Debian Security Advisory 1883-2 - The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.
53d166fa5a305cc2caea3ee34165ca11Gentoo Linux Security Advisory GLSA 200601-15 - Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator sa. Versions less than or equal to 3.2.5 are affected.
89c98e04f637d9f855db5e59f9aad074Gentoo Linux Security Advisory GLSA 200601-14 - Michael Jennings discovered an exploitable buffer overflow in the configuration engine of LibAST. Versions less than 0.7 are affected.
a0deb13fa89cb6641fea43edb09fc761Multiple vulnerabilities in the LDAP component of CommuniGate Pro Server version 5.0.6 have been uncovered.
74f6699d822dec4b4cfa6267fa505b4dDebian Security Advisory DSA 958-1 - Several security related problems have been discovered in Drupal. Several cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML. When running on PHP5, Drupal does not correctly enforce user privileges, which allows remote attackers to bypass the 'access user profiles' permission. An interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension.
eb5b4e351da8b6ef8da44b58032ac3daThe CA iGateway common component, which is included with several CA products for UNIX/Linux/Windows platforms, contains a buffer overflow vulnerability that can allow arbitrary code to be executed remotely with SYSTEM privileges on Windows, and cause iGateway component failure on UNIX and Linux platforms.
6d70db55dc4c564b0ec58ee8e5214e32Argeniss Security Advisory - Oracle Database Server provides the DBMS_XMLSCHEMA and DBMS_XMLSCHEMA_INT Packages that include procedures to register and delete XML schemas. These packages contain the public procedures GENERATESCHEMA and GENERATESCHEMAS that are vulnerable to buffer overflow attacks.
cb100bd23a668c0e0a5f2bfb1ca14f7eA severe problem with the way browsers translate the soft-hyphen (alt + 0173) character has been brought to light which malicious users could utilise alongside a multitude of injection methods as a way to gain unauthorized access and or to spoof content on websites. Both Microsoft Internet Explorer and Mozilla Firefox are affected.
b28909e7213b7f085cd4ec456fcacb06Secunia Security Advisory - A vulnerability has been reported in nfs-server, which can be exploited by malicious users to compromise a vulnerable system.
a785ccd3afb640718d03465281d62a1aSecunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in My Little Forum, My Little Guestbook, and My Little Weblog, which can be exploited by malicious people to conduct script insertion attacks.
221e40633545f14ca4f94ae90ad1a21eSecunia Security Advisory - A vulnerability has been reported in Cisco VPN 3000 Concentrator, which can be exploited by malicious people to cause a DoS (Denial of Service).
3cbef3d6a982a80370318528d76e6d6cSecunia Security Advisory - Debian has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks.
f8c7903a60df6156fbb41c1bda4f1035Secunia Security Advisory - Mandriva has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges, or by malicious users to cause a DoS (Denial of Service).
36c4b7bf262c5433592d3bb1f8884978Secunia Security Advisory - SUSE has issued an update for nfs-server. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
314c14a8058584b35de33e527bbe89edSecunia Security Advisory - Mandriva has issued an update for perl-Net_SSLeay. This fixes a vulnerability, which can be exploited by malicious, local users to weaken certain cryptographic operations.
387c8052bb4b0621d94b22e26268c094Secunia Security Advisory - imei has discovered two vulnerabilities in MyBB, which can be exploited by malicious people to conduct cross-site scripting attacks.
2609295c1f4d0ab241efb9e625049ce9Secunia Security Advisory - Gentoo has issued an update for gallery. This fixes a vulnerability, which potentially can be exploited by malicious people to conduct script insertion attacks.
4eae3ce6a7be75e30111ccd8f991c4c7Secunia Security Advisory - Aliaksandr Hartsuyeu has discovered a vulnerability in AndoNET Blog, which can be exploited by malicious people to conduct SQL injection attacks.
50fab8c91acf29e900893601421c2844Shareaza, a P2P file sharing product, suffers from a remote vulnerability that allows code execution.
81d0a720e23809562ec54ccb4b874013my little homepage v2004.04.20 is vulnerable to XSS
b45b86521b12da4c27fd7a66264c044fAndoNET Blog v2004.09.02 suffers from SQL injection in comentarios.php via the "entrada" variable.
a7f498b6bc40509b055df87fb29702aaCisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack
79ebb963f37da2d2fdc2651c86544d31Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).
5540d4c1518e4fd77b1b8597f5b4585cMandriva Linux Security Advisory - GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
078c68b8c6af5529d5e0bbd7da18bdadMandriva Linux Security Advisory - The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
eaa52f05e291fd353a374be6b0bf962e
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed