Ubuntu Security Notice USN-768-1 - Stephane Chazelas discovered that Apport did not safely remove files from its crash report directory. If Apport had been enabled at some point, a local attacker could remove arbitrary files from the system.
8fa2e9012d04e758cf0b8c191f63010cc6620ec6d34a72a2749e3139df9d66bdiDefense Security Advisory 04.29.09 - Remote exploitation of a design error vulnerability in Symantec Corp.'s Symantec System Center may allow an attacker to execute arbitrary code with SYSTEM privileges. The vulnerability exists within the 'Intel File Transfer' service, which runs the xfr.exe application. When sent a properly formatted request, this service will extract a string from the request, and use it as the path of a program to execute as a new Process. The process will be started with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Symantec Client Security version 3.1. Previous versions may also be affected.
6e2b0f9eae90b4956e12a4bd18e62b1f41c4da41d29dfc69af01d2945fe6426aCall For Papers for the first International Alternative Workshop on Aggressive Computing and Security. It will take place from October 23rd through the 25th, 2009 in Laval, France.
3447f67b012f233371c6cb4878720ec911b585c972b36f92071e496ad09ac66aS-CMS version 1.1 suffers from a local file inclusion vulnerability in plugin.php.
4a4a3b0b3843ec7861bccb3ebe429d18983fabf686e09d0c1475bee2cb218a33Tiger DMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e3be9fda1df89dba19e13af1895b32eead00a3b928a7639c0a9a64946a58749bThe Trendmicro parsing engine can be bypassed by specially crafted and formatted ZIP, RAR, and CAB archives.
abed09554259c2e3388a70a248472bb87093766b256b9972dcf7ee400e610a4bThe ESET Nod32 parsing engine can be bypassed by a specially crafted and formatted CAB archive.
1c69319e78e7b2c5cc45a466ee1778e1e75bb147ad1ae4612f28dc3cc03020ceZubrag Smart File Download version 1.3 suffers from an arbitrary file download vulnerability.
b4a68a7314a4a13323531468521e1d34fec1a11eaf11048054749b0f3fc75604ProjectCMS version 1.0b suffers from a remote SQL injection vulnerability in index.php.
6b3590c0ce7aa31f3c3c8f0b97189e81616824240802c68ea371becce8e5f3f6eLitius version 1.0 suffers from a remote SQL injection vulnerability in banner-details.php.
5ab4c494cd4102eee45eabc2762e27a093df413b6af21940d53411e0b4cb509ampegable Player version 2.12 local stack overflow proof of concept exploit that creates a malicious .yuv file.
d14ae85b3a52a1789b7852990c4e467e26ad305a767f031aaa8de0672ca2c7c3Baby Web Server version 2.7.2.0 arbitrary file disclosure exploit.
6b17b31ff204c18d47dbfc2232e858107835c98b4ecb2a11da0ed60834001b6bSEC Consult Security Advisory 20090429-0 - LevelOne AMG-2000 Wireless AP Management Gateway suffers from proxy bypass and plain text vulnerabilities.
21fedd3d58a60ec4be0f1b3d390a6efc6e4b55fd06209cf789610813125e1dafSymantec Fax Viewer Control in WinFax Pro version 10.03 (DCCFAXVW.DLL) remote buffer overflow exploit.
2aed8b7e6e6ce96375af28dd2e4580c2567f748fbb45706ec2ce25127c08a6f9Debian Security Advisory 1783 - Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application.
378c24ed6865ec7a2fd8fd2b0301e6ad1f3da96ed58b9b53ff179426a24bca86Debian Security Advisory 1782-1 - Several vulnerabilities have been discovered in mplayer, a movie player for Unix-like systems.
ab45a988a3319574a71c625778a4441b1a197bf19918be539f70c5720add5dd7Debian Security Advisory 1781-1 - Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder.
ffc625bd60046ffa450d5486a03b15d37373cd07c757e7b76e3ff2fde794b237Mandriva Linux Security Advisory 2009-101 - Multiple buffer overflows, integer overflows, NULL pointer dereference and various other vulnerabilities affect the JBIG2 decoder.
1f6303a55e2ad8d1888c82a4caa6883c76f13e3d36bdb15b5f1e3cc6bbaa4a0bZero Day Initiative Advisory 09-018 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec Client Security. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Alert Originator service, iao.exe, which listens by default on TCP port 38292. The process blindly copies user-supplied data to a stack buffer via a memcpy call. By supplying a specially crafted packet, an attacker can overflow that buffer leading to arbitrary code execution in the context of the SYSTEM user.
6f2c6687de793a723fbc5c545b300bc7b6825f1d425a73288eeb566dd22d8ff4Autodesk IDrop remote code execution Active-X related exploit.
7c9c190ffc784d425b6ced4e31666ab13e643782cb0241ab22e64961271029edQuick 'N Easy Web Server version 3.3.5 arbitrary file disclosure exploit.
28b096ec8d20eb70a76699f695c80411a360606cd936faada273201aaac98200Secunia Security Advisory - Some vulnerabilities have been reported in various Symantec products, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to compromise a vulnerable system.
6cac817f91203e66acaf9bfb848037e01cc7bd91f201709543d2c2f54442c15fSecunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
3d91655fa2393c0db845b654ddc0d6d4a86ef4f991a49d1ad0b87b8cbd7b0f8fSecunia Security Advisory - A weakness has been reported in memcached, which can be exploited by malicious people to disclose system information.
7d596b609e7279dd207869d1c28550b2b7567aa908f6460d98bd1eab4b1ab168Secunia Security Advisory - Slackware has issued an update for mozilla-firefox. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
e93cffd1dba8c5fd6a21e6e5bcc8d75f12eab42dfe917f4a95f378e7d66ae74d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed