Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.
9ed76ef7e0ca15b6f3d0dd3bbcb371b90415569769b68e0063e610641ecbe8e3Secunia Security Advisory - BiNgZa has discovered some vulnerabilities in BIGACE Web CMS, which can be exploited by malicious people to disclose sensitive information and to compromise a vulnerable system.
1e8ec9e5e93d1e907281afb6a88fb4977ef44673656aa84debe8017b8d4b36a8Secunia Security Advisory - Some vulnerabilities have been reported in RakNet, which can potentially be exploited by malicious people to conduct SQL injection attacks.
09ac6da6ac360fcd42d94f4fd4d3c241ee27bf36c8b881fb0a050b895d8d3570Secunia Security Advisory - David Vieira-Kurz has reported a vulnerability in ActualAnalyzer, which can be exploited by malicious people to conduct cross-site scripting attacks.
4dd292eb107ba2f0661444303f837c2262698564797f628a94f0b96dc4aa7a89Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected.
646a4a7001bc9593bc74a79a95315612a38d85bb6bf77383ade5aa63b405d50dCisco BBSM Captive Portal suffers from a cross site scripting vulnerability.
3678e1a7be3cdc235260ae444cf866aabaab44bd2264b0c8d01b9db67da91971Meto Forum version 1.1 suffers from multiple remote SQL injection vulnerabilities.
762638415be049f70a20da96642eaaf9f89730bfba3b03a628cb1da2893d4eecCaLogic Calendars version 1.2.2 suffers from a remote SQL injection vulnerability.
7d7ff16b4f9dea55cbdd6e202d946739b816eb47d5ef6cd7e7c5aab496e93d4bWeb Group Communication Center versions 1.0.3 PreRelease #1 and below suffer from cross site scripting and SQL injection vulnerabilities.
69840bd4a4c4e2e4a68bb6d26dcb8233c187e7cae9c7ebb7dd4bc1c982e853e2Technical Cyber Security Alert TA08-134A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.
a429cbb1dcc5d47b7037ad20109520509e20354b3dfced27f9ce609318f88abdiDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable.
28de6edcab5bca871b515513d06ce332b7e6948f6328c74f3c8fa3cc3e056b41A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
ce5e0e1da217cf6a295fc152a35c405a6f643eab3dd911f17018432089b72331Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
d1b51a7c86616452a841cab5c023851e85953537abe832637af6433873363015A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects. The specific flaw exists within the parsing of a column structure. The DWORD value from the structure that specifies the column count is trusted. If this value is changed, an inline memcpy to the stack can overflow while reading a column name. Typically Jet DB structures are used within MDB files which are considered unsafe. However, it is possible to embed such files within a trusted format, such as an Office Document (.doc). This issue allows for remote code execution under the context of the currently logged in user.
e844b4959b56a2734f0ba5e359460c7e58277ade8dc77e054350154dc5dc0174Secunia Security Advisory - A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user's system.
c5944de586ee9d9c843d71f097dc04d488d49da40ad65926dffc9d9fdc4960fbSecunia Security Advisory - Two vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to cause a DoS (Denial of Service).
82a52a8c2a3cabc720c88318c46938959b105101fb927387ed72ba8c619e2599Secunia Security Advisory - Debian has issued an update for OpenSSL. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and a security issue, which can lead to weak cryptographic key material.
19148622871388bcb872aa232adb8fb844a27eb715706a8d437ebe23f54a7aeaThe e107 zogo-shop plugin version 1.16 Beta 13 suffers from a SQL injection vulnerability.
4e3a367518505fe315d437bb4366a6a34356137fdc613bac445122af6184a0b9Advanced Image Hosting version 2.1 remote SQL injection exploit.
303f27bad8605b27047b298c738ae8397dd66d785a2c277e7a0e4075935f2a88The e107 BLOG engine plugin version 2.2 suffers from a blind SQL injection vulnerability.
b4723a6a5ec828f71e328088ae74fb67edda892301b0b4475a508aeb609e1a40AJ HYIP ACME suffers from a remote SQL injection vulnerability in topic_detail.php.
29687480ef042d000372f86ada376f6b0291df7adbe2457186b0a1033aeb6da9EQDKP version 1.3.2f authentication bypass proof of concept exploit.
08f7345e588e611f7225a9fefca51d81c9281172475942f754855b47add1e01dUbuntu Security Notice 612-2 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
a3fe7f7dd11d8ef80fad04e03042c734c5101a92993b5be8c41e700a460875f0Debian Security Advisory 1571-1 - Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
32b6972f4816a9a80732fc9314dabd27a27224f039be6fcb0e57b1864547041eInterspire ArticleLive NX is vulnerable to a cross site scripting vulnerability.
600f5af39b27695784b428bdccc38aba01ce7140cb248bfb9c88e28d8ff66982
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed