Mandriva Linux Security Advisory - Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
3437abeb6b6fde1fb63ca51b51f5400bd54c2f785d2ca09ca693f6d40dc3855dmvnForum version 1.1 suffers from a cross site scripting vulnerability.
dcb8679078bf72bcb063361f8dc3c9099139fcbc28d0ad926e33563c0da074beThe Sphider search engine version 1.3.4 suffers from a cross site scripting vulnerability in search.php.
7006a0516cf27ded9fbfddbf366c5c6d5679d9f762a8cf65aa86ad0094160125Ubuntu Security Notice 605-1 - Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges.
b9c42ae554ce07a1d196256555df7f1305a5753dae6ea156362310e38f7087b4Ubuntu Security Notice 608-1 - It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code.
1019497a78fcf0ef12c22f2ac9cfbaffb18b373c464aa09239612487bb00ca6bUbuntu Security Notice 607-1 - It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
b1a143cfe46623a250bf87dac1a2b5dd06fcd07b59c77dfbdc86e49fe5a2b5bcThe Yahoo! Assistant (3721) ActiveX control is susceptible to a remote code execution vulnerability. Versions 3.6 and below are affected.
8039debd2fc4ad573e54771c91907d5dd43665633cecefbad5b990965e1a3b4ePHP versions 5.2.5 and below and 4.4.8 and below suffer from a multibyte shell command escaping bypass vulnerability.
193d2a7f3caa1f5c99beec37bed621ce36b1e889636d309ac31f2444d0ac76a6PHP versions 5.2.5 and below and 4.4.8 and below suffer from a weak random number seed vulnerability in GENERATE_SEED().
e595aa1de24282de7e212092e11553cf0994f87464e902dad2915e80f4e51e96Secunia Security Advisory - Gentoo has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious users to disclose sensitive information.
32bccdd452da6647d6f9b04c657ba22970340dadf2fd5f7cf966b6a24e15228fSecunia Security Advisory - Gentoo has issued an update for horde. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, and by malicious users to disclose sensitive information and potentially compromise a vulnerable system.
feadcb39e02185b5489d49273d6fb04c99cbf5a6a5d41d92d84f1412ff159274Secunia Security Advisory - A vulnerability has been reported in Common Data Format, which potentially can be exploited by malicious people to compromise an application using the library.
2eaeeeeb9ffe857df53d93ec0aaa783da27deed8397bdc0b9a7599d3f2846be3Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Invensys Wonderware InTouch, which can be exploited by malicious people to cause a DoS (Denial of Service).
832cfbeb9cf13a4a3600ca33cd8d072d328b9c356dc060a8974a31430b9ac072Secunia Security Advisory - Ubuntu has issued an update for cups. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
43ce2dceae734959ed583884b853410e465810dcc9c004b496c6bcada737a236Secunia Security Advisory - EgiX has discovered two vulnerabilities in DeluxeBB, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct SQL injection attacks.
e10c0724931575a02e9459c7038b2494a9085f19248dcf5735ec8d3728b1dfe6Secunia Security Advisory - HaCkeR-EgY has reported a vulnerability in Miniweb, which can be exploited by malicious people to conduct SQL injection attacks.
5bb203901ef8294c5dd4d61421a370e2e5292ba47ea84832d07693ec7a576ffbSecunia Security Advisory - M.Hasran Addahroni has reported a vulnerability in Auction XL, which can be exploited by malicious people to conduct SQL injection attacks.
d2ce905100f59fc7a8693481fae823a37eaaaad93309d830f8bcfa6f6b7be955Secunia Security Advisory - Debian has issued an update for b2evolution. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
d31130fbf833f8a58536c8282accadd85c926b96d62c1e49d6f81bbd7cff27e7Secunia Security Advisory - Debian has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
667ec36a11e4d6d5193ab114bc2f9a83e1c42068f35deb42fa30558bfab33291QTOFileManager version 1.0 suffers from a remote file upload vulnerability.
8db5c300d200d2a01eb70805902e1ba98d60cf8a8f5505d208cdbafd0f82b9a5Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.
05d5fac375a53e9e58bff5c4ff71d4dff9c0110dcca4550545e13c7ce7fe71d7PHPEasyData version 1.5.4 suffers from a remote SQL injection vulnerability.
4a9eb9403ea68f60ccc97624ac6a11b3e492615be01f3f09abd1254b10038748Pre Shopping Mall version 1.1 suffers from a SQL injection vulnerability in search.php.
a59264d575b73d1388ee6877db8abdeff27cea3bca2a84c201376238fe0d17cdDebian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.
fa6aec9ce94db20975693f5f321e7d96c3c11fc033799147ddb53375db168dc4HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges.
a25c67eb88bb44bc6b3fd07f12470e6be94fbd42adcea195f7399637529b6bf2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed