Technical Cyber Security Alert TA07-334A - Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code.
af3a90f973dacfd90526128ee0e21b9eRealplayer 11 suffers from a denial of service condition related to ActiveX.
5602ec9844f03bb434ca6ddf3914db67Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. This update corrects all known regressions with previous Samba updates due to the security fixes to correct CVE-2007-4572.
35c3dfda88c38965355ccbfee1082a66Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5.
480e0abf31a634a029d87570b870ea34Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing the ANI and DNIS strings to the Call Detail Record Postgres logging engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
c6c1a7986ed7ead3dab0bea6978ffb05Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
ffa2808110235fd54fffd855e12201bcFreeBSD Security Advisory - Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system.
bc93f9ccc2af18609b0279202b3894a1FreeBSD Security Advisory - Under certain circumstances, a bug in the internal state tracking on the random and urandom devices can be exploited to allow replaying of data distributed during subsequent reads.
1a8e43d82656db1e04719bae42deb95bDebian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
35eb85ee31049d6fb7c6321f9ecc5f02HP Security Bulletin - A potential security vulnerability has been identified with HP-UX Apache. The vulnerability could be exploited remotely to execute arbitrary code.
01a4cbc604d81903355a69b1541136ccHP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS).
e07411d9a1c25a2867dcd1ccdf2f004bThe TIBCO Rendezvous RVD daemon is vulnerable to a memory leak, which when remotely triggered, prevents any further RV communication until the daemon is manually restarted.
33fa196ab9bb365713d31238582bca13Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200711-20:04 - Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Bas Wijnen discovered an error when closing connections which can lead to a failed assertion. Versions less than 0.11.3-r1 are affected.
2f449d948a4a3611043470e9b3383b10Secunia Security Advisory - IRCRASH (Dr.Crash) has reported some vulnerabilities in Softbiz Freelancers Script, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
01da5745346b55ef8654486ad7475bffSecunia Security Advisory - Joffrey Czarney has reported a weakness in Cisco Unified IP Phones, which can be exploited by malicious people to bypass certain security restrictions.
11eb767c7465180e59a17f2196a26045Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
b6bb32ad6dc69f573422de83b118344eSecunia Security Advisory - Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
74b52d69f6104bd5b631fb8f44675b1bSecunia Security Advisory - A vulnerability has been reported in @Mail, which can be exploited by malicious people to conduct cross-site scripting attacks.
b06f85dafd733cfe4fd5df0187aa2679Secunia Security Advisory - Some vulnerabilities have been reported in Autonomy Keyview SDK, which can be exploited by malicious people to compromise a user's system.
bbe0b2f853eeef12ab2e066b4c89ba7fSecunia Security Advisory - GoLd_M has reported a vulnerability in PHP_CON, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
dba6c13851e8f48f1089380a386f18dcSecunia Security Advisory - MhZ91 has discovered two vulnerabilities in Charray's CMS, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
351f90941c5a218c4f204b8d80271937Secunia Security Advisory - Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks or potentially compromise a user's system.
ad89063dcfaa50b1470a8115d8aaff0eSecunia Security Advisory - rPath has issued an update for cups, poppler, and tetex. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
abd5c436bae8c817193d8e2049f54e35Secunia Security Advisory - Mandriva has issued an update for cpio. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
137fe09ab3f186e003af56cbf7074031Secunia Security Advisory - Ubuntu has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
2eaae8ad5eaef751b5facf464b498903
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed