Secunia Security Advisory - Two security issues have been discovered in ScrumWorks Basic, which can be exploited by malicious, local users and by malicious people to disclose sensitive information.
bb1e60fb2e6944a581df20d63eb8f171ef08efbb064b80c7f76fd75718f87e04Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
e207998ee85025934aaa308606a77143b8a758c4feeb228d53bfbade12ea9528Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system.
891a00d28c0ea3592a7befc693b7a38e74cc27baec367cf88cde519f24cb6288Secunia Security Advisory - A vulnerability has been reported in Linksys WRT54GC, which can be exploited by malicious people to compromise a vulnerable system.
08c1f2f1907a6fc839e3cc59e44666e027ad8804333baecf7bf1bc97296b296dSecunia Security Advisory - A vulnerability has been reported in PHP Low Bids, which can be exploited by malicious people to conduct SQL injection attacks.
815e0ebf832a719b192424f7390115ade174588440ee2f3129eea934d1be5a0bMicrosoft Fax Cover Page Editor version 5.2.3790.3959 suffers from a code execution vulnerability. Proof of concept exploit included.
a3f6948acaffdb44b32f3e6435cb282a054ca4e186fa85c9e03ca616a1f3c675Mandriva Linux Security Advisory 2011-015 - Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
33f548308b4805323bbf19456b5f977a0d2f8ce2608d54d6b298f21d40bc7decMandriva Linux Security Advisory 2011-014 - Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow. The updated packages have been patched to correct this issue.
5bd5aad6a4d7b734fa684352a372a8563e83afb7520a4fb5838cb95e77566799Zero Day Initiative Advisory 11-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Cell Manager. Authentication is not required to exploit these vulnerabilities. The specific flaws exist within the crs.exe process which listens on a random TCP port. The process fails to properly handle multiple message types and copies user-supplied data into fixed-length buffers. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.
ed3e4f16a72dc55f3945490165812185a75c0837106c6da0adc719b4376140e5Zero Day Initiative Advisory 11-023 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens by default on UDP port 6095. When handling a packet of type 0x40020010 the process blindly copies user supplied data into a fixed length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
c71991533bfdd3521c2b3f92755604038ecabae206e9589e9549f116f1a25c91Zero Day Initiative Advisory 11-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Icon Labs Iconfidant SSL Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality responsible for key exchange. If the sum of specific length fields within a client master key packet exceeds 0x4000, a static buffer can be overflowed leading to arbitrary code execution on the affected system.
078c4c2b918cef3d97bc98aae7e9331d5f083c51454ccd50b1a0506b3f5b04b8Ubuntu Security Notice 1046-1 - Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu.
cbd17cefa0607c1ef33b6ed2f963d362ae7aa92f029fde75d8d407dd186609faDebian Linux Security Advisory 2149-1 - Remi Denis-Courmont discovered that dbus, a message bus application, is not properly limiting the nesting level when examining messages with extensive nested variants. This allows an attacker to crash the dbus system daemon due to a call stack overflow via crafted messages.
849b34b52e12a1ad5df3382c3dac8417ed09ccd34fb20acd6b36485d8669ddc7HP Security Bulletin HPSBMA02625 SSRT100138 - A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. Revision 1 of this advisory.
1a51399400267f788edf385cc1a7d0264130895aa8904bc8442307cb2b0c4cccSecunia Security Advisory - A vulnerability has been reported in HP Business Availability Center, which can be exploited by malicious people to conduct cross-site scripting attacks.
576f9394cabe2e0da68fcc8b2475de5a86cf387f7e6ca24373b855943a6e94faSecunia Security Advisory - A vulnerability has been reported in HP Business Service Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
ed7433acfe8e342bc41c758a32cc037f7976309c6b1628d3617967afbafdb433Secunia Security Advisory - A vulnerability has been reported in Lunascape, which can be exploited by malicious people to compromise a user's system.
28da7289c3fa382c2a040bac2b4868f67dfe3025c35251f1a8123f2680c95acbSecunia Security Advisory - HP has issued an update for Kerberos in HP-UX. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to conduct spoofing attacks.
bc4262779b493fe810626b46954d4af31b5f518cb16e9072f0e804b0b1bfabbeSecunia Security Advisory - A vulnerability has been reported in HP Business Service Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
ed7433acfe8e342bc41c758a32cc037f7976309c6b1628d3617967afbafdb433Secunia Security Advisory - Two vulnerabilities have been reported in Open Office / StarOffice, which can be exploited by malicious people to compromise a user's system.
959e45e6d167725984d5ba0843bca469a7cc4794a2314f53d2296e04415641a2Secunia Security Advisory - A vulnerability has been reported in Oracle Real User Experience Insight, which can be exploited by malicious people to conduct SQL injection attacks.
8b411f138c0a376187a4f8467ea85b88258ea128e9c73231495f873fb6c2c29cSecunia Security Advisory - A vulnerability has been reported in Health Sciences - Oracle Argus Safety, which can be exploited by malicious people to compromise a vulnerable system.
9e807fb431687c753f3696f6726e73d6b0c6b69e9182f4bdb6f895cfaaebeb2dSecunia Security Advisory - A vulnerability has been reported in Asterisk, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
82f548f31c488712df3e7c165ccf2c7870c67e91625baf4fb2236f71cdc63162
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed