Debian Security Advisory 1243-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. Evince embeds a copy of gv and needs an update as well.
59b309a2e743b9753ae0975f2805f781a77e3e1cec2b5e23bf2c11ef5d354603Debian Security Advisory 1214-2 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. The original update provided in DSA 1214-1 was insufficient; this update corrects this.
3ad038b7a8d216760848cb055cab23532027492d9af8f4c892e01003eb30cb69Debian Security Advisory 1242-1 - Several remote vulnerabilities have been discovered in elog, a web-based electronic logbook, which may lead to the execution of arbitrary code.
ab46b5f256569cecc7e471191b4aff967bfe2d167d08b720530659f31d4e1ddePHP icalendar versions 2.23rc1 and below are susceptible to multiple cross site scripting vulnerabilities.
697621b4cd8f230c79e1da41eff9540a3b79265fc5704584705ecaf8bfaea5e2Microsoft Windows NTRaiseHardError Csrss.exe proof of concept memory disclosure exploit.
f954af75e1a5a52b8e2352b2535467abe1a62f9e896a3fc3b8df24efc02ce1ecSecure Login Manager version 1.0 suffers from cross site scripting and SQL injection vulnerabilities.
cf7f17127ce3caee689d2ff7694f82d94f6fb3f03274e2d05e5df5b456c0f9d4WordPress versions 2.0.5 and below suffer from a cross site scripting flaw in templates.php.
a2dd0cec795c52d4cfbe796b479b8c2821ecbc8fcf64dc319ab12d03e4bc9565KSirc version 1.3.12 PRIVMSG remote buffer overflow proof of concept exploit.
aafc6464eed2fe0e2095c2f2fba7cb4ace0fd319db878e63357ac8e7d60f82a4LuckyBot version 3 suffers from a remote file inclusion vulnerability.
5b6b015cdb148d136782d9d6e48ba7541cdf8713951f58d69dfb0abe3f89ae6eThe BE IT EasyPartner Joomla! component is susceptible to remote file inclusion vulnerabilities.
57833b743a6ffe185998d45e4604f48b6d0e4bd777a33d2ae72fab85d36e4907OpenPKG Security Advisory - The Links web browser versions below 2.1pre26 suffer from an arbitrary code execution vulnerability.
ccd24a8032dfc6e3f207ae8646c3ad418869265a3599f98dba7bb0efa58e46acOpenPKG Security Advisory - OpenSER versions 1.1.0 and below suffer from a buffer overflow vulnerability.
5adb8463690b95ca64c0cdefd7eaad1f6fde535fd8d8a4a602092bde09153636logahead UNU edition version 1.0 is susceptible to upload and code execution vulnerabilities.
27b203654d10a87234e276e6dcddb31fd185b6177eb6384ef4ccb551260105e2Debian Security Advisory 1241-1 - In Squirrelmail, Martijn Brinkers discovered cross site scripting vulnerabilities in the the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail session.
3d4e4f9763c1933aa3c82f443c2430f8e41dbad4eee200ae89497e2ebf6d44bbPHP Live! version 3.2.2 suffers from multiple cross site scripting vulnerabilities.
eb17e2a66385d731d8b49d4f395f3f98fb8befbfb77c2db90481677b4ea1eabbThe Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
b4be56eb79666faa7809789c546465cad92188c39217d1b9ee2b6fd5c0cc9cb1FSlint is a toolkit to find various forms of lint on a filesystem. At the moment it reports duplicate files, bad symbolic links, troublesome file names, empty directories, non stripped executables, temporary files, duplicate/conflicting (binary) names, and unused ext2 directory blocks.
296a1803ceffd1c51b5efbaf6c64341157f0b5d0fdac42003f9ae04bb2322533NuFW is a set of daemons that filters packets on a per-user basis. The gateway authorizes a packet depending on which remote user has sent it. On the client side, users have to run a client that sends authentication packets to the gateway. On the server side, the gateway associates user ids to packets, thus enabling the possibility to filter packets on a user basis. Furthermore, the server architecture is done to use external authentication source such as an LDAP server.
2f7db649ee7c46ff87bf0cdc2420b781b2d9ceb9b38984019fe94c6eafe8233bForum AnyBoard suffers from a SQL injection flaw.
79669168744277f0d20a4558721e9df95065b9f12e9f5690051be48d1f29cee6PhpBBXtra version 2.0 suffers from a remote file inclusion vulnerability.
8c5adb2f46c331dedba6ad991c6878f2f74adaa5ac84711fa7ced8263ffa72b1HLStats versions between 1.34 and 1.20 suffer from a SQL injection vulnerability. Exploit included.
9e67ad11170a524c053956f06e2e53775c68666873dc6581ef70942a72c85d59PHP-CMS version 1.1.7 suffers from a remote file inclusion vulnerability.
a0801fa42646e91873484265479b98cccff1437d6bbb0dbe15cdad8d4b8ee2a8YouTube.com has a flaw that allows for arbitrary javascript execution.
f13cd7d75067b0ec8bcd4a8f9b7c93954b23f993fd2eeac563f81586602707dbCahier de texte version 2.2 suffers from a bypass vulnerability.
5c0ac412956c7f1a0d4be57717ba940c21ce9a5f58403cd85761f560ef8485c1TimberWolf version 1.2.2 suffers from a cross site scripting vulnerability.
690e8122748e9708eed54484776dcbeeb8466f22e2e5029b43c8bf222e553cd8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed