Gentoo Linux Security Advisory GLSA 200504-30 - The phpMyAdmin installation process leaves the SQL install script with insecure permissions. Versions less than 2.6.2-r1 are affected.
b0239400f3f7ac89cbb6e8a815973a59Gentoo Linux Security Advisory GLSA 200504-29 - Steven Van Acker has discovered a buffer overflow vulnerability in the add_port() function in Pound. Versions less than 1.8.3 are affected.
8f62feaa342c218bf76d8c457898e0ffGentoo Linux Security Advisory GLSA 200504-28 - Buffer overflow vulnerabilities in the slc_add_reply() and env_opt_add() functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Versions less than 0.6.4 are affected.
5cc160cf60ddc9411478b10a8b0a5125phpBB suffers from SQL injection vulnerabilities.
f94f31e4857c21006d283dbc672fb405myPHP version 3 suffers from some authentication flaws.
51193ee739824833703a2b986a8817e0NetTerm 5.1.1 is susceptible to a buffer overflow vulnerability.
871993e40cbe7717651a3eeef6b383bdiDEFENSE Security Advisory 04.25.06-3 - Remote exploitation of a buffer overflow vulnerability in Citrix Systems Inc.'s Program Neighborhood Agent allows attackers to execute arbitrary code under the privileges of the client user. The problem specifically exists in the client code responsible for handling the caching of information received from the server.
b1ebd127344fc773fafe8263a2d2ea35iDEFENSE Security Advisory 04.25.06-2 - Remote exploitation of a design error in Citrix Systems Inc.'s Program Neighborhood Agent allows attackers to create arbitrary shortcuts under the privileges of the client user. Citrix Program Neighborhood Agent is a part of the Citrix Presentation Server Client and facilitates access to Citrix published applications. The problem specifically exists in that an attacker who has established a malicious server can create arbitrary shortcuts to the client user's Startup folder.
5cf2c24878d2230b2501e768ff255977iDEFENSE Security Advisory 04.25.06-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerabiltiy specifically exists because of a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long 'If' parameter string, a stack-based overflow occurs.
ebb72484262e3a832a2e188fb0efe36biDEFENSE Security Advisory 04.25.05-2 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to a lack of bounds checking in the WebDAV functionality of the web tool. When an attacker issues an HTTP request with the unlock method, along with a long Lock-Token string, a stack-based overflow occurs.
610932a650687a50ec0b632f46263c2ciDEFENSE Security Advisory 04.25.05-1 - Remote exploitation of a stack-based buffer overflow vulnerability in MySQL MaxDB could allow attackers to execute arbitrary code. The vulnerability specifically exists due to improper handling of HTTP GET queries containing a percent sign (%).
886f10fd1646de93ce805ff98e4f9c57Sqwebmail is susceptible to a cross site scripting vulnerability.
750f7b9ce22148f3a9cff55cdeef7d07Snmppd is susceptible to a format string vulnerability.
02c8e09228f0fb818c6d1a9f32266bd7Gentoo Linux Security Advisory GLSA 200504-25 - Rootkit Hunter is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
5c7857e3c50c338208b42e8ba8c0f6daGentoo Linux Security Advisory GLSA 200504-24 - Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Versions less than 1.0.0.007 are affected.
4a08bb68e1552f515019d30e3f811b8fMailEnable HTTPMail Enterprise <= 1.04 Professional <= 1.54 is vulnerable to a buffer overflow on a header field definition which would allow an attacker to execute arbitrary code.
d95a941b1cefa11eb1ce0eeafa95781fA local file detection flaw has been found in the Adobe Reader ActiveX control. Adobe Reader versions 7.0 and below are affected.
5b4ccb8870b3d09850ce5abc3fc04a3fArgosoft mail server pro 1.8.7.6 (maybe others) are vulnerable to a cross-site scripting attack due to the mail server not filtering out some HTML tags in email messages.
c66efd8ea1f31601c087170cc16d2c30FreeBSD Security Advisory FreeBSD-SA-05:05 - Multiple programming errors were found in CVS. In one case, variable length strings are copied into a fixed length buffer without adequate checks being made; other errors include NULL pointer dereferences, possible use of uninitialized variables, and memory leaks.
44252ecef15f29844438c004f4675f0cKDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
7bb96ff48b232106a11fc4577e281669KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.
abf1b939e8330ae965e85355160a55e7A vulnerability exists in Macromedia ColdFusion 7.0 which allows a remote attacker to execute arbitrary HTML and script code to a users browser session.
ecd6a01f7d9d413720465930e122bbe4By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media application.
8ecf72409c9bdc9b76a55417a1c6f5ccWebSphere Application Server version 6.0 suffers from a cross site scripting flaw.
ebccfe1d822bcdf0e3938fc2c16a3824Debian Security Advisory DSA 713-1 - Several bugs have been found in junkbuster, a HTTP proxy and filter.
89f33879ab3729f17a10b9d60a1004e7
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed