Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.
5892f55d39db5175066b50606277442cbd55457c7ece2f3dc989861b04e657c6Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in gpdf. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened.
8a28188238054dc22c3e3b02e4cec0465ebabb7e550bbba1425252d618648e2cMandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened.
99546d27939433796467df61148f5135aec855b704c2ef4efc6f14747d7f224cThere exists a vulnerability within an architecture dependent function of the Apple Mac OS X 10.4.x kernel, which when properly exploited can lead to local compromise of the vulnerable system. Proof of concept code included.
a2f42affdf7e92cfb45ee12031a066c7505e5f3fb2f05c870d00879bbf8cb294The Aruba 800 is vulnerable to a persistent cross site scripting vulnerability on the administrator login screen.
3e73dcdf74055dee74b222dec88feb100ce0260e700825e3d8fd7ec82381a1cfThe Liferay Portal login page is vulnerable to a cross site scripting vulnerability within the "login" field processed by the "/c/portal/login" server-side script.
c5b4c300ba8f9b20584c800933c0325a4d4d46f7e96b287d9a80d0e033cff5fdSecunia Security Advisory - Debian has issued an update for zope-cmfplone. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
376557c77bbb66154df16a680a576333870344cab046cf83ecfa4511c0ca93deUbuntu Security Notice 544-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.
8794e30d017c457d435c1cd66eb1dc2b13305d4ad05862bf79e3c41da34f5325Ubuntu Security Notice 543-1 - Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges. Rafal Wojtczvk discovered multiple memory corruption issues in VMWare Player. Attackers with administrative privileges in a guest operating system could cause a denial of service or possibly execute arbitrary code on the host operating system.
24d86ab8d123ae4acdd9b4e09f53f8f65320bd6ed8e974fdbde5b8a7e9ec56dcUbuntu Security Notice 542-2 - USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.
e9318627f214f231de15eea94149771dd037cc830d63ac842e1656b9659673a3eEye Digital Security has discovered 14 vulnerabilities in the processing of FLAC (Free-Lossless Audio Codec) files affecting various applications. Processing a malicious FLAC file within a vulnerable application could result in the execution of arbitrary code at the privileges of the application or the current user (depending on OS).
fd4435d88053e876b0e64335d16dd5e50c862e15e3ae435c244329d2b41a39f6The xnu kernel of Mac OS X contains a vulnerability in the code that handles TIOCSETD ioctl requests. Exploitation of this vulnerability can lead to denial of service and code execution.
2833de13f87382fc1d46e30eeeb20f7f1d0014c4948730f08163022e37c4a526Technical Cyber Security Alert TA07-319A - Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to address multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service.
7bf8719665dba3119b6580b22a2fb49b5af08f3a3e1b2a6fb65ab5923550332cstproxy is small and simple single-threaded HTTP/SSL proxy server released under the GNU General Public License (GPL). stproxy uses as little resources as possible, while still being very fast and efficient.
502c1cf67367a493af1d9d9ddce76442a9f3bb04215820ed5f86d54ddded2a1bThe FlexGrid component version 7.1 suffers from stack overflows.
0ff229f87cd6fa0c9432eaced5da9a0aa2036ea3bd8a333141d685b0b728b1c6Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Samba version 3.0.26a is affected.
0d8f18d022ed10d9b2f2f18b1e118ebbf1137681dd01fadae9f56046a140eb21Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba versions 3.0.0 through 3.0.26a are affected.
7a6aaa8cc3ce4cf137b54f1d068c43453788e1a7634e15e4e06912ccca08983bAida-Web may suffer from some information exposure vulnerabilities.
e587c3e182da944a2faf4da8b977583f590c7942f033316beb04ee707240cf12sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon. The daemon is meant to mitigate what are commonly known as "dictionary attacks," i.e. scripted brute force attacks that use lists of user IDs and passwords to effect unauthorized intrusions. The sshutout daemon blunts such attacks by creating firewall rules to block individual offenders from accessing the system. These rules are created when an attack signature is detected, and after a configurable expiry interval has elapsed, the rules are deleted.
246877651e6ded3a85f1a0d91ec894828570c202c8de25ff66b1be65d0fda400Secunia Security Advisory - Debian has issued an update for horde3. This fixes some vulnerabilities, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks.
fe0664295433188ac623aa1597028ce7c49775128db89bd5fa80d534504d7723Secunia Security Advisory - Peter Ohlerich has reported a vulnerability in Lantronix SCS3200, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
e1f3b3256e11a18b945c48c9e3c4772031a3878a34ca95951df865918c15beacSecunia Security Advisory - Some vulnerabilities have been reported in Samba, which can be exploited by malicious people to compromise a vulnerable system.
1b942f2c7e8efd8c5f0f33d6ef96a53d72fca8e966c42742ba100d86e1938d8aSecunia Security Advisory - Fedora has issued an update for django. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
0caa1782147a12cf4182f3f1749cc6752194480b1a847bfb38f2a3a709421901Secunia Security Advisory - Fedora has issued an update for mono. This fixes a vulnerability with an unknown impact.
32f93037901fd25dfe0a6ebf4bba46cb68fe4b103b1c63bcfe757adb7726444aSecunia Security Advisory - SUSE has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service).
7a3c326c58be7a87971c92b200088b3beb2d5bced95be6b8d60c8df9e7cfbb65
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed