Asterisk Project Security Advisory - An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk.
46dfe4b400772eb8072c28854bcddaa7Mandriva Linux Security Advisory 2009-307 - All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue.
bf325a30d0f128b47536065760f21ebapyForum version 1.0.3 suffers from a password reset vulnerability.
a5e2bf1b0758397eec450c5630ce1dc2ISC released new BIND packages for Windows with vulnerable runtime DLLs. Brilliant.
ea8d337d9520bc0c8c6c22feac86b26fDebian Linux Security Advisory 1942-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service.
4162f7684bfa0a68c2a65082e4de16fbMandriva Linux Security Advisory 2009-306 - Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. The updated packages have been patched to correct these issues.
550c89270949f3a0155faaf0a556d003Mandriva Linux Security Advisory 2009-305 - PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. The updated packages have been patched to correct these issues.
5b6f6aea41bb70c90e70a095d509d854Mandriva Linux Security Advisory 2009-303 - Some vulnerabilities were discovered and corrected in php-5.2.11.
aa02feb519f9c601ff84488549bbf230HP Security Bulletin - A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
e6193ddf86fc681b3dfb4103579ccc6cSecunia Security Advisory - Debian has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
f071a113a8ad873c34d5764b10bd7720Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks.
28eec4a60ca12eafd674b9bc826dddbaSecunia Security Advisory - Fedora has issued an update for tomcat6. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information or manipulate certain data and by malicious people to cause a DoS (Denial of Service) or disclose sensitive information.
d716c186a63782bf3f0076c36ebd18f3Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
9b2fd24f37c959b02415c4eeb9acdf11Secunia Security Advisory - shinnai has discovered a vulnerability in Haihaisoft Universal Player, which can be exploited by malicious people to compromise a user's system.
340e1e32f6f6b5d82ce528cd4dd251b1Secunia Security Advisory - Christophe Devine has reported some vulnerabilities in SumatraPDF, which can be exploited by malicious people to compromise a user's system.
a041f25e0018e79bece970889400d39aSecunia Security Advisory - Christophe Devine has reported some vulnerabilities in MuPDF, which can be exploited by malicious people to compromise an application using the library.
cf7cb864c71944d7e0a06868ba9dcda7Ubuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service.
43d50612434fbd4b8c923a8b6beac063Mandriva Linux Security Advisory 2009-304 - Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO. Additionally BIND has been upgraded to the latest point release or closest supported version by ISC.
c8fbf818bbf185917fccf79da8519a38Gentoo Linux Security Advisory 200911-6 - An input sanitation error in PEAR Net_Traceroute might allow remote attackers to execute arbitrary commands. Pasquale Imperato reported that the $host parameter to the traceroute() function in Traceroute.php is not properly sanitized before being passed to exec(). Versions less than 0.21.2 are affected.
55f456c6df96434e2cdfce9599d58ccdDebian Linux Security Advisory 1940-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor.
b2fb41b3070c564c6d204476172d0ad2Secunia Security Advisory - Gentoo has issued an update for PEAR-Net_Traceroute. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
141a53809bd87d66954ed25399db738dSecunia Security Advisory - A security issue has been discovered in RADIO istek scripti, which can be exploited by malicious people to disclose sensitive information.
e8937e686b7317a02444366b31d66ae3Secunia Security Advisory - A vulnerability has been discovered in the GCalendar component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
836039b4b8890ac1898d83d9d54f4061Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, some of which have unknown impact and others that can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service).
ee44a9d6aaa2b47c6cfaafbe96f94cb5Secunia Security Advisory - kaMtiEz has discovered a vulnerability in the LyftenBloggie component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
58122dba9470a1b1ffaf288857a01d42
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed