Gentoo Linux Security Advisory GLSA 200712-25 - The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to SQL statements. Versions less than 2.3.1 are affected.
7bd6825d3d9c7fa826462f9720d3acd3Gentoo Linux Security Advisory GLSA 200712-24 - The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were vulnerable to integer overflow vulnerabilities (GLSA 200712-04). Versions less than 20071214 are affected.
9952142e0dc83abd85329c25fefb11b4Gentoo Linux Security Advisory GLSA 200712-23 - Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP (CVE-2007-6111), PPP (CVE-2007-6112), DNP (CVE-2007-6113), SSL and iSeries (OS/400) Communication traces (CVE-2007-6114), ANSI MAP (CVE-2007-6115), Firebird/Interbase (CVE-2007-6116), HTTP (CVE-2007-6117), MEGACO (CVE-2007-6118), DCP ETSI (CVE-2007-6119), Bluetooth SDP (CVE-2007-6120), RPC Portmap (CVE-2007-6121), SMB (CVE-2007-6438), IPv6 amd USB (CVE-2007-6439), WiMAX (CVE-2007-6441), RPL (CVE-2007-6450), CIP (CVE-2007-6451). The vulnerabilities were discovered by Stefan Esser, Beyond Security, Fabiodds, Peter Leeming, Steve and ainsley. Versions less than 0.99.7 are affected.
902ebf0362f82d466adf79ab3f46d7d0Gentoo Linux Security Advisory GLSA 200712-22 - David Bloom reported two vulnerabilities where plug-ins (CVE-2007-6520) and Rich text editing (CVE-2007-6522) could be used to allow cross domain scripting. Alexander Klink (Cynops GmbH) discovered an issue with TLS certificates (CVE-2007-6521). Gynvael Coldwind reported that bitmaps might reveal random data from memory (CVE-2007-6524). Versions less than 9.25 are affected.
f8410efea15b673e7cf2c21266cc5b0cTK53 Advisory 2 - Multiple vulnerabilities exist in ClamAV version 0.92 including a race condition and bypass flaws.
e18caa0c092d7067ea71b97be00c10c7Fingerprints in Astaro Security Gateway version 7.1 could allow a remote attacker to create malicious payloads.
eff32c5c167100ba4562d1ea60f353e0Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.
62d7fd5d1e0e1068e081617596992ee8Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.
d24f2caf1e6066ee693b8371b745cbdeGentoo Linux Security Advisory GLSA 200712-19 - Oriol Carreras reported a NULL pointer dereference in the log_msg_parse() function when processing timestamps without a terminating whitespace character. Versions less than 2.0.6 are affected.
5e698d3b561576cc13d4422b5922d9f2Gentoo Linux Security Advisory GLSA 200712-18 - nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the Authorization: Basic HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). Versions less than 0.2.4.1 are affected.
42ba0e2495aa71dc5c890aaff6b91084Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.
a584664894341f424cd8e43143f62ef8Gentoo Linux Security Advisory GLSA 200712-16 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Versions less than 0.13-r1 are affected.
fc872ddcea86f6cda5645bb69903878bGentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.
0036504c0eb90eb8567eeebf7ed675d9Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.
57b37d2a4f4496939ae7a1675e08b537CoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.
2ce29fda2f085a9662141dc8d5b8db3cDebian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
1cc219462c7386396c86f93e433fbadaDebian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.
6d8f37da4c823567251a11b86460b9b6Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
e6a6d67fe7190ab1580b7f1d8cb23e1dDebian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
9876b5a2363d163e5bd48c7c91cf6a80The HP Photosmart C6280 network printer ships with unchangeable insecure default settings.
526cb2ee10c1bd7f0a8519a5b5fabf46Debian Security Advisory 1405-3 - The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
51efab4fc57ec107f1a38fb68b2c5b6cMultiple cross site request forgery vulnerabilities may exist in all versions of Joomla!.
e5543c23ddaa171f1203ab0dd31397ddlibnemesi versions 0.6.4-rc1 and below suffer from multiple buffer overflow vulnerabilities.
c17586847747420e0703f7b8396748acFeng versions 0.1.15 and below suffer from buffer overflow and denial of service vulnerabilities.
b9d0d28e5b0104405b411a0afd34090dExtended Module Player (XMP) versions 2.5.1 and below suffer from multiple buffer overflow vulnerabilities.
d4c05fd64f85efa49ad651b4b11adcae
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed