GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
d9b3d71f8f2930483d7b7b56276ebe954175b72b34128c6669d0fc00d289aa2eLinux 2.4 and 2.6 kernel sock_sendpage() NULL pointer dereference exploit. This newer version of the exploit also works with Linux kernel versions that implement COW credentials (e.g. Fedora 11). For SELinux enforced systems, it automatically searches in the SELinux policy rules for types with mmap_zero permission it can transition, and tries to exploit the system with that types.
e7a0caddf89d8627bd0b835e2b2cdebadbbcb4d666e016dac2a4f3f13979e955Debian Security Advisory 1881-1 - It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.
4dbb891cf168c0f7a2bc7cccc3d456dab123abd15c3057dad702ee6c76058555Secunia Research has discovered a vulnerability in various VMWare products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the VMnc codec (vmnc.dll) and can be exploited to cause a heap-based buffer overflow via a specially crafted video file with mismatched dimensions. Successful exploitation may allow execution of arbitrary code.
98e5779cd33d22ed50f6e62e505b39329741b8a8e9298122fffb91d95633ff4eGentoo Linux Security Advisory GLSA 200909-02 - A processing error in libvorbis might result in the execution of arbitrary code or a Denial of Service. Lucas Adamski reported that libvorbis does not correctly process file headers, related to static mode headers and encoding books. Versions less than 1.2.3 are affected.
3db46e8f6b021b9aa675c9ea1c2d0d31850c43c186f9bcd7061f1cd61c7f6fb4Gentoo Linux Security Advisory GLSA 200909-01 - An error in the handling of user names of Linux-PAM might allow remote attackers to cause a Denial of Service or escalate privileges. Marcus Granado reported that Linux-PAM does not properly handle user names that contain Unicode characters. This is related to integer signedness errors in the pam_StrTok() function in libpam/pam_misc.c. Versions less than 1.0.4 are affected.
f689910344730f64cedc83a43ba7c375638246dfee7417bdcbf897b81cd39b26Pidgin version 2.6.1 suffers from a remote denial of service vulnerability when receiving a malformed IRC TOPIC message from a malicious IRC server.
7ab8b43ac2c2acb3ad6eba05eb13a7a79ce2e4e84598528d24915d411c6ce887VMware Security Advisory - Several security issues are resolved with the latest VMnc codec. Affected are VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE.
dd5696c1d34d1408df31d1ca016b4f3885fb1dbc2e002879fa1d594acc1f3087The Rat CMS suffers from a remote shell upload vulnerability.
8cf5a008e05a86e15c72267929685f573318bfa4d3fbe7a2815f5fbb046742acTrafscrambler is an anti-sniffer/IDS NKE (Network Kernel Extension) for Mac OS X. Author tested this on x86 OS X versions 10.5.6 and 10.5.7. It should work on PPC and older releases as well.
63f1a54386d4a4b92cc91435a781879d181cdc1b453243be6c98c029cb8cdb2eThe yTNEF and the Evolution TNEF attachment decoders suffer from directory traversal and buffer overflow vulnerabilities. Evolution version 2.62.2 and yTNEF version 2.6 are both affected.
fc72295298826820b54f15f505292a1f357eed26bb395249ffb5557757b9e927Kolibri+ Webserver 2 suffers from directory traversal and denial of service vulnerabilities.
5fa8857290b16df1c4bd5fb00427d8f8d6f2303771a526a8843db0527a272d20King CMS version 0.6.0 suffers from a remote file inclusion vulnerability in menu.php.
8b4fc58aea5227750a9fc6711b6cb0c9a7d44f9e866630d837e358e45b614734Debian Security Advisory DSA 1880-1 - Several vulnerabilities have been discovered in the OpenOffice.org office suite.
29d09b914cb9584b866faa18a74e4edaa0df13b895e27f21ce6be1454b4c8f67Secunia Security Advisory - Fedora has issued an update for mapserver. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
88a5ec4d02f30d5bf8fc0d472fc1c6f393496737b481c9d77620d77c32b8bcc9Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Adobe Flash Player for Solaris, which can be exploited by malicious people to bypass security features, gain knowledge of sensitive information, or compromise a user's system.
9e30fe0cfa5cd3a2fb796d34c2c64a3f472c16290d99a88ab7ddc134055c27f1Secunia Security Advisory - Debian has issued an update for mysql-dfsg-5.0. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
8371d96e3abc72abcbfa46a872e471c825a1953747cbcad234dd1187343eb9f5Secunia Security Advisory - A vulnerability has been reported in MySQL, which can be exploited to compromise a vulnerable system.
695c6c2f5d014cc9a2aad1f9081def0d02167bc2afd76c180711214803fd09c6Secunia Security Advisory - A vulnerability has been reported in MyBuxScript PTC, which can be exploited by malicious people to conduct SQL injection attacks.
b71b3d5eb1e57f8164fd68ce6137c98a9bf4c01b602416d5fdc8159f81459bd5Secunia Security Advisory - v3n0m has reported a vulnerability in PHP Live!, which can be exploited by malicious people to conduct SQL injection attacks.
d689bc854c5d7a531a825908a5abae9f85225ff01dd84ebd281237a61d62d1f1Secunia Security Advisory - A vulnerability has been reported in KDE, which can be exploited by malicious people to conduct spoofing attacks.
c99a54abec09a6b6791d55ad55724d1b664fd52a3b7efa5967163a66907b2463Secunia Security Advisory - Some vulnerabilities have been reported in DotNetNuke, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
6e2649a7b34fb918591c02b3452c6b056de83536a37c705694ca7e1cc0045be6Secunia Security Advisory - A vulnerability has been reported in D-Link DIR-400 wireless router, which can be exploited to compromise a vulnerable device.
cb081debaaa7c550dabde53e733ed2ca797550d2af11d0a20ec90db8bab508cdSecunia Security Advisory - A vulnerability has been reported in TVersity, which can be exploited by malicious people to compromise a vulnerable system.
7d8662f70aa1d72be6e81b368110711d9e44f5520581c00ea0ac34337d8af0fcSecunia Security Advisory - Two vulnerabilities have been reported in ASUS WL-500W wireless router. One vulnerability has an unknown impact while the other can be exploited to compromise a vulnerable device.
ad2911a61594f4d5737ceb289dffa2913396a2f91f03ae4f43baa6dc4025026d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed