Absolute Poll Manager XE version 4.1 suffers from a remote cookie handling vulnerability.
835135ecd2a7ddc213ad0df6a41e4e78a421f5137704052d1af954da797852baAbsolute Podcast version 1.0 suffers from a remote cookie handling vulnerability.
e836b75dd7b7c39a1804c760d24239691c65d0b161bee7502d76069ec027e366Absolute File Send version 1.0 suffers from a remote cookie handling vulnerability.
a141f1a7d430f1619ff0c05e1530b8321d9dbbdcaddd2c18741fa7d7e3aa2ec2Secunia Security Advisory - SUSE has issued an update for tomcat5 and apache-jakarta-tomcat-connectors. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions.
54c0015c7ef6edc0f5e26bd1f95d5a7bf98d3da283525d009296ee057dac6716Secunia Security Advisory - Secunia Research has discovered a vulnerability in Interact, which can be exploited by malicious people to conduct cross-site request forgery attacks.
24c7b31f915875ea7bc3b1dc54473bed6b671cad55a421aafb41ae29be9639e2U-Mail Webmail version 4.91 suffers from an arbitrary file write vulnerability.
f9f8d110fd4355bc2b7bf47b11946943d01c986403ffb69a8a7427b881900940Spitfire Photo Pro suffers from a remote SQL injection vulnerability in pages.php.
f51a5dbbdfe4cf8ce2ee73476b9edd2907eb2e08c844d9ac9a39a2eeb66ce477Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
b24bd4a98833927e0b1b245b575bc3b38b6db2670de28727208de7fc567152e4Secunia Security Advisory - Wouter Coekaerts has reported a vulnerability in Quassel IRC, which can be exploited by malicious people to hijack IRC connections.
9f7ec6d718c8c19392d418b52e27973f42c34a2f8b7f381ee6e52c37e90567b9Secunia Security Advisory - Multiple vulnerabilities and security issues have been reported in IBM Lotus Connections. Some have an unknown impact and others can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclosure sensitive information, conduct cross-site scripting, script insertion, and SQL injection attacks.
536b09d332f87a19561d35dbd84d8bbde9fe321c79b8a8d1b380c39e71251320Ubuntu Security Notice 661-1 - Version 2.6.27 of the Linux kernel changed the order of options in TCP headers. While this change was RFC-compliant, it was found that some old routers and consumer DSL modems would not route traffic for these systems when TCP timestamps were enabled. As a workaround, TCP timestamps were disabled via sysctl.
311f97e57605d866249a68172b7dc11e80a03a75092ba7eca86061682aa36681Gentoo Linux Security Advisory GLSA 200810-03 - A memory management error in libspf2 might allow for remote execution of arbitrary code. libspf2 uses a fixed-length buffer to receive DNS responses and does not properly check the length of TXT records, leading to buffer overflows. Versions less than 1.2.8 are affected.
b89962e08445793c2f2fcc7517fcbf293f1324a4ae151bb01f811dca7181f51fA vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express for Microsoft SQL. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Data Protection for SQL CAD service, dsmcat.exe, which listens by default on a TCP port above 1024. The process trusts a user-supplied size value, receiving the specified amount of data into a static heap buffer. By sending a specially crafted packet, an attacker can overflow that buffer leading to arbitrary code execution in the context of the SYSTEM user.
24d125a250767b917b5d9088755eec5ca28098edb3dfa54584f6c5a6adb291bbA vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link. SonicWALL Pro 2040 is affected.
680063bf9eaca59b8914a7661552098e4550767aec39e8e52fb7d8fc7ff6e15eiDefense Security Advisory 10.30.08 - Remote exploitation of a stack buffer overflow vulnerability in Adobe Systems Inc.'s PageMaker could allow an attacker to execute arbitrary code with the privileges of the current user. A vulnerability exists within the handling of PMD files, the native file format for storing PageMaker documents. When parsing a malformed PMD file, data from the file is copied into a buffer without proper validation. This results in an exploitable stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Adobe PageMaker version 7.0.1 with the CVE-2007-5169 patch applied. Previous versions may also be affected. However, Adobe InDesign CS, the successor to PageMaker, is not affected.
30285f28d965b9654aef8e6c21708c5bbbf4e22fb01500dce610cc044d6dd20fiDefense Security Advisory 10.30.08 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists due to an area of heap memory being used after it has already been freed. By sending malformed data it is possible to cause an area of heap memory to be freed by one thread, and then reused after another thread allocates the same area of memory. This results in the original thread operating on the data changed by the second thread, which may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in eDirectory version 8.8 SP2 for Windows. The Linux version does not appear to be affected. Previous versions may also be affected.
4ae40b78386a4a54495de3992d9f34191e1286ccf1ca4f0cd75ec32f235b1bc5phpWebSite suffers from a remote SQL injection vulnerability in links.php.
de1f8e19cd8b6ded00e9217d202b619d3019680b8804ba94f213296dbaecb10b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed