A security vulnerability in pam-krb5 allowing overwrite and chown of arbitrary files via Solaris su was discovered by Derek Chan and reported by Steven Luo on 2009-01-29. Subsequent code auditing for behavior in setuid applications uncovered another, more general and more serious bug that could result in privilege escalation. Versions below 3.13 are affected.
bdb406a56845ea6531e01e4f9824194fe901c4587b9a6192655d9830a038ffb2Graugon Gallery version 1.0 suffers from cross site scripting, SQL injection, and cookie bypass vulnerabilities.
a2e74a0506476cd4ef4ab67a924caba75d014ed2ad1962d458b63b8c65b4e839Dacio's CMS version 1.08 suffers from cross site scripting, database disclosure, and remote SQL injection vulnerabilities.
030203d02df729588bab35247810993b2257a55f199924cd6900ced12c43e75fSkaDate Dating suffers from a remote shell upload vulnerability.
b26ee5c1519b7cc3af1c2bfc41802f79bc2a2bbff364ec370157997a77028d49Debian Security Advisory 1722-1 - Derek Chan discovered that the PAM module for the Heimdal Kerberos implementation allows reinitialisation of user credentials when run from a setuid context, resulting in potential local denial of service by overwriting the credential cache file or to local privilege escalation.
fca6c711b97c44e903888c29aac2e93038a81a49e80ca4144969b8744c9faf79Debian Security Advisory 1721-1 - Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos.
db0345a6dd0cf6b1a7b5cb0b929674cc542799fb057597a2cd7ae6f1ec768cf9GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
bcea66086fbb2b455dd77dd47b251b2b9abb43f51652e6fa3898ee2b3761bd11RARlab.com, the makers of WinRAR, suffer from a remote SQL injection vulnerability.
35139152dea6419a75a272d05fca49b76748b9c1696f7d4fd3ea427a062cee3cRemote exploit for Bloggeruniverse version 2Beta that uses SQL injection to extract administrative credentials, file disclosure, and remote command execution.
2c0d883c2325166492708347aba64e0139eb3fda8b4a9bd4540c7bf1a1e8495eThe Geovision Digital Video Surveillance system version 8.2 suffers from a directory traversal vulnerability.
540c6d8a477a34290f881e238b953948cd43f88fb9a50fc94f60e8e6971736ddWhitepaper called Fuzzing for Fun and Profit.
768dd0043af9a050054a164285b92b9a735df2f08c479aa9062253d8d6558d37Mandriva Linux Security Advisory 2009-035 - Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file. The updated packages have been patched to prevent this.
172994b9d9ea19facad0b14db1988ec0a0bcd56dc7e5e711bae7204b1e51c582Ubuntu Security Notice USN-717-3 - Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information.
b419591ea81440e5b2b1faa1b19e923b05930c7c64addc334bcc9a4bc1bb90fcUbuntu Security Notice USN-717-2 - A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user's system. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information.
5eb3961ec908da19beb5f976be19d24395dfd349964275176bc5a1c06d991ec3Ubuntu Security Notice USN-717-1 - Several flaws were discovered in Firefox 3.0 and XULRunner 1.9. These range from denial of service to code execution vulnerabilities.
b014be89d21cd295d8644f8a7293edf116674173a80e4437ca816e1706c5053bRemote exploit for the authentication bypass vulnerability in ProFTPd using mod_mysql.
e1f5b601f8af81df0b2624222de455c263ed411d290e7259eac220962b0c67c4Secunia Security Advisory - A vulnerability has been reported in AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
71c620b075d1293df5733bf05861d1680dc1415826a46c5fd315963589e15bc6Secunia Security Advisory - A vulnerability has been reported in Evolution, which can be exploited by malicious people to conduct spoofing attacks.
a8c31b527b3c9d69e11f229a478fc040b4a0b110e6e6c3e5caa52f20bb526d63Secunia Security Advisory - x0r has discovered a vulnerability in Auth PHP, which can be exploited by malicious people to conduct SQL injection attacks.
778f0b0fa8f18e5d853b77c2823e6186097321380ca34182eab05c9fda123697Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to cause a DoS or to potentially compromise a vulnerable system.
e2130f0a980a83070e1df386deb863276b9bebf683bd0bac2ab9c060674f2c0dSecunia Security Advisory - A vulnerability has been reported in Pebble, which can be exploited by malicious people to conduct cross-site scripting attacks
a19edff6576eff3f74c19cd2ae808f408cdbf0a73d81dfd28c448e162d244572Secunia Security Advisory - Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.
8565c3c56ecbe94351bd05a5578821d8346aaacde3cbe56944c3417df9781486Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.
34d0ed637f3767199d1bcfbe68e8002f949fc14a04a25461ec86a344f494b90cSecunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.
d0d5414466386d65dc3bad54cdbafe64cba842a26f82d673d5b85b97e56e9d99Secunia Security Advisory - make0day has discovered a vulnerability in Zeroboard XE, which can be exploited by malicious people to conduct script insertion attacks.
f8e96e511d316e7cda08ecf6be40e3fc4fd041e45154a37741b99fa0b3880d4c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed