Sony's Instant Video Everywhere Service is susceptible to a replay attack due to passing credentials over an insecure connection.
73a73cdb4d539c620160117e2ebcd634Mandriva Linux Security Advisory - newbug discovered a local root vulnerability in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges.
845ab970fdf12a8ef90288b402653923Electric Sheep version 2.6.3 suffers from a stack overflow in the windows-id parameter. Note that it is not setuid by default.
57e8deff38d9e26fbb051249c8a834b2Electric Sheep version 2.6.3 suffers from network related vulnerabilities due to libcurl issues.
714963b5fa97299d7e3ee7e9376b061dMax Vozeler reported a flaw in the design of rssh_chroot_helper whereby it can be exploited to chroot to arbitrary directories and thereby gain root access. If rssh is installed on a system, and non-trusted users on that system have access which is not protected by rssh (i.e. they have full shell access), then they can use rssh_chroot_helper to chroot to arbitrary locations in the file system, and thereby gain root access. Versions of rssh below 2.3.0 are affected.
11e00cfb76c2ff401be3ade95fd02ce3Secunia Research has discovered a vulnerability in TUGZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling an ARJ archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows arbitrary code execution when a malicious ARJ file is opened. The vulnerability has been confirmed in version 3.4.0.0. Other versions may also be affected.
6bcfd9fc3e40b90911825d83324b5172Lotus Notes uses the same vulnerable shimgvw.dll graphics rendering engine file implicated in the Microsoft WMF file handling vulnerability.
3ba22068788d9ab491e5ca16b4f771b3Gentoo Linux Security Advisory GLSA 200512-18 - Krzysiek Pawlik of Gentoo Linux discovered that the XnView package for IA32 used the DT_RPATH field insecurely, causing the dynamic loader to search for shared libraries in potentially untrusted directories. Versions less than 1.70-r1 are affected.
3615ebb73087a0fa4ec281872f8b3542Hardened-PHP Project Security Advisory - TinyMCE Compressor versions 1.0.5 and below suffer from an unchecked user input vulnerability that can allow for cross site scripting and disclosure of arbitrary files.
42ec72f2e7ceb6457f3427f819f6eba0Gentoo Linux Security Advisory GLSA 200512-17 - Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates command-line parameters to a scp or rsync command. Versions less than 4.2 are affected.
533ceb5a68f972d02f90a742b6cf4035Debian Security Advisory DSA 927-2 - The last update of tkdiff contained a programming error which is fixed by this version. The Debian Security Audit project discovered that tkdiff, a graphical side by side "diff" utility, creates temporary files in an insecure fashion.
4a29dfe1e923b49ef0ddfe06b3c1e028Technical Cyber Security Alert TA05-362A - Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the the Windows operating system may be at risk as well.
9bb91ded608f90556b0b4b7e37d84d84Secunia Security Advisory - Secunia Research has discovered a vulnerability in TUGZip, which can be exploited by malicious people to compromise a user's system.
440a1f9809283c3724c75db80d0aa241Secunia Security Advisory - Lostmon has discovered a vulnerability in GFHost and GmailSite, which can be exploited by malicious people to disclose sensitive information.
f44db7b306d755777257e120b3224c40Secunia Security Advisory - David Maciejak has reported a vulnerability in NetScreen Security Manager (NSM) which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
454de7ca180e496c0c022aa62c98c4f1Secunia Security Advisory - nelchael has discovered a vulnerability in XnView / NView, which can be exploited by malicious, local users to gain escalated privileges.
24cf3cf1c9b08098881c204d9029ddc4Secunia Security Advisory - Gentoo has issued an update for scponly. This fixes two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, or by malicious users to bypass certain security restrictions.
e08d9762b843f418ea6d29cd1505b0f8Secunia Security Advisory - Gentoo has issued an update for xnview. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
88bd7d8910f1a114a3e62e53bec2f769Secunia Security Advisory - r0t has discovered a vulnerability in iPei Guestbook, which can be exploited by malicious people to conduct script insertion attacks.
20894948ace91b64c145db1137e783f2Secunia Security Advisory - r0t has discovered a vulnerability in OOApp Guestbook, which can be exploited by malicious people to conduct cross-site scripting attacks.
63bf9cf247369244807d3600a54b5394Secunia Security Advisory - r0t has discovered a vulnerability in AdesGuestbook, which can be exploited by malicious people to conduct cross-site scripting attacks.
6907911655c48e84081a164af5c918b9Secunia Security Advisory - rgod has discovered two vulnerabilities in phpDocumentor, which can be exploited by malicious people to compromise a vulnerable system.
a978d2963f701e7cafbfaa7796682ba6Secunia Security Advisory - A vulnerability has been reported in VMware ESX Server, which has an unknown impact.
5a2a8adb01c927d7efd18ef032c08542Secunia Security Advisory - Florian Weimer has discovered a vulnerability in ImageMagick, which potentially can be exploited by malicious people to compromise a user's system.
683dc0e8efef8e69c82dbcb2212118c8Secunia Security Advisory - Stefan Esser has reported some vulnerabilities in TinyMCE compressor, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
ee4102381b8fe9d76f528aa2afaef2b3
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed