Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
993b0b846b88e62e49a609a61a93e132Ubuntu Security Notice USN-825-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. USN-682-1 provided updated libvorbis packages to fix multiple security vulnerabilities. The upstream security patch to fix CVE-2008-1420 introduced a regression when reading sound files encoded with libvorbis 1.0beta1. This update corrects the problem. It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges.
4fdbc4567a317475106e513033b3ad7cUbuntu Security Notice USN-824-1 - It was discovered that PHP did not properly handle certain malformed JPEG images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service.
39285f7b0238e8c5fcefa5d2341f68c4Ubuntu Security Notice USN-823-1 - It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
a5e8c4e33e255b6e59078899cb3e8c50Mandriva Linux Security Advisory 2009-219 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues.
1e170b61dded8f353e51cf25ebb49589Ubuntu Security Notice USN-822-1 - It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
0a06a061f1ce3b826230da8a286d333fMandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
32472296ae6a2124dbb8fdd544db9ff7Debian Security Advisory 1872-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation or a leak of sensitive memory.
d0568af706421643789d2520551c3ed7Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Thunderbird. Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
3fcfaf5fc1cc6d0c278ed38293c2a040Mandriva Linux Security Advisory 2009-216 - A number of security vulnerabilities have been discovered in the NSS and NSPR libraries and in Mozilla Thunderbird.
bed9841c09c3299771d905604c5ad862Mandriva Linux Security Advisory 2009-215 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
2b4ad00353906f497b03ad5fc5a9147bMandriva Linux Security Advisory 2009-214 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
bd167ba1da6755bec80d312571c5d367Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
8fac6c199ddee06890a42fda3aa7d71eMandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
65c4e9851f87662edc6fc86f9f43f1f0Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack.
6d1febde0a030b01fbf6dc018c2049e6Debian Security Advisory 1871-1 - Several vulnerabilities have been discovered in wordpress, weblog manager.
63e101fb228d542640fb0ad5c2b7dc01VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.
7061fd1e541c6f85002c9410d31ac29fUbuntu Security Notice USN-802-2 - USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.
d4995fb8cd408cccdba40d067941c037Debian Security Advisory 1869-1 - It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.
c6feae21cffdd806fdb9d009a288dfd0Subdreamer version 2.5.3.2 hotfix#5 suffers from SQL injection vulnerabilities due to the embedding of vulnerable Invision Power Board 2 and phpBB3 modules.
fa3f8f24b988b8e5083a06358c808f5eMandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability.
073c3a8ad0f4b6fe8e9594e542df9c50A priorly discovered denial of service vulnerability discovered in Mozilla Firefox also appears to affect Microsoft Internet Explorer and Google Chrome.
356ed8a441ccd1edf7d540342e22ea17CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console. It is possible to trigger faults in the kernel driver (kmxids.sys) used by the protection agent by sending certain malformed IP packets.
c7f74c06401bd06b6b17cd322ab4a5caCisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.
12ae86b826f006708a2f1d7e0bb42247Facebook suffered from a cross site request forgery vulnerability.
56c05902d3031c4251ab2e0974518850
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed