Asterisk Project Security Advisory - An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk.
36b56a28380039e2532e434853000794f007a636a0fa262cd6df0be8b4ee65e2Mandriva Linux Security Advisory 2009-307 - All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue.
6c3e5ccdc7414fb4d4e6692818c8d281fa7ac0bbdff3d1e65a37dd79454965f7pyForum version 1.0.3 suffers from a password reset vulnerability.
d4c51007d1f2103630400efe143135d7e436daa28dfba32fe67b2407b31b4981ISC released new BIND packages for Windows with vulnerable runtime DLLs. Brilliant.
9fbcfb929bbca62a9a57a83e890a4fa88a5123220c492b5bba320c36f285eac9Debian Linux Security Advisory 1942-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to the execution of arbitrary code or denial of service.
aaec69629e4af17984ae9d4966878d216bc3c00d7cdde81901ac2bb020fcc6a0Mandriva Linux Security Advisory 2009-306 - Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. The updated packages have been patched to correct these issues.
d9571c3961fd47c956899a4032f0b9a1cf3398e9d0bebaf5ba4b56b9ba832758Mandriva Linux Security Advisory 2009-305 - PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. The updated packages have been patched to correct these issues.
8588d381d2abb27d9725664cce93b232f3fae39d7e26be16675a82809f1bcc9fMandriva Linux Security Advisory 2009-303 - Some vulnerabilities were discovered and corrected in php-5.2.11.
844464288de02b7df255dd47353061c269f2ec0291cd09a19dade3c22d33c267HP Security Bulletin - A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
cd73e680643ad55bacc1b844331635889880e335ca49e558ebed8d627b969708Secunia Security Advisory - Debian has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
1ef4844dde32a8c1c1ea5be60e0a77b57842c17512e89b292758678529ab0234Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks.
ae89725a5d18f5f1300dd5f878717d782a267f4930f1fd8334df749ad2cb3a3bSecunia Security Advisory - Fedora has issued an update for tomcat6. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information or manipulate certain data and by malicious people to cause a DoS (Denial of Service) or disclose sensitive information.
dbb33008c8a17393e0dfedbadb1496ecbd8e90a05410479d6cb0174ba76684a6Secunia Security Advisory - Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
d21534021a29180dc2c2e9021a5f37b31b8e9de152c340ecbd4d4b8faa88df05Secunia Security Advisory - shinnai has discovered a vulnerability in Haihaisoft Universal Player, which can be exploited by malicious people to compromise a user's system.
18a6132ef33a501603ce6118ac21acde37a72f0f00fe9893e13441e34c46ebefSecunia Security Advisory - Christophe Devine has reported some vulnerabilities in SumatraPDF, which can be exploited by malicious people to compromise a user's system.
57b01ccab30976d284b06a160518fc5587ab5dddd8b4c8a0ea8f4152a15e5d3eSecunia Security Advisory - Christophe Devine has reported some vulnerabilities in MuPDF, which can be exploited by malicious people to compromise an application using the library.
1a4b674837e4cf7f6434211f7f97e23216a74d70f16af1cde8c6d961f091846aUbuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service.
4f878a13f8d4ca2752e08bf4d244d21c1e5497b18bc52847b8aad57c52a0fa41Mandriva Linux Security Advisory 2009-304 - Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO. Additionally BIND has been upgraded to the latest point release or closest supported version by ISC.
9ef63a92ea5c656e10f978bda2eca00adcbcfdbdc739c460d980dce572fdbc55Gentoo Linux Security Advisory 200911-6 - An input sanitation error in PEAR Net_Traceroute might allow remote attackers to execute arbitrary commands. Pasquale Imperato reported that the $host parameter to the traceroute() function in Traceroute.php is not properly sanitized before being passed to exec(). Versions less than 0.21.2 are affected.
8ce60f2d4618c4b7ff715e710c9973f96f90ed1d960f93bcddeaf72ce767c1cdDebian Linux Security Advisory 1940-1 - Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor.
a5539a28cde8a1bb5d0403cbd15a3328e03796380d5dd7bb69921367844f4dacSecunia Security Advisory - Gentoo has issued an update for PEAR-Net_Traceroute. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
d30f4f1585cb0b600ecfe75305a6f06a2375bf8b896fa3464d290a13c8b71daeSecunia Security Advisory - A security issue has been discovered in RADIO istek scripti, which can be exploited by malicious people to disclose sensitive information.
f35b948343b05cd1ca1505c154442a9a8d15804ff356e2329998f769020afee7Secunia Security Advisory - A vulnerability has been discovered in the GCalendar component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
48ea3df1dfab97437fbda3d2c469c9ecc3aa410904b8cc1c468a2a5dd9b34114Secunia Security Advisory - Ubuntu has issued an update for php5. This fixes multiple vulnerabilities, some of which have unknown impact and others that can be exploited by malicious, local users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service).
8a3bba3f6160f320a8d8a86c5c71c813da4700eb0877e5a509e9a1450aef6782Secunia Security Advisory - kaMtiEz has discovered a vulnerability in the LyftenBloggie component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
5ad1e51390ed8463dad0a68da7956f53721acae8e135f9227e3b8008839ec79c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed