the configuration exchange part of the initial connection setup, the client does not appear to validate the supplied data which can result in a DoS of the NetSupport Manager Client. Remote code exploitation is also thought to be possible.
cde2525578cbe2844b74106d67cd9ea372d80d0491c48852fda02ce3f1368320www.monografias.com suffers from a cross site scripting vulnerability.
c52e8ea14b32eadfae6d506469d5e416e510b1e713d6af126514ba612a4b5b37Stuffed Tracker suffers from multiple cross site scripting vulnerabilities.
75842e814c1d972d528943705bca98c7dd67434ee3f764435ac0c5a6a805fffcVba32 AntiVirus version 3.12.2 suffers from an insecure file permission vulnerability.
d3d6140a0119824f9833385bf62ffbd9f3acf4febef91c4755b0f09ad6e69702strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
c45faeac07c3670026eb663fedda94fb5d319625be7196d814fbba9d4b28b2abLeaguestat.com version 0.1 suffers from a local file inclusion vulnerability.
6c92ffa3847bf342029b66e46143356e1d65753191336b79fbde0e4fe7ec664bFurkan Tastan Blog suffers from a remote SQL injection vulnerability.
4f0a2fc4fd446a8404d2a5e70c8d8e1261995d74b5b0e8c3728a7dc27e7ae831UebiMiau versions 2.7.x and below suffer from a cross site scripting vulnerability due to the email variable not being sanitized.
79a84d3b963c093c2200fd851b69d2f931d4bb23f1b53a7c634509e2e368c560Trionic Cite CMS versions 1.2rev9 and below suffer from a remote file inclusion vulnerability.
e3fa94a3ed8fb70cb376a83e84f20a240d78c3d4c3a79a09b99149f6bf0cd957There exists multiple vulnerabilities within functions of Firebird Relational Database, which when properly exploited can lead to remote compromise of the vulnerable system.
1c86a390506eff2926bd6e4aa1194c457840db61d3266849eacf36611c21d7d8There exists multiple vulnerabilities within functions of Borland InterBase, which when properly exploited can lead to remote compromise of the vulnerable system.
4677f1e27489c5e2f6da840db8cc4baacfe3704811d7e3fa34b629b2925dd959Cart32 versions 6.3 and below suffer from an arbitrary file download vulnerability.
a92fa9402089256f28b31d6407f2dce1d7e435f93e1b897eed66b1ed6d626af2Ossigeno CMS versions 2.2a3 and below suffer from a remote file inclusion vulnerability in footer.php.
0128339e51bc8dab8e4f8ff73b006f2495c3ec644492a282ae32cddad7ba5636Web Template Management System version 1.3 suffers from a remote SQL injection vulnerability.
9bea5fdd58ecedba219929e700c129013ba97e4cb7fc6f4a064e5cfccf47f407FSFDT version 3.000 d9 remote buffer overflow exploit that spawns a reverse shell to 10.0.0.100:4321.
6334281787ff675203ddc02bdec9476d24639f281266b774ce705692e0695395Ubuntu Security Notice 523-1 - Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges.
131191d0b29fa7de23c99153559471941ccb8045903b5decedbd76f9abdec287FreeBSD Security Advisory - A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found to be incorrectly fixed.
b17048d5d589fb121d6c680856308fa4c05d2db3f5e995fda3825188618c9387Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in Altnet Download Manager, which can be exploited by malicious people to compromise a user's system.
f2c857bbeae6499877e4a48eef1e60f094b505dc794bcbf0ba19be6b017dc33cSecunia Security Advisory - Trew has reported some vulnerabilities in BlackBoard Learning System, which can be exploited by malicious users to conduct script insertion attacks.
7923f75e705108fbb40ac08b26e115308b793972e9f4fbb23b3309bf23a562faSecunia Security Advisory - Multiple vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment), which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system.
5ea060abbafb7ec298181b469fc1d6e095273995dd938e58b7724d54376c67d5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed