dotclear version 1.2.2 and below suffer from a remote SQL injection flaw.
a9e75774cb55c285c1da33383656bab8Debian Security Advisory DSA 912-1 - Wernfried Haas discovered that centericq, a text-mode multi-protocol instant messenger client, can crash when it receives certain zero length packets and is directly connected to the Internet.
b462d1b23e1eedf239a39dd01fbb0911Gallery versions below 2.0.2 are susceptible to cross site scripting, arbitrary file viewing, and more.
65d80cb9bb3372ddffe7b9e099747fc3Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.
00a5666bc4aeb1e3ee170e51604b41acOpera 8.50 is susceptible to a denial of service condition via an applet.
4127abd26949b8d4f5affb8a92ee8c41The Panda Antivirus Library is vulnerable to a heap overflow during decompression of ZOO files.
10ad95169bd5d9c198d4d0396901d0a3Cisco Security Advisory - A vulnerability exists in CSA agents that can allow a privilege escalation through locally executed software, providing a normal user or attacker with local system level privileges on a Windows workstation or server running managed or standalone CSA 4.5.0 or 4.5.1 agents.
c196f024c8953a7543f679b06c261c2fDebian Security Advisory DSA 911-1 - Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library.
fed76a51e18c6ede5d5a6d205e979551The Webmin miniserv.pl code suffers from a format string vulnerability.
7c25d3ce7077a864a585cd9dd45ecdabIt is possible to mount a denial of service attack against Windows 2000/2003 hosts where the SYN attack protection has been enabled.
30f518d23805f8d7f614a1160e6683b8WebCalendar 1.0.1 is susceptible to SQL injection attacks.
174c731d21acd08ee55c9e9493cb0e8ePHP Web Statistik version 1.4 suffers from injection vulnerabilities.
db896fef23b6cadf087fe6af44603b0eAPC PowerChute Network Shutdown's web interface only supports HTTP, forcing credentials to be passed in the clear.
b7f2c0e10fd17cc40d16690e00166bcfGoogle Talk Beta Messenger stores all credentials in clear text in the process memory.
5fce4868cbb6000404dc2d6cbd79e239Gentoo Linux Security Advisory GLSA 200511-23 - Sven Tantau reported about a buffer overflow vulnerability in chmlib. The function _chm_decompress_block() does not properly perform boundary checking, resulting in a stack-based buffer overflow. Versions less than 0.37.4 are affected.
3149fe1483f4683cc97bc1bb9232e732Gentoo Linux Security Advisory GLSA 200511-22 - Joxean Koret has discovered that Inkscape incorrectly allocates memory when opening an SVG file, creating the possibility of a buffer overflow if the SVG file being opened is specially crafted. Versions less than 0.43 are affected.
638841014799547e168aa1549ce11e5aktools versions 0.3 and below suffer from a buffer overflow vulnerability.
c03933cc28bfc06827878bd17de37045Gentoo Linux Security Advisory GLSA 200511-21 - When handling a SWF file, the Macromedia Flash Player incorrectly validates the frame type identifier stored in the SWF file which is used as an index to reference an array of function pointers. A specially crafted SWF file can cause this index to reference memory outside of the scope of the Macromedia Flash Player, which in turn can cause the Macromedia Flash Player to use unintended memory address(es) as function pointers. Versions less than 7.0.61 are affected.
03fab18f2b73a4f494fe8eac11581787Secunia Research has discovered two boundary error vulnerabilities in various SpeedProject products, which can be exploited by malicious people to compromise a user's system.
92044cce241edb57efa5f54490a44f55Debian Security Advisory DSA 910-1 - A vulnerability has been discovered in zope 2.7, as Open Source web application server, that allows remote attackers to insert arbitrary files via include directives in reStructuredText functionality.
97cb6fe303acc57f016b7d5cefb1aaa9Mandriva Linux Security Advisory - Integer overflows in various applications in the binutils package may allow attackers to execute arbitrary code via a carefully crafted object file.
6fae237406dea7692c9fcf77bbea015eDebian Security Advisory DSA 909-1 - Daniel Schreckling discovered that the MIME viewer in horde3, a web application suite, does not always sanitize its input leaving a possibility to force the return of malicious code that could be executed on the victim's machine.
e0d2e0091d7c22cba754a971d41c6d70Debian Security Advisory DSA 908-1 - Colin Leroy discovered several buffer overflows in a number of importer routines in sylpheed-claws, an extended version of the Sylpheed mail client, that could lead to the execution of arbitrary code.
8a99efd178d1f74bc82160e39d980b48Debian Security Advisory DSA 907-1 - Akira Yoshiyama noticed that ipmenu, an cursel iptables/iproute2 GUI, creates a temporary file in an insecure fashion allowing a local attacker to overwrite arbitrary files utilising a symlink attack.
13e644fa69f5c5af1e6fe1d6da66c984Gentoo Linux Security Advisory GLSA 200511-20 - The Horde Team reported a potential XSS vulnerability. Horde fails to properly escape error messages which may lead to displaying unsanitized error messages via Notification_Listener::getMessage() Versions less than 2.2.9 are affected.
e87508d4af67ce51e91e811f276d8112
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed