Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Java System Web Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
98f3bf9d7ffbb0ec09df1b249b43dc7604dd5a6aaa0c1be21ebc88f5e3878f92OneCMS version 2.5 remote blind SQL injection exploit that makes use of asd.php.
af41691346243ae41bd13625d78cdea9eac0bab4fae165e10cda7f9cf94a0ce4Galleristic version 1.0 remote SQL injection exploit that makes use of index.php.
d7fb74ba1743b54f471e2b2300724bb6edc0b22c93793527bba934c8291d2daaiDefense Security Advisory 05.07.08 - Remote exploitation of an integer signedness vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reallocating dynamic buffers. The rdesktop xrealloc() function uses a signed comparison to determine if the requested allocation size is less than 1. When this occurs, the function will incorrectly set the allocation size to be 1. This results in an improperly sized heap buffer being allocated, which can later be overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
fb3c906b37a049449b6061bd4c70f18a740449c49c614fbca2575be507243464iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
855716896a32d6400b57357a313e7d5671bf6a07c1cef096372236c340ce9ea8iDefense Security Advisory 05.07.08 - Remote exploitation of an integer underflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP request. When reading a request, a 16-bit integer value that represents the number of bytes that follow is taken from the packet. This value is then decremented by 4, and used to calculate how many bytes to read into a heap buffer. The subtraction operation can underflow, which will then lead to the heap buffer being overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
1092f657e4d4b947c1ee615da74f97b5643e05d42dbeb1e99d0b4d8092a260b7It appears that manipulating the forwarding functionality in Google's GMail service allows people to spam.
47700d4be60812157e47a3a9c83b1fe3ae04d87182fdcf5f52b516e7b7ecc66aGentoo Linux Security Advisory GLSA 200805-05 - Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Versions less than 1.0.0 are affected.
407d4bdf4d2ad204519379ec7ec97875a8ab4a42a7e09b81fb5aa568b220418cGentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected.
63852d21463be551da25c5039c1326ae79dcc6b1b3c3d0e17184432653a0e712Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected.
8e597b0eb583a93f5b20705800370493675a314ae667c8c72e4033be649d542cTux CMS version 0.1 suffers from cross site scripting vulnerabilities.
d91bf637c24cabddffae127bdc74d5254d280cee78b69506d6d329b3aaae8f60PostcardMentor suffers from a remote SQL injection vulnerability in step1.asp.
b9b69df715fa16ddb9509ad26af890c7ff8fe9f98218178105d42da6d7273ed4gameCMS Lite version 1.0 suffers from a remote SQL injection vulnerability in index.php.
a43b2b3ae4a77192d097b6d61868690441953b13db1c79e5f6636206bd0f66effips CMS suffers from a blind SQL injection vulnerability in print.asp.
1d36645cf10b871dfe4f3d632106f12fb8855eff5a46924ec4e1e4c44235ffccSecunia Security Advisory - Debian has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
83da5b9adb4b7b9f094362ea86a28374f5bb1da076d9a5c133e3c01cff1b55a5Secunia Security Advisory - Juan Pablo Lopez Yacubian has reported a vulnerability in Novell GroupWise, which can be exploited by malicious people to conduct script insertion attacks.
4021c3a4aca96f01b4e1757fa03826e3833f854fa2a66be8bc3c8937e877d74cSecunia Security Advisory - Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
ab1d76ace90ff471a28e008f2f4211b71e8b040c6d7ef44889e18b26db9fa54dSecunia Security Advisory - A vulnerability with an unknown impact has been reported in WebGUI.
814907f68b66c5152ace100bd9b676ee0831b8e59ade848b7bdf4541046f705fSecunia Security Advisory - U238 has discovered some vulnerabilities in angelo-emlak, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.
7e361a643d0b4a9d11abd59933e4b049bd5f987a5134aa4b76b35bcd0a174bd3Secunia Security Advisory - A security issue has been reported in GraphicsMagick, which can be exploited by malicious people to bypass certain security restrictions.
6a532d17e62323b377a87dbf9109984edd4e28def19a67437f731cb6f710fa6dSecunia Security Advisory - rPath has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges.
ee39c92f9e010f9f43efcb37028a8a0c508b9c1b1273b65c3f67b1b52da1cc00Secunia Security Advisory - Debian has issued an update for the kernel. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), or to potentially gain escalated privileges.
335ab6cda69d4507c5fe9e0cd1a774403f523906e21471b25fda0c95b3873026Secunia Security Advisory - Some vulnerabilities have been reported in Animal Shelter Manager (ASM), which can be exploited by malicious users to bypass certain security restrictions.
9687e86c0c33bb0ec0c551d7ed4121ad9470e7874f0f055ccb81b71d90f74783Secunia Security Advisory - Debian has issued an update for cacti. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
2e9d3a1230a208ca13e4e278a9a9fa1e25bb9a4453d234fbcf65c884c83126e7Secunia Security Advisory - A vulnerability has been reported in Licq, which can be exploited by malicious people to cause a DoS (Denial of Service).
844f60713dbe93fdcfebe756739680541a9465be4722d290f3cb63ef8999013e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed