Gentoo Linux Security Advisory GLSA 200703-28 - CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection never times out. Versions less than 1.2.9 are affected.
920c2983777a8f7036265decde3d43a8Gentoo Linux Security Advisory GLSA 200703-27 - Squid incorrectly handles TRACE requests that contain a Max-Forwards header field with value 0 in the clientProcessRequest() function. Versions less than 2.6.12 are affected.
040a5cb09700e4437e32bb0daf91150bA vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected software is America Online 9.0 Security Edition.
feed154481807e4597344131ae4096a8Gentoo Linux Security Advisory GLSA 200703-26 - Jean-S
64096e81725c67cc104d16cbc9963279Technical Cyber Security Alert TA07-089A - A stack buffer overflow exists in the code that Microsoft Windows uses to processes animated cursor files. Specifically, Microsoft Windows fails to properly validate the size of an animated cursor file header supplied in animated cursor files. Animated cursor files can be included with HTML files. For instance, a web site can use an animated cursor file to specify the icon that the mouse pointer should use when hovering over a hyperlink. Because of this, malicious web pages and HTML email messages can be used to exploit this vulnerability. In addition, animated cursor files are automatically parsed by Windows Explorer when the containing folder is opened or the file is used as a cursor. Because of this, opening a folder that contains a specially crafted animated cursor file will also trigger this vulnerability. Note that Windows Explorer will process animated cursor files with several different file extensions, such as .ani, .cur, or .ico. Furthermore, Windows will automatically render animated cursor files referenced by HTML documents regardless of the animated cursor file extension. This vulnerability is actively being exploited.
83545faadfb01d5347176a9c86e57d39VMware Security Advisory - The VMware ESX server has new patches released that address a slew of security issues.
ece4cd66c4136b49aed17606b9c02ca4Computer Associates (CA) Brightstor Backup suffers from a remote code execution vulnerability in Mediasvr.exe.
80804597ada65b6b15b178e9a5717a62Mandriva Linux Security Advisory - Stack-based buffer overflow in the StarCalc parser in OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary code via a crafted document. OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
cc4084a02836a4fc46679d725b688a54Gentoo Linux Security Advisory GLSA 200703-25 - Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Versions less than 2.0.7 are affected.
1a13357f18a2b83fc477cd9fed9c8807Mandriva Linux Security Advisory - The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command.
e80664e938b846e1b7aa9f3fb3ee6d61Mandriva Linux Security Advisory - Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack- based buffer overflow.
342b18e956fca5df199d1e16e3964f76iDefense Security Advisory 03.29.07 - Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component of IBM Corp.'s Lotus Sametime product. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. iDefense has confirmed that this vulnerability is present in IBM Corp.'s Lotus Sametime STJNILoader.ocx version 3.1.0.26.
d2a6b72234e867756deaf189de4faed8AOL has recently been made aware of a denial of service condition that exists in early versions of the AOL 9.0 client software.
0711cb74c450ea2d89b5fb1cc01a6f05Ubuntu Security Notice 447-1 - It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure.
24a78c76fde9f65c539db7fd0c570fe4Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to overwrite arbitrary files, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
85ac16428b8e8749a28b80765ee0a9c1Secunia Security Advisory - Javier Olascoaga has reported some vulnerabilities in IronMail, which can be exploited by malicious people to conduct cross-site scripting attacks.
ea48aacec7b3028c3da8b7869936ce29Secunia Security Advisory - A security issue has been reported in various Linksys products, which can be exploited to disclose certain sensitive information.
0f70d81a00ae1a4cb2bd8c12dafa295fSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
ca86bb6100303495137e184776288264Secunia Security Advisory - rPath has issued an update for inkscape. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
0670c6f31a1ccc4495aab93679a95805Secunia Security Advisory - Jonathan So has discovered a vulnerability in Corel WordPerfect Office X3, which can be exploited by malicious people to compromise a vulnerable system.
435e87d6fd96e6b9fb51eae8517736e0Secunia Security Advisory - Elliot Kendall has reported a weakness in DataDomain OS, which can be exploited by malicious users to bypass certain security restrictions.
3f8c145abf8b4d3dc4b512b6f3c1371aSecunia Security Advisory - A weakness has been reported in Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
db636e5a958775755a35fb72c99ef205Secunia Security Advisory - A vulnerability has been reported in Overlay Weaver, which can be exploited by malicious people to conduct cross-site scripting attacks.
4d9105392433810a8825a1bc6f3857f5Secunia Security Advisory - A vulnerability has been reported in CruiseWorks, which can be exploited by malicious users to bypass certain security restrictions.
ed4946247f9a8b49e8f92b0b5011c991Secunia Security Advisory - Mandriva has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
bbd26eef56797db593ece587af4a8c03
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed