Mandriva Linux Security Advisory MDKSA-2006-219-1 - GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
fc6c7979ea68386eb384cec8b81642e2The network kernel extension com.apple.nke.pppoe that works concurrently with the pppd has a critical vulnerability that may lead to arbitrary code execution with system privileges. Affected product and versions include Mac OS X version 10.3.9, Mac OS X Server version 10.3.9, Mac OS X version 10.4.8, and Mac OS X Server version 10.4.8.
f44848b5ca7af2a87549157a6f34a57fA remote buffer overflow vulnerability has been found in mod_tls module of ProFTPD server. The vulnerability could allow a remote un-authenticated attacker to gain root privileges. All versions including 1.3.0a are affected.
ecfc1ef50d87351b49f60628686006c2Ubuntu Security Notice 387-1 - Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmap_disable=yes" were vulnerable.
62f8dcbd3a3d4b3b0fdcc6f655dedd55Ubuntu Security Notice 385-1 - Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.
bfde5d7997b7b6a4f79a2a7a7b8c7e9bWhile fixing a bug reported by Hugh Warrington, a buffer overflow has been identified in all released GnuPG versions. The current versions 1.4.5 and 2.0.0 are affected. A small patch is provided.
b61c2ceb35b9de65ad9a82a807753b38REMLAB is susceptible to an input validation vulnerability.
d1caaadca7f4a3a46c0b7d7564716f81Secunia Security Advisory - A vulnerability has been reported in KOffice, which can be exploited by malicious people to potentially compromise a user's system.
ced1c7a9dbd2688579e2134497177980Secunia Security Advisory - A vulnerability has been discovered in Safari, which can be exploited by malicious people to conduct phishing attacks.
9a6a07c0796b10f62619f11b3fe640c1Secunia Security Advisory - Eugene Teo has reported a vulnerability in the Linux Kernel, which potentially can be exploited by malicious, local users to gain escalated privileges.
91cc05ff3a651b1a5690ab3749b5a53eSecunia Security Advisory - Secunia Research has discovered two vulnerabilities in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of service) or to compromise a vulnerable system.
ef6a76c3b154cdd628ae42954ec2f93bSecunia Security Advisory - Ubuntu has isssued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
f18f83bc70fa94b10c6b8b81f7238dd2Secunia Security Advisory - Debian has issued an update for texinfo. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a vulnerable system.
6282dd1efe445dbd2330f53e68ec7e38Secunia Security Advisory - A vulnerability with unknown impact has been reported in freePBX.
cb0edb61602af3d8a5317487bbd72461Secunia Security Advisory - Fukumori has reported a vulnerability in Blogn, which can be exploited by malicious people to conduct cross-site scripting attacks.
66ea266b041c0521c4ca380de80f595bSecunia Security Advisory - Some bugs have been discovered in Adobe Reader and Adobe Acrobat, which may cause an included ActiveX control to crash.
2261c6a5a44a87edf76e4d48b242dc3aSecunia Security Advisory - A vulnerability has been reported in Kronolith, which can be exploited by malicious users to disclose sensitive information.
9aafefdb640c585655162dd596a92c9eSecunia Security Advisory - Aria-Security Team have reported a vulnerability in fipsShop, which can be exploited by malicious people to conduct SQL injection attacks.
25e4dd9a1513ff7fef4c057911fe8cd6Secunia Security Advisory - tarkus has discovered some vulnerabilities in b2evolution, which can be exploited by malicious people to conduct cross-site scripting attacks.
9e85da46ef542a622e46071cf7933cacSecunia Security Advisory - A vulnerability has been reported in Chama Cargo, which can be exploited by malicious people to conduct cross-site scripting attacks.
f0c20a63f8d86fae6b74c4117735c946Secunia Security Advisory - Gentoo has issued an update for mono. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
d14780d739db6789079b1d542608ccf4Secunia Security Advisory - Gentoo has issued an update for lha. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
f4cc81553d5a1839ad1485428e5bdad8Secunia Security Advisory - Ubuntu has issued an update for koffice. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
fe11a4dd9ae2be72d6a31fabb8159ffdMayhemic Labs Public Advisory MHL-2006-004 - MBoard does not check the Post ID for malicious data when replying, allowing an attacker to create blank files on the system wherever the web server has write access. Versions 1.22 and below are affected.
3e0d5f7e7a78b8175c6157c4ba767472Debian Security Advisory 1219-1 - The GNU texinfo package has been found susceptible to insecure file handling and buffer overflow flaws.
4801675a34029726bda216edaa28938c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed