Debian Linux Security Advisory 1979-1 - Multiple vulnerabilities have been discovered in lintian, a Debian package checker.
66bdce5efc2c4f89600880114fde96c74c17bd93a0f636d2f784a32d116812e2SAP BusinessObjects version 12 suffers from multiple cross site scripting vulnerabilities.
085ac75868915cdcd505723a58a8951419e5f53a87bd76e3d537fde452b51eecUbuntu Security Notice 803-2 - USN-803-1 fixed a vulnerability in Dhcp. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 8.10 and higher. Even with the patch improperly applied, the default compiler options reduced the vulnerability to a denial of service. Additionally, in Ubuntu 9.04 and higher, users were also protected by the AppArmor dhclient3 profile. This update fixes the problem. Original advisory details: It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.
c90a7824d2bd0d7a5899ee65553262f2b5893da989fde41ccb00958d6d18c356HP System Management
ddcc79a177acbbd59d6d2d079154c3d46d3fcfdbb7f16e567efe08e109ead8d5Cisco Security Advisory - Multiple vulnerabilities exist in Cisco Unified MeetingPlace. These range from insufficient validation of SQL commands to privilege escalation.
4aa2bb0a2d41ca620ec9b7fb3d6cde2d020c75b3fc9ea78f77febad00c3de1b2This Metasploit module exploits a stack overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code.
8b56d9e271eea43f1c56b4b45991c680b198e3681ff3e9ad94e03dd50625addcDuring a penetration test, RedTeam Pentesting discovered that the GNCaster software has multiple bugs in its implementation of HTTP Digest Authentication. Versions 1.4.0.7 and below are affected.
9d79b054da7caa24e58f55b14bf0e509c7751dadf932bbd3cc895783315d6c75During a penetration test, RedTeam Pentesting discovered that the GNCaster software does not handle NMEA-data correctly. An attacker that has valid login credentials can use this to crash the server software or potentially execute code on the server. Versions 1.4.0.7 and below are affected.
c8321376fc3974e6a79d282a3479efecae9a016d1d25c3ce7e253a9da0f392adMandriva Linux Security Advisory 2010-028 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. The updated packages have been patched to correct these issues.
bcbed668507255178c552af90eaf168b462be20aa49012dc6e3325cff54e5b26Mod_proxy from Apache 1.3 suffers from an integer overflow. Full details and proof of concept provided.
11dd93d3866b4c509284c60e2c79acc4279efc7fb07033aa2aaf0688759ed0f2CamShot version 1.2 SEH overwrite exploit.
8cfbdd7126889ec323f873b5ca4e041d8178af252b9414b780f1e33fcf77ad97HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be exploited to gain unauthorized access.
f005f9cfa047a6194fc3cee0b7cdb059b9ebba599306ba8cfe92220af2f03747The Apple iPhone/iPod Serversman HTTP server version 3.1.5 suffers from a denial of service vulnerability. Proof of concept included.
14826ef462af461e7fb714d5a56e0f06d387feb80e73363c158926d4dd7b98dcNetsupport Manager versions prior to Jan 11, 2010 suffered from a denial of service vulnerability.
697d0090eaffd9dbe7c2679699615f98262f9c178486afb2f31a815dcc92df61The Joomla Customers Who Bought module suffers from a remote SQL injection vulnerability.
cd8ad83643fa7b5d58c05896b7e2fda1dcf7328e810a07f0986b3143d756ec0aShareTronix version 1.0.4 suffers from a html injection / cross site scripting vulnerability.
817dd253441e5956c60d6960212f583a0f82663cec4551a180c396943ae62d25Lalim Compact Player suffers from a denial of service vulnerability.
b8d0ca4537da1f9398b31364d4a69c004d1c269b5be45f0b57c08645e0eba1deDuring a penetration test, RedTeam Pentesting discovered that the GNCASTER software does not handle long URLs correctly. An attacker can use this to crash the server software or potentially execute code on the server.Versions 1.4.07 and below are affected.
67f6376c0ea6f3cd887c980ec39b831bccb583cf0aef753ee78c623a431765aeWhitepaper called Weaning The Web Off Of Session Cookies. It compares the security weaknesses and usability limitations of both cookie-based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice.
8037409600569b8d43de2c78faf6df1c248608e53de405e52921675f233564e4Mandriva Linux Security Advisory 2010-027 - KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \\'\\0\\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption. The updated packages have been patched to correct these issues.
701ad2e7099f449e19e82471a31b95691ff8ff843d3d5029da766636d5585359The Joomla 3D Cloud component suffers from cross site scripting and html injection vulnerabilities.
2f0548ab3c0d2730e28512102cb6383dea1d481208f56ea912cb6bbcc9d3dabbThe Joomla Virtuemart component version 1.1.4 suffers from a remote SQL injection vulnerability.
c26e8777783cbc37cab0493ce13510a293c5dd19ee2ddbf58dc4a3bc936d91fdDebian Linux Security Advisory 1978-1 - Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP.
69f85bade634aaa80b3a1ffe6f5ddcafd82e697ba944c468ffbf9fa38537dbddWhitepaper called Methods Of Quick Exploitation Of Blind SQL Injection.
c69a4c103d432b2d88223df4dc98088b20c316605edf6809bd15d959593d2fd5LookMer Music Portal suffers from a database disclosure vulnerability.
a3ee94babad164467618891403ee460acf6ea0ce265ec1b2dc0617c058fd9c7b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed