Gentoo Linux Security Advisory GLSA 200703-11 - The Magnatune downloader doesn't quote the m_currentAlbumFileName parameter while calling the unzip shell command. Versions less than 1.4.5-r1 are affected.
9921fd92676a28a15379fe15dd5356e711779256fd3a45ac192d249d6911eb50Debian Security Advisory 1266-1 - Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option.
ff2d443868ea9134e4a2821505f07b5d67eda9514390877c76d2ba1676c1cae7Core Security Technologies Advisory - The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in remote execution of arbitrary code at the kernel level on the vulnerable systems and/or a remote denial of service condition. Affected systems include OpenBSD 4.1 prior to Feb. 26th, 2006, OpenBSD 4.0 Current, OpenBSD 4.0 Stable, OpenBSD 3.9, OpenBSD 3.8, OpenBSD 3.6, and OpenBSD 3.1. Proof of concept exploit included.
2d5d5651f3ce213312cb165a62fc0f511f0b8d1488dfffa7ab49170738c88652Mandriva Linux Security Advisory - The DS_VideoDecoder_Open function in DirectShow/DS_VideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
1e8a5159b7b6dc0e60918f6aeec48b171e46c9c0258efc535f3006a7322f8b70Mandriva Linux Security Advisory - The DS_VideoDecoder_Open function in loader/dshow/DS_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
d4bfbc41eaadf6b63510af26525e0790c70f14f6c2cec2b97f949be8444a84e3vBulletin suffers from a SQL injection flaw via the admin panel.
9eea6446e09ce83853ef2c35536050ef5ad00514168d8c05773ecb401afb3017JGBBS version 3.0beta1 Search.ASP "Author" SQL injection exploit.
ef12d3a54cf1939a89568e3d4077cf686bf8b5d4ec1d2e4a47529c12f0332117WebCreator versions 0.2.6-rc3 and below suffer from a remote file inclusion vulnerability.
01a11c5ebb2dd9ff9c829e9ace85beb06551738ea987600e13706cb6e3c11bc4CARE2X version 1.1 suffers from a remote file inclusion vulnerability.
dcbab91314fae67b2b54053c172f8cad0edccd2c569e1366f2ecc56811f84f49Activist Mobilization Platform (AMP) version 3.2 suffers from a remote file inclusion vulnerability.
4d8878d5ecb80e4b8e712ee645c554711608d4d6fc841edda152cc838a540893MySQL Commander versions 2.7 and below suffer from a remote file inclusion vulnerability.
2c005448d430cf3d2f2227a94fe25ccb45250ddd028a4a97032f724535ab0b91Unrarlib version 0.4.0 suffers from a local buffer overflow condition.
fc255cada5b77ad9e310d6d4c1be3cc1721d8ec3c4e5e48503c784b792978d1fUbuntu Security Notice 432-2 - USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.
efd10c3a5bbef4bde937cd14206a894698209116719ed31936c3fa38bf151dd0Weekly Drawing Contest version 0.0.1 suffers from a local file disclosure vulnerability.
269ced39d845301f13578c23834077900786be9da878c99474d4f2ff9514dc90aon.at suffers from a cross site scripting vulnerability.
492fab1a571778c56ef5fb655f77801ab1fc2926b5c1fd0a0d589ab5b0768d9fOES (Open Educational System) version 0.1beta suffers from a remote file inclusion vulnerability.
bfd2bc4baa12d1af0cd999b89fce073dd8a0025c8d50b75d3ccc6bdfe0f5a915Alucard is a UPnP port redirection application that allows a user to open ports on a UPnP enabled router.
db1cd922af6c709865fe067e85ed486bd7a5eda8c9dd3a8a6254ddc8932478d1Ubuntu Security Notice 436-1 - Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
c6a9911f676c52c44f13fff3ea2c268d124e8d46002028af110bf993cb7c6a6aUbuntu Security Notice 435-1 - Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
9d8bbefeb03f250ad5e440fa93720bd6f44dd1ba21a5563df2eabea84f83f2b5www.eplus.de suffers from cross site scripting and remote file inclusion vulnerabilities.
4d4a8f8cd67095cc202653d66fab907b691872b1732c773d7324c7152a00ad1eCall for papers for the first annual European DeepSec In-Depth security conference.
94830d3a48579718254c9ce907a0bb42ab663c154bebc4d9cc5b33c595916b5aA vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld version 4.2.0.51.
eebfd477932c88afd67e2c6ffb83fcbaf17f3eb7fd4b2ae480ab2bc44d5a136fAssetMan version 2.4a suffers from a local file disclosure vulnerability.
f2a07fb1df34883ee420f8d322a070601290f3f745309e258eadf13f8a6d319dFantastico in all versions of CPanel 10.x suffers from a local file inclusion vulnerability.
df4ab17b9ae28afb557d490c52bb6c0a497fcb9719cc88e153ff566a02915a2eA remote file inclusion vulnerability exists in ClipShare version 1.5.3.
26246b35134755a318d48e585c6fd6cdc8f42416574a8e17eb866debc24c7734
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed