UNB 1.5.3 suffers from a cross site scripting vulnerability.
bcdfab728782930cc3fe3a6725314f4a5cd5506229d2ec320472965ad0e0384cCyber-Cats ChitChat 2.0 permits cross site scripting attacks, allows for user launched attacks, permits insecure file deletion, and suffers from other vulnerabilities.
bc678c07887a690d894b31d8adac6732edf83b236bee11457c029622a54e1439Rediff Bol's ActiveX control allows a webpage to read the user's Windows Address Book (WAB) contacts. Version 7.0 is affected.
ed16e9cd4a0a461f65e16cd6971b90b7c52e34664b75db20d8cac3a78f0aed87Gentoo Linux Security Advisory GLSA 200509-02 - Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17). Versions less than 1.4.3-r2 are affected.
ea17c8c40a1112f64f55357546bf7e2518d8f26b0693e5f5ea412f72662287d7Random WEP/WPA key generation utility. Written in perl.
ba7f33ecc22c05fdbb1bd3b3dff6347a257593e711902b2bb03e70e4c225c394The FileZilla client stores passwords using a weak XOR 'encryption'. The value of the cipher key is static and can be found in the source code. This vulnerability has been successfully tested on versions 2.2.14b and 2.2.15. However, it is suspected that most previous versions are also affected.
637a74e948d0d2743a1666cf0c8f157510b94187658ebc3cb5fd4b191d073685Debian Security Advisory DSA 798-1 - Several vulnerabilities have been discovered in phpgroupware, a web based groupware system written in PHP.
5a9baa306095616296206f4d96b3c1e812832aaaf177227ba230c7910c9bb336Debian Security Advisory DSA 797-1 - zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package.
974b95d3160474ce193e25a58a06b9f3ec51396dd5957e989da3dfe46ddd1a6fDebian Security Advisory DSA 796-1 - Kevin Finisterre reports that affix, a package used to manage bluetooth sessions under Linux, uses the popen call in an unsafe fashion. A remote attacker can exploit this vulnerability to execute arbitrary commands on a vulnerable system.
e29fd85cc71f1b6668939dadfb479e30d48a70dc0a4071aa5be03d6d95021bd5Phorum versions 5.0.17a and below suffer from multiple vulnerabilities. These include cross site scripting, session hijacking, and insecure creation of client cookies.
fd582ffea9a21051966c9c345b65387b1f491e38c0f6dd3710128bf72d79ec31Debian Security Advisory DSA 794-1 - Justin Rye noticed that polygen generates precompiled grammar objects world-writable, which can be exploited by a local attacker to at least fill up the filesystem.
f94b5e060af156595ac79ac0df446e54076e4cc41faa66dccb31ee8608127bf3Ubuntu Security Notice USN-175-1 - Thomas Biege discovered a flaw in the privilege dropping of the NTP server. When ntpd was configured to drop root privileges, and the group to run under was specified as a name (as opposed to a numeric group ID), ntpd changed to the wrong group. Depending on the actual group it changed to, this could either cause non-minimal privileges, or a malfunctioning ntp server if the group does not have the privileges that ntpd actually needs.
4a267b5bef96ecb16cf73c4710bfaa24f4ac4b414bcb16eb98621f69960ecc90Multiple vendor web scanning utilities suffer from script injection vulnerabilities. These include N-Stealth Commercial Edition versions below 5.8.0.38, N-Stealth Free Edition versions below 5.8.1.03, and Nikto versions 1.35 and below.
5d0cd9d18bf2bcdf2c6d9c6188b8e53f8a16bdf7b1d3e239bb9c4656783da2e8The Barracuda Spam Firewall Appliance firmware versions 3.1.17 and below suffer from directory traversal, remote command execution, and password retrieval vulnerabilities.
42ec53e2eb500afc8a902f37140fda794ff5018657eb32d4ce443924ae4d2560iDEFENSE Security Advisory 09.01.05-2 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s NetMail IMAP daemon allows unauthenticated attackers to execute arbitrary code with the privileges of the underlying user. iDEFENSE has confirmed the existence of the vulnerability in the latest version of Novell NetMail, version 3.5.2. It is suspected that earlier versions of NetMail are also affected.
f2cbaf9e51063add484b80d860008619bf019d716f633dd213c3d1184df5168eiDEFENSE Security Advisory 09.01.05-1 - Remote exploitation of a directory traversal vulnerability in 3Com Corp.'s Network Supervisor version 5.0.2 may allow an attacker unauthorized access to files.
35e78d4d9e8bf321f382138ca66bfb3ce58af383cc80b15067d8151aaa709137silc-server versions 1.0 and below and silc-toolkit versions 0.9.12-r3 and below suffer from a symlink vulnerability.
a6a05964534a2dfa04c3e9f02a2c330927237610ff486f3e7ed9e48c25e353eeGentoo Linux Security Advisory GLSA 200509-01 - Sven Tantau discovered a heap overflow in the code handling the strf chunk of PCM audio streams. Versions less than 1.0_pre7-r1 are affected.
d32f6979b66e573cfbeb5e297f1f1d4cec6d8c222048617edbdb48807b371953Debian Security Advisory DSA 793-1 - Jakob Balle discovered a vulnerability in the handling of attachments in sqwebmail, a web mail application provided by the courier mail suite, which can be exploited by an attacker to conduct script insertion attacks.
08d015d40c6f7837225c6fb1edfe3576be98f626ffb34864253e71e43092907ffrox is susceptible to an arbitrary file reading vulnerability.
f1954b09f95e3629bbbf09478eac712f065089fa823d8803b13161873d5677c7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed