Secunia Security Advisory - Ubuntu has issued an update for dpkg. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system.
d34b8ed0a03f15c88a195d0c2d414e43f73625ed5fb7de211c498929d9dd4a3bSecunia Security Advisory - Debian has issued an update for kvm. This fixes some vulnerabilities, which can be exploited by malicious, local users in a KVM guest to cause a DoS (Denial of Service) and potentially gain escalated privileges.
b9c8a0da863de74248ab8b8d126d18bd56a13c2ed5c5ae08e37df776afe77258Secunia Security Advisory - A vulnerability has been reported in the TinyMCE module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
62614889fe7fcf257f4d81ab0f59a77be64114b2764240bf996e7b5a5cb37d5fMandriva Linux Security Advisory 2010-060 - The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
661f12b4d05d295d68360ef3b6e85e913a7eab12a3a6263ea69415c8e41882b3Cookie Monster is a cookie analysis tool written in Python. Cookie Monster will grab cookies from a host and assign each character a number. This number can be used to perform mathematical calculations on the differences in order to find a pattern and see if cookie prediction is possible.
2ea212371ff52f7cdc5a9a96dc54b6d8e61438beb08855caa82fdf7b84a5f569SUPERAntiSpyware and Super Ad Blocker have almost identical device drivers in order to set up hooks and perform other duties from kernel space. These device drivers suffer from lack of validation of parameters passed from user mode. Additionally, some of the functions accessible from user mode are inherently insecure and lead to easy privilege escalation. All vulnerabilities are applicable to both applications. Proof of concept code included with full advisory.
93da6437bcb9637e120be7066882ac3cc94fb1b077eadc44cf86ee641dfae3c6The Joomla About component suffers from a remote SQL injection vulnerability.
9ef1e1ad7f752d0f8c3d5d96a17b46d69f06f3ede569d82b714da5e900020741Ubuntu Security Notice 908-1 - It was discovered that mod_proxy_ajp did not properly handle errors when a client doesn't send a request body. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. It was discovered that Apache did not properly handle headers in subrequests under certain conditions. A remote attacker could exploit this with a crafted request and possibly obtain sensitive information from previous requests.
80d32823dfe961f4baf74b024c759d7fbcb6e2c7ef4911f5901600a679ada31fMandriva Linux Security Advisory 2010-059 - Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
d1f0ae42f56c3585d6cea7fb2cee597d287eb71ad35bb226d41784daea2574b9Debian Linux Security Advisory 2010-1 - Several local vulnerabilities have been discovered in kvm, a full virtualization system.
26bf9b70f55c01cac135f5a868a8ec35a51a7b037e9a95f028c0f10c4079e475Secunia Research has discovered a vulnerability in XnView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. Version 1.97 is affected.
efa3ea2064ba6d18a4e149ff97e318e1885159d38d9d0c2bc5986a2d69036f67VUPEN Vulnerability Research Team discovered a critical vulnerability affecting Microsoft Office Excel. The flaw is caused by a memory corruption error when processing malformed "EntExU2" records in an Excel document, which could be exploited by attackers to execute arbitrary code.
13f9968930b3332dbfde62e94caad311f358ab18e12e54fe2ff3b65655a29182This Metasploit module exploits a use-after-free vulnerability within iepeers.dll of Microsoft Internet Explorer versions 6 and 7. NOTE: Internet Explorer 8 and Internet Explorer 5 are not affected.
ca6ec897859207169db7407f8bb4734a3760e5319a030b811baaa720b7efddaaPHPCityPortal suffers from remote file inclusion and SQL injection vulnerabilities.
82026a7c3f499732c4377fb5cf0c832e25b3fd2cb5e4f608892d6f3e1d36d307
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed