Mandriva Linux Security Advisory - The use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error.
d06c0a7f871f388b7272710bf3a0e971COSEINC Alert - A security researcher of COSEINC Vulnerability Research Lab has discovered that Microsoft Agent has a heap overflow vulnerability. This vulnerability is triggered when Microsoft Agent parses the malformed character file in its uncompressed state in memory, by having an overly large value in a length field. This will lead to an integer overflow during the allocation of buffer. Subsequently, when data is copied to the buffer, the heap overflow will occur. The result is possible remote code execution.
82458ffea0deef0d6dab6da244ba9b38Drupal security advisory - Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. Affected include Drupal 4.7.x versions before Drupal 4.7.6 and Drupal 5.x versions before Drupal 5.1.
ed1adc7b529116a1736f9a8e799514d0Secunia Security Advisory - David Barroso Berrueta and Alfredo Andres Omella have reported a vulnerability in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
533b7e96a06c5f68c519ec64819d7c6fSecunia Security Advisory - rgod has discovered two vulnerabilities in GuppY, which can be exploited by malicious people to compromise vulnerable systems.
ef91ded2cccc56cbd4a5c0d8a7959decSecunia Security Advisory - Hai Nam Luke has discovered a vulnerability in Yahoo Messenger, which potentially can be exploited by malicious users to compromise a user's system.
86a2d10f323db80fd24ccaeb6e0a16f4Secunia Security Advisory - Ralf S. Engelschall has reported a vulnerability in CVSTrac, which can be exploited by malicious users to conduct SQL injection attacks and cause a DoS (Denial of Service).
db6e0d260bddd2b0fb2ba124379fb600Secunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4e84470b7fa14bc18514d0775b13dcdaSecunia Security Advisory - adex has discovered a vulnerability in MAXdev MD-Pro, which can be exploited by malicious people to conduct SQL injection attacks.
1f092143b903d703fec2a421d2ac1fd0Secunia Security Advisory - A vulnerability has been reported in Drupal, which can be exploited by malicious people to compromise a vulnerable system.
03b0c53c56b1650f6c16ccdce38c4a7dSecunia Security Advisory - GolD_M has discovered a vulnerability in Webfwlog, which can be exploited by malicious people to disclose sensitive information.
24a6e4f2e53d9f6e23dcc8ec4f7dae88Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
fb4dfe93ef7e48a36d923269d3e8012cSecunia Security Advisory - Fedora has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
af9b801c25a111a9ef3548a78c30858aSecunia Security Advisory - A vulnerability has been reported in Sun Java System Access Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
37247f78537f6e826facb6a136435985Secunia Security Advisory - A vulnerability has been reported in vbDrupal, which can be exploited by malicious people to compromise a vulnerable system.
82b11721831bdb8d313db483fd5673eeSecunia Security Advisory - Avaya has acknowledged a vulnerability and a security issue in Avaya CMS / IR, which can be exploited by malicious, local users to disclose sensitive information or potentially gain escalated privileges.
7ff8bb668475ac79007578209d8fa809Secunia Security Advisory - DeltahackingTEAM has discovered a vulnerability in phpIndexPage, which can be exploited by malicious people to compromise vulnerable systems.
1512746090ae5cdf1f511b88b38ee148Secunia Security Advisory - A security issue has been reported in NX Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
cc4949e46cd23403439a7f429939eff2OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.
0b5659d03a1c3f75f54ba3f47f82e56dA denial of service vulnerability exists in CVSTrac version 2.0.0.
c6c3dbcb035364359371caa0c802a879Phorum version 5.1.18 is susceptible to cross site scripting attacks.
aeb6051d17c3c1a7d5baac06583990e5OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".
ef98c338e7f5a017b8877bfeaad6e259Debian Security Advisory 1254-1 - It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extensions. Please note that the CVE listed in this advisory is incorrect.
b907768273ac2898bec098b21758ca35Gentoo Linux Security Advisory GLSA 200701-25 - Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Versions less than 1.1.1-r4 are affected.
7b32d79997096fb64e0c1d9f92b12c2bDebian Security Advisory 1253-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code.
71853013fa9f3eebef5078c94aff5f90
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed