OpenSSL Security Advisory 20071012 - Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. DTLS is a datagram variant of TLS specified in RFC 4347 first supported in OpenSSL version 0.9.8. Note that the vulnerabilities do not affect SSL and TLS so only clients and servers explicitly using DTLS are affected.
af582719a8ae86aed227c762b0680e7b01041c84d523533cf73b52a22ecf4779OPAL versions 2.2.8 and below and Ekiga versions 2.0.9 and below suffer from a denial of service condition due to insufficiently validating the Content-Length field of a SIP request.
4d364df06d8fbbc07a007d1e0a7b5b491550f9b20da4c09aa796e46c096883f4iDefense Security Advisory 10.11.07 - Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user. iDefense has confirmed the existence of these vulnerabilities libFLAC 1.2.0, as well as the version of libFLAC included in in the full 5.35 version Winamp. Previous versions of libFLAC may also be vulnerable. The lite version of Winamp does not include support for the FLAC file format, and as such is not vulnerable.
e3fa3ebc175734d879a00ff698bd7e293e3b02ba0e1c79866892a74f95817dfceEye Digital Security has discovered a remote vulnerability in CA BrightStor ARCserve Backup Server that allows an attacker to execute arbitrary code as SYSTEM without any user interaction. The exploit is extremely reliable and can be successfully delivered either across the Internet or within local networks via a random TCP port that is disclosed by the BrightStor portmapper service on TCP/111.
009d71dfb29f2caa5ca0a43c3b72406ccf8c716bee6628c3e41f5d7cf66f485eA remote stack overflow vulnerability exist in the RPC interface of CA BrightStor ARCServe BackUp. An arbitrary anonymous attacker can execute arbitrary code on the affected system by exploiting this vulnerability.
239e57e4163b68e8237af400d6a05c05dcfeb8f43d3b3ed722f445a675062281Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action. The first set of vulnerabilities occur due to insufficient bounds checking by multiple components. The second vulnerability occurs due to privileged functions being available for use without proper authorization. The third set of vulnerabilities are due to a memory corruption occurring with the processing of RPC procedure arguments by multiple services. The vulnerabilities allow an attacker to cause a denial of service, or potentially to execute arbitrary code.
8860eaa4bfc2250849f113f1ca5d8c680bf62c6a8fde2785a35e35b2338b7feaHP Security Bulletin - A potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
83f53cbcbb5bd239258285ffd144889964335f29d3a2eb11c043296369aa97a3HP Security Bulletin - A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited to allow remote unauthorized access.
f8a356f78e457fe425114b413c8aa505e00fcce935ab5ab31c83134d2f756f6bThe Joomla! swMenuFree component version 4.6 is susceptible to a remote file inclusion vulnerability.
b580780c5d918d4a66ee6428825abc7482b60a0440ca156db71dbf85a6373c57PHP 5.2.4 ionCube version 6.5 extension safe_mode / disable_functions bypass exploit.
de9ea6fa287070ddf9db07de4f0152c0ccd34beba5e0b487ea6326d851648800Apple iTouch/iPhone version 1.1.1 tif file remote jailbreak exploit.
76eecc62ef34b435ef9dfe00b0a4110beda66eb0000f383f69957a7f846df1e1KwsPHP version 1.0 remote SQL injection exploit that takes advantage of the Newsletter module.
35776da6a5beaddb57ea4514beea7e95e71010a018c6e3dbe0375fa044a09be7Joomla Flash uploader version 2.5.1 is susceptible to remote file inclusion vulnerabilities.
c751d1567a05f69791e735f763bccf6dde29d8dab059d63fb7021ef21ba36802Ubuntu Security Notice 529-1 - It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
181a30cb952104ee280e828c6d4147ace794a68504848fad11c36abe683a4660Ubuntu Security Notice 528-1 - Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service. Victoria Reznichenko discovered that MySQL did not always require the DROP privilege. An authenticated user could exploit this via RENAME TABLE statements to rename arbitrary tables, possibly gaining additional database access. It was discovered that MySQL could be made to overflow a signed char during authentication. Remote attackers could use crafted authentication requests to cause a denial of service. Phil Anderton discovered that MySQL did not properly verify access privileges when accessing external tables. As a result, authenticated users could exploit this to obtain UPDATE privileges to external tables. In certain situations, when installing or upgrading mysql, there was no notification that the mysql root user password needed to be set. If the password was left unset, attackers would be able to obtain unrestricted access to mysql. This is now checked during mysql start-up.
7f7e76b344d2d14eab460e08b5f89fb18e6f8f1639b7aabf6d19d33117f1fa43Mandriva Linux Security Advisory - More vulnerabilities in libvorbis were found that could be used to cause an application linked to libvorbis to crash or execute arbitrary code if used to open a carefully crafted OGG file.
d7380cf6430a020b77f7e130e7f0b38e846a7bb33fa53fba4dacc21fabd6d281PicoFlat CMS versions 0.4.14 and below suffer from a remote file inclusion vulnerability in index.php.
374204813c175da3153de1f110ffc7260da8bf052828479234fd5c912d8aee50WebDesktop version 0.1 is susceptible to remote file inclusion vulnerabilities.
7f514dfce15b88d3fdc28ea2f2dbc31ffe4ea981244cc4d3cde62677456d7f70Pindorama version 0.1 is susceptible to a remote file inclusion vulnerability in client.php.
0ca5488f1020f94f5e3062f4b58130aae2b87c21de619807d148f8eeef50fb48Secunia Security Advisory - Fedora has issued an update for util-linux. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
7a4c61a44299f55b525d60c079654f0408b7c2e6e595c5ec8cb9b62d50468d99Secunia Security Advisory - Janek Vind has reported a vulnerability in FCKEditor, which potentially can be exploited by malicious people to compromise a vulnerable system.
b56b5bc7f03d7caf124ba65ecbb66b3016d59fdeaecdd01b2ba8005b68d8dc19Secunia Security Advisory - Ubuntu has issued an update for mysql. This fixes some vulnerabilities and security issues, which can be exploited by malicious users to gain escalated privileges, bypass certain security restrictions and cause a DoS (Denial of Service) or malicious people to cause a DoS.
6a26b6b18dcf02b4c25d616ae585d8fb909377dcac67bb0855c6fa5a17bbdb8cSecunia Security Advisory - Aaron Portnoy has reported a vulnerability in EMC RepliStor, which can be exploited by malicious people to compromise a vulnerable system.
620d718e6ccbd43babe3318a65a3b4ae8e3577d9781fc97d1211954c45053d75Secunia Security Advisory - Andy Davis has reported a vulnerability in Cisco IOS, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
c433c2279f762f1ce1be11f03860914eba57adb990e2ede43cafa82b862627f2Secunia Security Advisory - BiNgZa has discovered a vulnerability in NuSEO.PHP, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
b360c53595e956c3ae4a67ed94305c9a9ab6ad422342704b91b7f4761789b08b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed