Yahoo Instant Messenger suffers from a remote flaw that allows a browser to be launched.
bb7dcaa22e748dcd023e979008b26541Secunia Security Advisory - Some vulnerabilities have been reported in Dokeos, which can be exploited by malicious people to conduct cross-site scripting attacks.
b97163df628645cc97c6edd5cabe2d67Secunia Security Advisory - A vulnerability has been reported in Sun Java System Application Server (SJSAS) and Sun Java System Web Server (SJSWS), which can be exploited by malicious people to gain knowledge of sensitive information.
0abdeb437b4928c2ef7f8ee09a7c6248Ubuntu Security Notice USN-328-1 - Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling for Apache 2.
f7dfeb500655513bde2fc845015f145eUbuntu Security Notice USN-327-1 - A multitude of javascript related vulnerabilities have been patched in Firefox.
7e801bfa79b1c6235c2c40b735e4b950Technical Cyber Security Alert TA06-208A - The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
b30e4f3549d6d2a510102aa7c8f8efb2Ubuntu Security Notice USN-326-1 - Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment. A local attacker could exploit this to render the heartbeat service unavailable causing a denial of service condition.
68dcb259ec00bff26a001ecda3a338edUbuntu Security Notice USN-325-1 - ruby1.8 suffer from flaws where the alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations.
f871c9ce413ce45050cfc2aaf09a69b6Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events resulting in the use of a deleted timer object. Successful exploitation allows execution of arbitrary code. Versions below 1.5.0.5 are susceptible.
bde6b1169cfc76eb2977349723567c93A stack-based buffer overflow has been discovered in Winlpd version 1.26.
dd3e1670b3b744d9d3d2d284237d2c30Debian Security Advisory 1126-1 - A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause a crash of the Asterisk server.
6c717c066efa96be031027b621f9de7bThe NSFocus Security Team discovered a remote denial of service vulnerability in ISS RealSecure/BlackICE product lines' detection of the MailSlot Heap Overflow as discussed in MS06-035.
c4b7da5cb6a1bb73e20f9661c46d3c5aYahoo! Mail suffers from a cross site scripting flaw.
dc64250751f4fd8c40902709bc16c28dA vulnerability exists in Firefox versions 1.5.0 through 1.5.0.3 and SeaMonkey versions 1.0 through 1.0.2 that allows attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
4ef2a57d308d40c3d49d5f2bfe80cef5Debian Security Advisory 1125-1 - Several remote vulnerabilities have been discovered in the Drupal web site platform, which may lead to the execution of arbitrary web scripts.
abbd15d2f338ba9d3547b2c5f1775893Debian Security Advisory 1111-2 - It was discovered that a race condition in the process filesystem can lead to privilege escalation for the Linux 2.6 kernel series. The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.
0527c5c202899e957c006982219ad651SUSE Security Announcement SUSE-SA:2006:042 - A slew of kernel related vulnerabilities has been fixed in SUSE Linux for the 2.6 series.
1f9995f27ac47ea16eaf51417e6e827aNTA Monitor discovered a denial of service vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer in July 2005. The vulnerability affects Phase-1 of the IKE protocol. Both Main Mode and Aggressive Mode over both UDP and TCP transports are affected. The vulnerability allows an attacker to exhaust the IKE resources on a VPN concentrator by sending a high rate of IKE requests, which will prevent valid clients from connected or re-keying. The attack does not require a high bandwidth, so one attacker could potentially target many concentrators. This mechanism behind this vulnerability is similar to the well-known TCP SYN flood vulnerability.
10be1a5fa890c9694fb8a199a8cab198Secunia Research has discovered a vulnerability in AutoVue SolidModel Professional Desktop Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of ARJ, RAR, and ZIP archives. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened. Successful exploitation allows execution of arbitrary code. AutoVue SolidModel Professional Desktop Edition version 19.1 Build 5993 is affected. Other versions may also be affected.
c224b91fd18fa7800c8b62df0d7b94fbUbuntu Security Notice 320-2 - USN-320-2 fixed several vulnerabilities in PHP. James Manning discovered that the Ubuntu 5.04 update introduced a regression, the function tempnam() caused a crash of the PHP interpreter in some circumstances. The updated packages fix this.
67dc1b3f40e0b17696b72ffae751c7ffUbuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.
fa69ec6a59a30bab3fb4a9ab6577f858OpenPKG Security Advisory OpenPKG-SA-2006.014 - Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file commits if a filename is specially crafted to contain shell commands.
25cbe3e8022a1332e867c9f8e53009f7An arbitrary code execution vulnerability exists in PowerArchiver version 9.62.03.
267edc4b189851724a63a443b2b84195Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
6d5b79cf995296d71f29bf6267d5a18fSecunia Security Advisory - A vulnerability has been reported Heartbeat, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
707369d02d1b120ee082ee4ef1565d55
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed