Secunia Security Advisory - A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
768a778cc191de3734e2cbe66d9ac0eaMandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue.
d020ce82b78a55691be3b77a8258749fMandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them.
7fa23a387b9a6aa48f33a17134658e9bMandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
f81b67007a37ee028b814f93f17b95cbDebian Security Advisory 1630-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution.
367b80017310ff6cee24b30977a80f99Gentoo Linux Security Advisory [UPDATE] GLSA 200804-22:03 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217). Versions less than 3.1.6 are affected.
ebb72f271795a16c7a89e0cc3a25ae70Secunia Security Advisory - A vulnerability has been reported in neon, which can be exploited by malicious people to cause a DoS (Denial of Service).
9bb47f4cf4abac0ab5dab19a25845b52Secunia Security Advisory - James Bercegay has reported some vulnerabilities in SunShop Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks.
8c2cd5fbcd6e31ab34c550c9899d8facSecunia Security Advisory - Federico Muttis has reported a vulnerability in vBulletin, which can be exploited by malicious users to conduct script insertion attacks.
f057514920ca9a9096cdb0a95a7e629fSecunia Security Advisory - Core Security Technologies has reported a vulnerability in the Anzio Web Print Object (WePO) ActiveX component, which can be exploited by malicious people to compromise a user's system.
2dba65477b5d79b080cb05fe31ae712aSecunia Security Advisory - Glafkos Charalambous and George Nicolaou have discovered a security issue in Folder Lock, which can be exploited by malicious, local users to disclose sensitive information.
7c227789428ddcd1131587ba25fa3bbcMandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
be91fa3452d00d25310bbe167ebe5038Mandriva Linux Security Advisory - A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option. The updated packages provide mtr 0.73 which corrects this issue.
0ea1927644dee386902a2c15ae603ceeMandriva Linux Security Advisory - A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. The updated packages have been patched to correct this issue.
68a89521e8a4ebd2c2bd15623294278cCore Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability.
762ace67edbf513d11ef873fdb4e0b14Secunia Security Advisory - Ubuntu has issued an update for postfix. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
fa4b07ec8496f54f19ce114ec9dab60aSecunia Security Advisory - Some vulnerabilities have been reported in llcon, which can be exploited by malicious people to cause a DoS (Denial of Service).
142c2835b410b9210f842ef18301114dSecunia Security Advisory - Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
bffdf48d1440430c53f38d0c764cdf3dSecunia Security Advisory - Hussin X has reported a vulnerability in Forced Matrix Script, which can be exploited by malicious people to conduct SQL injection attacks.
53aac5a58c79103eb20edc0e6e8a928bSecunia Security Advisory - Hussin X has reported a vulnerability in YourFreeWorld Classifieds Script, which can be exploited by malicious people to conduct SQL injection attacks.
9fe1b1f39db88e621b6c86acfcf8d3caSecunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
60625b77cb73d5f5df0c74287a898c4bSecunia Security Advisory - James Bercegay has reported some vulnerabilities in PHP Live Helper, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
57d745eba1c7d9d8e22f7dfc3a902266Secunia Security Advisory - Some vulnerabilities have been reported in Vanilla, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
288ba1a98f28d302b9b3df33138426efSecunia Security Advisory - Hussin X has reported a vulnerability in Ad-Exchange Script, which can be exploited by malicious people to conduct SQL injection attacks.
b382c9d0e01229b52f31316596b9ee49Secunia Security Advisory - Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be exploited by malicious people to compromise a user's system.
52c8e9529ac4e163debd6b9b5b9dd6f3
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed