Cisco Security Advisory - Cisco IOS devices that are configured for Cisco Unified Communications Manager Express (CME) and the Extension Mobility feature are vulnerable to a buffer overflow vulnerability. Successful exploitation of this vulnerability may result in the execution of arbitrary code or a Denial of Service (DoS) condition on an affected device.
c2c0477e5d0a50d4f8fc69fdfa1776d2Cisco Security Advisory - A vulnerability exists in Cisco IOS? software where an unauthenticated attacker could bypass access control policies when the Object Groups for Access Control Lists (ACLs) feature is used. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability other than disabling the Object Groups for ACLs feature.
a6471a122d25084a019a9c0a450278c9Cisco Security Advisory - Cisco Unified Communications Manager, which was formerly Cisco Unified CallManager, contains a denial of service (DoS) vulnerability in the Session Initiation Protocol (SIP) service. An exploit of this vulnerability may cause an interruption in voice services.
74ff7b52a1bbfb15fa2b5de150aca7b3Ubuntu Security Notice USN-836-1 - It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program.
f318caffdcb9261293295de677c7c713Zero Day Initiative Advisory 09-066 - This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the management web server listening by default on port 8080. The Java Servlet handling POST requests to the server does not properly sanitize user input. A specially crafted request can bypass authentication allowing an attacker to upload and execute arbitrary files. Successful exploitation can result in complete system compromise under SYSTEM credentials.
67f1db196be09a3f449d75354a3ed28eDebian Security Advisory 1893-1 - It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.
acd9c5064b255ba1f6b94c87c501315fDebian Security Advisory 1892-1 - It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
24fcc494e560c14ce2103f8b7b68cf7bMandriva Linux Security Advisory 2009-243-1 - Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem. Correct a problem in the 2009.1 update of the lzw handling code.
558322b8b4f079f382f2970f26da9977Mandriva Linux Security Advisory 2009-244 - Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID. This update provides a solution to this vulnerability.
1a7bd7e3a6c1659e21924621e66d0d39Mandriva Linux Security Advisory 2009-243 - Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. This update corrects the problem.
d0691cb8ce8831e678bb916153235ff9Secunia Security Advisory - Chip D3 Bi0s has discovered a vulnerability in Integrated Newsletter component for Joomla, which can be exploited by malicious users to conduct SQL injection attacks.
dd2289a5ee99172a527112d266851485Secunia Security Advisory - A vulnerability has been reported in Vastal I-Tech Share Zone, which can be exploited by malicious people to conduct SQL injection attacks.
e0bea3922231c9014eeea7d9f8522dc8Secunia Security Advisory - A weakness has been reported in Sun Solaris, which can be exploited by malicious people with physical access to an affected system to potentially disclose sensitive information.
dfb6f47d8cdfed1b897c2e590182002cSecunia Security Advisory - Some vulnerabilities have been reported in BPowerHouse BPGames, which can be exploited by malicious people to conduct SQL injection attacks.
4602b46dbd3d3eb6351518e1367cbb51Secunia Security Advisory - A vulnerability has been reported in BPowerHouse BPMusic, which can be exploited by malicious people to conduct SQL injection attacks.
b69723b7c982de9197feb077a1b3cec4Secunia Security Advisory - A vulnerability has been reported in BPowerHouse BPHolidayLettings, which can be exploited by malicious people to conduct SQL injection attacks.
2b54cb04a8f66564f911037cbed0d50cSecunia Security Advisory - A vulnerability has been reported in BPowerHouse BPStudents, which can be exploited by malicious users to conduct SQL injection attacks.
637fad84d545bb4b223d8ce90c303c27Secunia Security Advisory - A vulnerability has been reported in Sun Solaris Cluster, which can be exploited by malicious, local users to gain escalated privileges.
ed00d00c80668a34bdbc96d48007255bSecunia Security Advisory - A vulnerability has been reported in CF Shopkart, which can be exploited by malicious people to conduct SQL injection attacks.
2c1a64a324c45d64f96b8aa2ce3f97b0Secunia Security Advisory - A vulnerability has been reported in Vastal I-Tech Toner Cart, which can be exploited by malicious people to conduct SQL injection attacks.
2b8690785805b06c39ed79df1b71bd5bSecunia Security Advisory - A vulnerability has been reported in Vastal I-Tech DVD Zone, which can be exploited by malicious people to conduct SQL injection attacks.
6bb0c5dbca77cf524f3b103cabcadf18Secunia Security Advisory - Some vulnerabilities have been discovered in DDLCMS, which can be exploited by malicious people to compromise a vulnerable system.
b16552cd9dabb0a611839fa4a52b9470Secunia Security Advisory - A security issue has been discovered in nginx, which can be exploited by malicious people to bypass certain security restrictions.
0797335fa7a20057053d5b8a90d81b69Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the libtiff library.
c65fec0db14efd31bef248fa68ffdcedSecunia Security Advisory - A vulnerability has been reported in Alibaba Clone, which can be exploited by malicious people to conduct SQL injection attacks.
49daa8bb0625fa82120478f7c07be30a
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed