iDefense Security Advisory 03.02.07 - Remote exploitation of a denial of service (DoS) vulnerability in Kaspersky Lab's Antivirus could allow an attacker to conduct a DoS attack on a targeted host. The antivirus engine is vulnerable to a DoS condition when processing an executable packed with UPX compression. Malformed compressed data causes the decompression routine to enter an infinite loop. Specifically, a negative data offset results in the same compressed data chunk being processed endlessly. iDefense has confirmed the existence of this vulnerability in Kaspersky Labs Antivirus Engine version 6.0.1.411 for Windows and 5.5-10 for Linux. Previous versions may also be affected. Any products that use the scanning engine are also affected, which includes the Kaspersky e-mail gateway scanner.
5e275b972a87d0c7aeeabf2ce2da830267094953cd811b1a7e697e79f8be856cWoltlab version 2.3.6 appears susceptible to cross site scripting vulnerabilities.
11a1e44675916282f1ffcdaf859755752fde518f59512989e0f4c48dab8fa0b3A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. Tomcat JK Web Server Connector version 1.2.19 and 1.2.20 are affected. Tomcat 4.1.34 and 5.5.20 are affected.
90ac43490f4525e25bb3660c57860eb488ad69e34585be64b3e14e78e15b8b87Mail Enable Professional/Enterprise version 2.32 through 2.34 (Win32) remote exploit. Binds a shell to port 1337.
d6aed800fc5e11948e268ef3396c66fbfe126cef44542ce029e6669cd269b2d2DBImageGallery version 1.2.2 suffers from remote file inclusion vulnerabilities.
f8a6169314cf886704e5d46dd4aef43ea1962caa9351b89f763508083c20388aSPAW Editor PHP Edition versions 1.2.3 and 1.2.4 suffer from a remote file inclusion vulnerability.
4dd387f5ffaec616da03e2089b6c4486e7ce512fa512a0dd05f393dd9a6b58b4Knorr.de suffers from SQL injection vulnerabilities that allow for login bypass.
d25aed4ce39fceef244cae04079f443cd907ded0e24c91d6a97e2f80db85b25fvBulletin version 3.6.5 suffers from a cross site scripting flaw in its RSS feed functionality.
c6cc1fe24c95c249c717bdd415beea89cc8f598c702ed7297a4e2af04fd83adaUbuntu Security Notice 428-2 - USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to library paths caused applications depending on libnss3 to fail to start up. This update fixes the problem.
42cd23bd84427f82a2192eb1748bf1b8f5290b5b59539086412aa6673395abddGentoo Linux Security Advisory GLSA 200703-06 - An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Versions less than 10.0 are affected.
8b0c658d7aaa2eedf0059bd0e56e1a17aa0c1d4c59dae8d8119e8b51bc667e4bGentoo Linux Security Advisory GLSA 200703-05 - Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Versions less than or equal to 1.7.13 are affected.
b43d91fab139a2a88f8e69efe7525babed92ba1e001af5241abde5a612c65c18Gentoo Linux Security Advisory GLSA 200703-04 - Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. Mozilla Firefox also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. Versions less than 2.0.0.2 are affected.
f824210be570f79159b5e50e532fc69afe69865942bf86c2b96a7c39aeeceee8Gentoo Linux Security Advisory GLSA 200703-03 - An anonymous researcher discovered a file descriptor leak error in the processing of CAB archives and a lack of validation of the id parameter string used to create local files when parsing MIME headers. Versions less than 0.90 are affected.
ee2f7987c5622a444e724df0a1937039cce5cef60caad53d51b3cff4af7e1eb5Gentoo Linux Security Advisory GLSA 200703-02 - SpamAssassin does not correctly handle very long URIs when scanning emails. Versions less than 3.1.8 are affected.
ef4e276f8c7ffb074f754c18437dfb161e077e39cd5e2dcda1e8c1b73651c094Gentoo Linux Security Advisory GLSA 200703-01 - The Snort DCE/RPC preprocessor does not properly reassemble certain types of fragmented SMB and DCE/RPC packets. Versions less than 2.6.1.3 are affected.
99507aca92ca229eb2729ba7030aca79d9b1f335fbe3a25202f659984e2d7a69Built2Go version 1.0 suffers from cross site scripting vulnerabilities.
6ec0f67f8f996935163b2e66e6eaafc77817049f3d5ba360122f52422a0a206aaWebNews version 1.1 suffers from a remote file inclusion vulnerability.
21cf3c73efad19114dca97b59c0731ff14670ba31868c2b13f6300d208e75ddcClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
08a0255b4f6bdc4312eea6c118e79ecf684aed10640b45037d9dc5890c7687bezzuf is a transparent application input fuzzer. It works by intercepting file operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easy to reproduce bugs.
a16cbe19ea03b93a174d731bf1aba5205e2f4480a7118129eda6b0cb7c7b39bbSIPcrack is a SIP protocol login cracker. It contains 2 programs, SIPdump to sniff SIP logins over the network and SIPcrack to bruteforce the passwords of the sniffed logins.
fb62d98c201b4fba469621bb55d9b2fbc6978f6b3a39048f7ed39f50ff3afc05Simple script that updates Nmap's data files and sticks them in a given directory or cwd.
888a480574d678d09e7f5762eda112ca471b4b9afe20e5cbd7ed82e66808de5fWordPress versions 2.1.0 and below suffer from cross site request forgery with cross site scripting vulnerabilities. Oh, the madness.
f4eda6cdc00d698f5247183a33eee544a1b137e2366e811d36479867f926bd74Serendipity version 1.1.1 suffers from a SQL injection vulnerability.
c74dd442aaac7c6daa7faf6d317215be052ad477e91b4db04866b8a7580b457fWB News suffers from a remote file inclusion vulnerability.
bfa5175c6aad1aa9f9342d0c2219df9a5cc56b471c4de2b619f33895a735c34cAngel LMS version 7.1 suffers from a remote SQL injection vulnerability.
c27594fcc35b3cf24a6d9e52bf0c74e8c65a6eea3a58eb662db1517786b82bed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed