Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues.
128b2e6b39bb8559db988ef3a065a0a1f8e056209cbe8d7fa77bda7e09b9db5fMandriva Linux Security Advisory 2009-120 - Multiple security vulnerabilities has been identified and fixed in OpenSSL. The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. The updated packages have been patched to prevent this.
7e8ebc6722e9cb207f931607e5f931703c3b62ea75e530755e6a4508a4f1894bArticle Directory suffers from a remote SQL injection vulnerability that allows for authentication bypass.
cd562bd34d50c22fc6585792167d2e494db2a31d0aab4f1a261c3926e6fc293dJob Script version 2.0 suffers from an arbitrary shell upload vulnerability.
4a3482a6491e17866d11c3c73d3a2d293984b5b60e7887976bf342e7d961d1b2Whitepaper called Bypassing Authentication with Reverse Engineering in Linux x86. Written in French.
d0f828ad7777b98f34730768e4f138dc040ce4035f096350e941119c38796d30ASP Inline Corporate Calendar suffers from cross site scripting and remote SQL injection vulnerabilities.
874fb7cd2dee89e1198278d1d6a572db318eb99f9ed90552faa192cfc0479421Vicidial Call Center Suite suffers from a remote SQL injection vulnerability that allows for authentication bypass.
dd153347a6ae4a60a5a94749845e3e641552b7fe325cdb21ac04462eb905cdd7The web interface on tcp port 8090 of IPsession suffers from a SQL injection vulnerability.
8ebe731ee60d54089c1f0889cc235ec865a4cae70469a62ae157e32a3770d034ChinaGames Active-X related remote code execution exploit.
37dd8a9d4a61db3b728b4d92c86d9ca46d1f69d5ef11c2895ff243cc6c5004dbBaoFeng Active-X related remote code execution exploit.
b95ec3df242df9aabe408e8cec14958c83ec0b8017ddfaf5f347b49cbc3bfddaRemote authentication bypass exploit for the WebDAV vulnerability in Microsoft IIS 6.0.
58794bad254c95a52a4aff02ec52eb753d9e24ebc75be5de3d39aa371b956db2Secunia Security Advisory - A vulnerability has been discovered in Mac OS X, which can be exploited by malicious people to compromise a user's system.
3a7f59d44228e5fe13c27d22d330b7dae3664c1f1ffaba9e45c6330881a90e88Secunia Security Advisory - Debian has issued an update for ipsec-tools. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
801f34c99b85cb3b8f9f36d94030fabfa057bc5f04b4beee7489317376b0a349Secunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
7f38974c45dc6edffd5a388f61ad4233b1a3d3ebd88ce203535e643f0d5ded51Secunia Security Advisory - SUSE has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
f606aebd43584f5ced45a26bb172b2ce24cfb74e5a5c39907bcdca4a6fe146e9Secunia Security Advisory - Debian has issued an update for nsd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
a7f99296ecad42835d4c43720edbe647efcdcf17932835f51554fd6e8be6e566Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.
21485763816abefeb0768cdab4cd7bbdaea39afe598e1ee3d6c08e7b7605cb17Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), disclose potentially sensitive information and by malicious people to potentially compromise a vulnerable system.
af17c6a25dbc86e006a1e68537baeee075a86e4d2aba5dfe45470875745f6a7eSecunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Communications Express, which can be exploited by malicious people to conduct cross-site scripting attacks.
ddf1c73dd897efd125e321509ba1f1c89d5293e47435b008087b54792d7edce5Secunia Security Advisory - ThE g0bL!N has discovered some vulnerabilities in NC GBook, which can be exploited by malicious people to compromise a vulnerable system.
942567e55cd2735cf171a601206883266d8030a3686416d4e8124b339953b305Secunia Security Advisory - ByALBAYX has reported a vulnerability in exJune Office Message System, which can be exploited by malicious people to bypass certain security restrictions.
dc33a97a2dbb25d0a8a266dccbf36d7dd1d38ef124edf05c1d937bd3b86a1a32Secunia Security Advisory - Snakespc has reported a vulnerability in bSpeak, which can be exploited by malicious people to conduct SQL injection attacks.
4e34a7a18a5ce26ee2690d190dfaf883eea9c9a25c7582965f00725b97af4e51iDefense Security Advisory 05.19.09 - Local exploitation of a file overwrite vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected.
5eb925589dbd4a9070539b783c3c683162ba40bd5d486b533a392ac2f3129ecdCore Security Technologies Advisory - Several cross site scripting vulnerabilities were found in the following files/urls of the Sun Java System Communications Express system.
09a4000ae9c2640418f24e0ae0384e933c5f4874aabf5133cace4e36ed81dd0aCisco Security Advisory - CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files.
119622f09a71ed35e8f24167bc3571f5a1b87a4edf4789bc38a752adc1de5f93
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed