Hardened-PHP Project Security Advisory: PHP open_basedir Race Condition Vulnerability.
49eb67c0bff58dce3693b82c5f4abd425e3367215ae98d376ea356a1d9f3368eSeveral vulnerabilities in IPB exist that can force the admin to execute malicious SQL commands through the IPB SQL toolbox.
73d6a3bf7149192a423b428e91af1ebac4c45000f392f1a0bb99a05fc01aceceYener Haber Script 2.0 suffers from an SQL injection vulnerability.
b4591ca1ba3a57bd93a3d97fb34194a8b434e75f9d9a7098353108f788f72f68Mandriva Linux Security Advisory MDKSA-2006-179: Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default.
31fb83ce2c362a1244555f594057b417fbdde1e1f799e524bb45fc87e23b7a67Debian Security Advisory 1188-1: Several security related problems have been discovered in mailman, the web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems:
5675b2de9f810a586d9dde488257810c99b62c4af96f701c4b79c5c7ee52cdc1Gentoo Linux Security Advisory GLSA 200610-01 - A number of vulnerabilities have been found and fixed in Mozilla Thunderbird. For details please consult the references below. Versions less than 1.5.0.7 are affected.
ae4b2bf6a7cdc96630eee662fd2f01e20f1c3d736930c5fd01f7f7af6087b59bGentoo Linux Security Advisory GLSA 200610-02 - The Adobe Flash Player contains multiple unspecified vulnerabilities. Versions less than 7.0.68 are affected.
8682b873b4449b172dafff9ad57df97004075e61bc5947bbc626fbc4da3955c8Debian Security Advisory 1190-1: Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code.
f63cb2669b67cc9796104b9964345f84bd09f9f946fb982d59b60a5151a448a2Debian Security Advisory 1189-1: Several remote vulnerabilities have been discovered in OpenSSH, a free implementation of the Secure Shell protocol, which may lead to denial of service and potentially the execution of arbitrary code.
02cad4dfc6a25e2dd2ea2481faecc958bf424315d407b46f562741c0d6ea3260Ubuntu Security Notice 357-1: Sebastian Krahmer of the SuSE security team discovered that the System.CodeDom.Compiler classes used temporary files in an insecure way. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Under some circumstances, a local attacker could also exploit this to inject arbitrary code into running Mono processes.
aa139baf703e5dc316437d811887a074ddcede04fb9a0acdbba2dcc6981ac937Ubuntu Security Notice 353-2: USN-353-1 fixed several vulnerabilities in OpenSSL. However, Mark J Cox noticed that the applied patch for CVE-2006-2940 was flawed. This update corrects that patch.
e669be9ccdea94b40360c9e75c4c166906d93b3b8fd47aa3e090fcc2fa0ecb44Ubuntu Security Notice 358-1: ffmpeg, xine-lib vulnerabilities
1ad4664747ea5dc9a066ea4a2a438607ea6853815349a5167e20739a794e99b3osCommerce contains a flaw that allows a remote cross site scripting attack.This flaw exists because the application does not validate 'page' param upon submission to multiple scripts in /admin folder.This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
e784c526382627be9844d4f29fd4a4705c81c062f03f08b832c9eeae8976a0deDr.Web 4.33 antivirus LHA long directory name heap overflow: When building a special LHA archive with a long directory name in an extended directory header, a fixed size buffer on the heap is overflowed. When processing this malicious archive, it is then possible to make Dr.Web run arbitrary code by overwriting some internal malloc management informations.
2a30296b1d42bc902eefd52faffa18b6b2e14bb10873a005d4d3df2b73a5ab6cCAID 34661: CA Unicenter WSDM File System Read Access Vulnerability: Unicenter Web Services Distributed Management 3.1 uses a known vulnerable version of Jetty WebServer, an open source java web server. An advisory describing the Jetty WebServer vulnerability can be found at http://www.securityfocus.com/bid/11330. The vulnerability allows a remote attacker to gain full read access on the install partitions file system of the Unicenter WSDM host system through a directory traversal attack
59d313f06c61c6c3e14d15a2c66be546acd4d72d6e7daa4d3b078b9969a8198diDefense Security Advisory 10.02.06: Remote exploitation of a DoS vulnerability in Novell Inc.'s GroupWise Messenger could allow attackers to crash the Messenger server.
08fe0b130f5994748693d0868c3ba77e6017f17e4f49b94a123aa2494b31d195FreeBSD 5.2 and prior shmat local kernel exploit.
f115f3bd68abfe5196acc1e163784d94ea90217661b8b2c5a61be2b9797c191eHPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation: A potential security vulnerability has been identified in HP-UX running the Ignite-UX server. The vulnerability could be exploited to allow a remote unauthorized user to gain root access to the system running the Ignite-UX server.
81346cca3f04cae58e84251e25ca121b182ae9afa2a9aca2d13b0a7cc432f9d7HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access: A potential security vulnerability has been identified in HP-UX when running Service Locator Protocol (SLP).The vulnerabilit y could be exploited by a remote user of Service Locator Protocol (SLP) for unauthorized access.
f5a6eb5575a32d881bf444286af32d1ecd0a3df2602c46c2a0c43b6ad532f865National Cyber Alert System Technical Cyber Security Alert TA06-275A: Multiple Vulnerabilities in Apple and Adobe Products
5ed461803c9cb7d5e4c286b90864ac53794a47e7cdb3892f52746d42ada972eePebble 2.0.0 RC1 and 2 suffer from a cross site scripting vulnerability.
08a5e732869950e08e91c781c24e82104a020041dcae765ae6d6b23413dffc6fAimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.
5e23f13f4df0e76d70be2e7172cebdbc3306215726fa47e539dcfe6080b57cc0McAfee ePolicy Orchestrator 3.5.0 contains a pre-authentication buffer overflow vulnerability in NAISERV.exe. Protection Pilot 1.1.0 uses the same HTTP server, and is also vulnerable.
b10041868084225e62f4a63f86c4fb4e2f49df32ae08ccc857170b2bfe9a4c39IBM Informix (IDS) V10.0 suffers from several flaws that could allow an attacker to overwrite any file on the system or inject commands into the installer scripts.
e299b03aa62557f2b9a2a6bba84f0efdb77c22a8264d634d77e8361c2c039429EasyBannerFree suffers from a remote file inclusion vulnerability in functions.php.
9b893740a21ec833f32fc15da276c2a776806d2a60be53cad0f0d3554f13ccb1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed