Debian Linux Security Advisory 2013-1 - Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page.
fc9cc8d0fc1587febf57a6248a4748717879740e917dd9930de52cc03dedcdf9Mandriva Linux Security Advisory 2010-061 - sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name. The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct these issues.
83a7c75f3efeeada265c070ec394bf9bf7567b6d73f909255f2c65e4899eb5aeZero Day Initiative Advisory 10-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-browser passes command line arguments to Skype through the registered 'skype:' protocol handler. Insufficient sanity checking to the /datapath argument allows an attacker to construct a link that will execute Skype with arbitrary arguments. This can be abused to specify a remote configuration storage directory which can be leveraged to glean target user credentials.
1a3fb0c954ce1130e87db954fec34934cb2807e576545be0a66e002a37268fa2Zero Day Initiative Advisory 10-028 - This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype's handling of the 'skype-plugin:' protocol. An attacker can specify a malicious URI, that upon clicking, will trigger the deletion of an arbitrary attacker specified XML file.
fa77e17c17401d4a75c3b4bb25ac1e9ad9db5dd096a945340444340566a1bf56Eros Erotik Webkatalog suffers from a remote SQL injection vulnerability.
25c51138a2a8a07da8167bb0890d09ba5886eb9291caf2708eb0550b00d5ee51ATutor version 1.6.4 suffers from a cross site scripting vulnerability.
3669732d40933733498b181a2186eccb89b07c4994be07577c6cc535a7e43be9Skype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution.
faa86373432c9b156df0c665dcd6633b96c306a1b1b24a4aa08c75976837f5d5This Metasploit module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the "Operation Aurora" attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited.
0ba5be9c3fc1e65562aeb4e5496513b06e2e1230824a7d5e57fd95077d38074fSecunia Security Advisory - A vulnerability has been reported in GNU Cpio, which can potentially be exploited by malicious people to compromise a vulnerable system.
a553fbdab70f9a838112e1ecd48cffa008ea7fceb144de86f75cf35770dbf949Secunia Security Advisory - A vulnerability has been reported in GNU tar, which can potentially be exploited by malicious people to compromise a vulnerable system.
f7bd4936d01cb2d9baf384782da995d5e0f193cdb337ea8e46a285c76e5e7c3aANE CMS version 1 suffers from a cross site request forgery vulnerability.
c161a7a1a5a54682f580191406652a5e246f2635feaab6ea5ab2e0886ee6c702ANE CMS version 1 suffers from a cross site scripting vulnerability.
946679792042f3ecb6616e6fc5dab2a0154013a6d023c94ef5bfba33652d1333Ubuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.
e03b020237a34eb10babde3dbb250d6762835d7c9f4c0e64626d3411643ef369Abton CMS suffers from a remote SQL injection vulnerability.
a4a9d625c462fc6db5ec9dce05a8d5d85346fe12ad0164e012210717ed49fcd6Secunia Security Advisory - Paul Craig has reported a vulnerability in Skype, which can be exploited by malicious people to bypass certain security restrictions and potentially disclose certain sensitive information.
dc5780f0e267cb54f2eb1a98a6e04cc112e6ffab86d001165a6c20b654aa3a05Secunia Security Advisory - Ubuntu has issued an update for apache2. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
e1e5073e352ab295b98c6d8d65e315d3acd58baa06828d082335bd8851d21f0fSecunia Security Advisory - A vulnerability has been reported in the Monthly Archive by Node Type module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
2032247ad4da8fcd49abcaee49a035078fb00ecbba63908d9d7830693f999a61Secunia Security Advisory - A vulnerability has been discovered in ispCP Omega, which can be exploited by malicious people to compromise a vulnerable system.
adcf13b7f0ff81775cc9c82dd7aa26ff13c10fe730c53baceabf234556d1c882Debian Linux Security Advisory 2011-1 - William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.
f26791a518123e680e1e34a55a4fd5c04672d53c72462a13fa80c1b690ec4fe6Secunia Security Advisory - A vulnerability has been discovered in Campsite, which can be exploited by malicious people to conduct cross-site request forgery attacks.
041a2b9b4cdbeb1963942c4eb1f5af11bada72f812162a0ba0b1a806b6e4b0bbSecunia Security Advisory - edu has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.
bf8acb7a0334f2e84baa57ea42e108db0c01d9659dfbd3d7ed22e4c72f7e9a1aSecunia Security Advisory - Debian has issued an update for dpkg. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system.
8f6c9c6167a4cdf00756fc0787b07e0a2ef3fb05251d553fa7084e5b0270b476Secunia Security Advisory - Some vulnerabilities have been discovered in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks.
afbf4c58256b70150438e23a8c4e7a819cdcbc12ed75271ca7defec94c90ec4fSecunia Security Advisory - Luka Milkovic has reported some vulnerabilities in SUPERAntiSpyware, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
5c1d12e732ea088f60d359525fb61ebc40f7c1a4b1b9eb0a3a23d31b8412b01cSecunia Security Advisory - Luka Milkovic has reported some vulnerabilities in Super Ad Blocker, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
fd5f4a1b71210da0bf39b460e631ec28b2f140e1d34ab7444fd7f609866e1282
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed