Secunia Security Advisory - IBM has acknowledged a vulnerability in Rational RequisitePro RequisiteWeb, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
ac31d79ba2ee7a45df7485462cc191935475f8d7aa64c1a9db59df691cc66447Secunia Security Advisory - A vulnerability has been reported in Taskjitsu, which can be exploited by malicious people to conduct SQL injection attacks.
5d3768f08c1f91834068714802298da10ba0685607e6fd068d4b7ddd65bf4ddbSUSE Security Announcement SUSE-SA:2006:058: OpenSSL DoS.
814a65ca6a6b291ade3d171ae2d11fbe2d8928e07217f85df9ad9a2fddb231d0OpenPKG Security Advisory OpenPKG-SA-2006.021: According to a vendor security advisory [0], four security issues were discovered in the cryptography and SSL/TLS toolkit OpenSSL [1]:
c7cb5db4bb937f86334260fe04414bfd6b338242b4fa66170b199e6c1c18d3deOpenPKG Security Advisory OpenPKG-SA-2006.022: OpenSSH DoS.
d5d9fa47506d765bdaf774904b158759facd51fb378669585a8a92078551dbe6Debian Security Advisory 1185-2: The fix used to correct CVE-2006-2940 introduced code that could lead to the use of uninitialized memory. Such use is likely to cause the application using the openssl library to crash, and has the potential to allow an attacker to cause the execution of arbitrary code.
6880b7627c46da20c45b6c8bdadb3abb0a4428841824ce3c7cb0fdc2dba0723aDebian Security Advisory 1187-1: Jason Hoover discovered that migrationtools, a collection of scripts to migrate user data to LDAP creates several temporary files insecurely, which might lead to denial of service through a symlink attack.
3e2b0158142021a93b5072cd2ee2a35ca7140af4143e42821ac6d411fbbbc99fDebian Security Advisory 1186-1: Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
3b01e9515a4b5654e3741f8a3388605db6cc323e0c4ae01cb4a85e28e9850e9aDebian Security Advisory 1185-1: Multiple vulnerabilities have been discovered in the OpenSSL cryptographic software package that could allow an attacker to launch a denial of service attack by exhausting system resources or crashing processes on a victim's computer.
993fb5f0e0a4624b3c8dca7109529bc497421bbf34ca416cb85f30d8bfcad6eeUbuntu Security Notice 354-1: firefox vulnerabilities
666f128229a911303f7f49fbe2f5d8f0d389e52f31fac78a220585ea652cad77Ubuntu Security Notice 356-1: Will Drewry, of the Google Security Team, discovered buffer overflows in GDB's DWARF processing. This would allow an attacker to execute arbitrary code with user privileges by tricking the user into using GDB to load an executable that contained malicious debugging information.
6526ede538cdfc733bce4c7dc1f3b393b987f3bf2a7a7c889f40d3e51e6d6c54Ubuntu Security Notice 355-1: Tavis Ormandy discovered that the SSH daemon did not properly handle authentication packets with duplicated blocks. By sending specially crafted packets, a remote attacker could exploit this to cause the ssh daemon to drain all available CPU resources until the login grace time expired. (CVE-2006-4924)
94ba03a310cc66b8a3bfe985bc19c97dfa5a50137986bce1b66db7eb91e83033Ubuntu Security Notice 353-1: openssl vulnerabilities
ff97740e1b9cc91943604c64ee85b9fb0d4319e2b3967f3d5d811484de75d1e4Mandriva Linux Security Advisory MDKSA-2006-170-1: Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
3c76c2930ccf608016ddd235650304ae236d473a22631ce23d8f4bd7c53bef86Mandriva Linux Security Advisory MDKSA-2006-178: Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
94af43fa19d7681fd3d3eb6907a00a8e849dc3b55dd5edc5976f12e61c31b6ffMandriva Linux Security Advisory MDKSA-2006-177: Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
d3666128e6e88e5857ca3fa3fec3ad9d5a46dca5dca8b23bd857449fae5e8c7eMandriva Linux Security Advisory MDKSA-2006-172-1: Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered.
8d943089384616297b034876f068e5a5a287d56faa95ff67dc525e4affa72450Mandriva Linux Security Advisory MDKSA-2006-176: Xine-lib uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
ad6ff7914a99ca4b7ffdd358562a6c002bad97026ac395cc63efec13951081ddMandriva Linux Security Advisory MDKSA-2006-175: Mplayer uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
0853d15177f1b25b600333ad3e27d0f418567665474a4e1afda12231c97c2b64Mandriva Linux Security Advisory MDKSA-2006-174: Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
cc0ed5fd8cb4a3d0ae9516e372be09c3d7e8df8305282a89780a9436a6893caaMandriva Linux Security Advisory MDKSA-2006-173: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
9364112a2d968612137724cec87b6bcc602fae6658876780e5c82c538e37dd67Mandriva Linux Security Advisory MDKSA-2006-172: Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered.
811120c872e89a53550805e50d7c3ae778f50ee60071ce006c81802b6ec5313eMandriva Linux Security Advisory MDKSA-2006-171: slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
fcdbae6d250c68ab0b42828ace1427d1b460a50db628a402a1c379e91bd60b24Mandriva Linux Security Advisory MDKSA-2006-157-1: Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
ea0bf29ebc4ad5451d420a004ada4c1dd9a17ce27f96ac3321f621f6ac5ef7a1There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
47ee00f36252f1652b78dad10fe001b7ca99781759d2b3060edd166609c2d021
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed