Gentoo Linux Security Advisory GLSA 200801-06:02 - Gregory Andersen reported that the Xfce4 panel does not correctly calculate memory boundaries, leading to a stack-based buffer overflow in the launcher_update_panel_entry() function. Daichi Kawahata reported libxfcegui4 did not copy provided values when creating SessionClient structs, possibly leading to access of freed memory areas. Versions less than 4.4.2 are affected.
80088109e557687bd1fbee653c139a5a94e114c7aaf091973f755ec223a117e6Gentoo Linux Security Advisory GLSA 200801-05 - The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Versions less than 2.6.17 are affected.
6cdd6731d9a08ef4c7ae571d51a2ff8a3e32f7cde6803e38a29b39bcd6477501Gentoo Linux Security Advisory GLSA 200801-04 - Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Versions less than 1.4.6 are affected.
0f3d909ec04856cc80516e427ab9e7d4af196ff4be5db4887d75e4d987cb480fGentoo Linux Security Advisory GLSA 200801-03 - Nico Golde from Debian reported that the sylprint.pl script that is part of the Claws Mail tools creates temporary files in an insecure manner. Versions less than 3.0.2-r1 are affected.
5dce7ec5626615b4ac9fe447aa9b0cc3d0445180865382e58a3d7a5f47502a65Gentoo Linux Security Advisory GLSA 200801-02:02 - R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities (GLSA 200711-30). Versions less than 2.2.1-r1 are affected.
abf4f973a2940c5591a4516d1cc1a76a4d28c61fdac2e1061b6247a03c95526aMandriva Linux Security Advisory - An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash. An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application.
b1cfa21a1dd7d661e0e7395096694506978e39fc9bbefc89dbf8281724b6e22fDebian Security Advisory 1457-1 - It was discovered that Dovecot, a POP3 and IMAP server, only when used with LDAP authentication and a base that contains variables, could allow a user to log in to the account of another user with the same password.
112e1de8c1082065a7f25ae830b7ba30d10d2c10292413a7403e80e2a765f372Debian Security Advisory 1456-1 - Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address.
13b7e17b2cc6049d0b195d2cf591126b05becb8ec82e1ad961319c4347226c7bThumbnail steganography creates a thumbnail from a source image and stores data in it by altering the color channels. To decipher the data, a new thumbnail is made from the original image and the differences between the pixels are calculated. This is intended to increase complexity of automated deciphering of images containing extra (steganographied) data. It requires both the original and the thumbnail to decipher. The original works like a key to unlock the thumbnail.
2ec1967b8963cc2f6937531aa5813cbfa7b1b130816340e9c4bde338e1be0f21Simple Machines Forum suffers from a cross site scripting vulnerability.
7449afad9f351c9ecbf39f53ccd654dd07e26dcd593f5edab4e18389a0d464a7Microsoft VFP_OLE_Server remote command execution exploit.
f47c5a4c56a605a98d2967d87bd7776553635f72c698f0960d88bff97a098526Microsoft Rich Textbox Control version 6.0 (SP6) SaveFile() insecure method exploit.
4743e545f17d34860403b248e012043f791b8ff55f1c7cde1448c653428c1dcfMicrosoft FoxServer ActiveX command execution exploit that makes use of vfp6r.dll version 6.0.8862.0.
57fba45e8240b5bde157213e65ede094e49cbaf2587206a1f857aae0e4fc5705DomPHP versions 0.81 and below remote add administrator exploit.
ea324ad1ecf0e1a07c0f9d36cbfcc8bf2609206671697a4c37d988d703734fa6Docebo versions 3.5.0.3 and below command execution exploit that makes use of lib.regset.php.
af497fe4ca756a9551803cbe0802cb20a7b5a6bc92dfe71582bfecbdbafa136diDefense Security Advisory 01.09.08 - Local exploitation of an input validation error vulnerability within Novell Inc.'s NetWare Client allows attackers to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nicm.sys, file version 3.0.0.4, as included with Novell's NetWare Client 4.91 SP4. Other versions may also be vulnerable.
1199edc5e5bb2e36aec4a186f945949d624aafcfeafaede7918b2e7d59888b2aPortBunny is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs sophisticated timing based on the use of so called "trigger"-packets. The port-scan is performed in 2 steps: First the scanner tries to find packets, to which the target responds ("triggers"). Second, the actual port-scan is performed. During the scan, the triggers, which were found in the first scanning-phase, are used to determine the optimal speed at which the target may be scanned.
cfe1e5b84b66577299d920dd6f1a1637e948dd4fb2a75ab5265de273ffb6287cPHP Webquest version 2.6 suffers from a vulnerability that allows for database credential extraction.
101df651f14c672626f43673d81941ababbc8cdeb667a543a981609b0a5d4393UploadImage version 1.0 and UploadScript version 1.0 remote change admin password exploit.
fadfe4d15c8b778b6fe50bd543cc8fe3e6e2189a56617f90dd2fd23f749a3a5fThe Php121 module in osData version 2.08 and below suffer from a local file inclusion vulnerability.
61030e2a5787cf7f453523eda6f08b999770c862825bda4b28518e043b04719dSecunia Security Advisory - Mandriva has issued an update for clamav. This fixes some vulnerabilities, where one vulnerability has unknown impacts and others can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
e75e71dd0d9049f30c58fdf3170d87032ec19b256f4fb9641aec02674bc62b69Secunia Security Advisory - Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
476a281ee459db8d26d144bf92f4f35f1ecff605b91a83ceac2db245e75bd698Secunia Security Advisory - A vulnerability has been reported in SSH Tectia Client/Server, which can be exploited by malicious, local users to gain escalated privileges.
abb48bb83c8ae6aa6b6a9db64f8a461ff1d437f6f919970a8658792f81b9ebadSecunia Security Advisory - Some vulnerabilities have been reported in Xcms, which can be exploited by malicious people to disclose sensitive information and to compromise a vulnerable system.
c4a761a18757ab8c3679ea8f2b84117368a4ca192f869b92ed110c320e4eb99dSecunia Security Advisory - r3dm0v3 has reported some vulnerabilities in PortalApp, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks or bypass certain security restrictions.
b6388e954bfa8ba438dab87a3e37f3ebc6fa9722bfd144d810b19f72336ac966
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed