Mandriva Linux Security Advisory 2009-069 - A security vulnerability has been identified and fixed in curl, which could allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. The updated packages have been patched to prevent this.
6eafd705c31be69b6d23dbd9e55281ae1dc6869a2902eee1d33f7db0615634feGentoo Linux Security Advisory GLSA 200903-04 - Multiple boundary errors in DevIL may allow for the execution of arbitrary code. Stefan Cornelius (Secunia Research) discovered two boundary errors within the iGetHdrHeader() function in src-IL/src/il_hdr.c. Versions less than 1.7.7 are affected.
6968c1a9f3dc299f41f0c1b860ac8597572eccd32d40e16046428903f5f83fb7Gentoo Linux Security Advisory GLSA 200903-03 - A boundary error in Audacity allows for the execution of arbitrary code. Houssamix discovered a boundary error in the String_parse::get_nonspace_quoted() function in lib-src/allegro/strparse.cpp. Versions less than 1.3.6 are affected.
382d133703abbb0c8fea9b7acea448f82dcfc98951921d49b782e39e9bc7fb8dGentoo Linux Security Advisory GLSA 200903-02 - A vulnerability in ZNC allows for privilege escalation. cnu discovered multiple CRLF injection vulnerabilities in ZNC's webadmin module. Versions less than 0.066 are affected.
4d2ca7727fe41b71d1b6c9ba909a41f841b7b15e41a0f7ac60d75f39c8058d2eGentoo Linux Security Advisory GLSA 200903-01 - A format string error in Vinagre may allow for the execution of arbitrary code. Alfredo Ortega (Core Security Technologies) reported a format string error in the vinagre_utils_show_error() function in src/vinagre-utils.c. Versions less than 0.5.2 are affected.
e32d69c3418947024984ebf8184682c8e46be4e41e8e86f920db55796404e58bMandriva Linux Security Advisory 2009-068 - A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of a wrong processing on FormWidgetChoice::loadDefaults method. A crafted PDF file that triggers a parsing error allows remote attackers to cause definal of service. This bug is consequence of an invalid memory dereference on JBIG2SymbolDict::~JBIG2SymbolDict destructor when JBIG2Stream::readSymbolDictSeg method is used. This update provides fixes for those vulnerabilities. This update does not apply for under Corporate Server 4.0 libpoppler0-0.4.1-3.7.20060mlcs4.
512a120f86abcf6b6a9cd6bfe0e57b8ba3cd14d8d0d60faa61d902c11fe550b3nForum version 1.5 suffers from multiple remote SQL injection vulnerabilities.
8580ef00a3c878a404c5f0943e9017c24336e54fd4a99b0f8343eb248b83445cE-Xoops versions 1.08 and below suffer from the same SQL injection vulnerability discovered in version 1.05 back in December of 2007.
122cdf5204ed409e61d652ebd671a3587a8cc70e785f4bb28ca4bbebbff067ca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed