OpenSSL Security Advisory 20060928 - Dr. S. N. Henson recently developed an ASN.1 test suite for NISCC. When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. Other issues were also addressed.
9502f989ec9da5214945e96a2d710fcdd773af905ce1f2c7d00260acc1346401SUSE-SA:2006:056 - The gzip tool does not handle some specific values correctly when unpacking archives. This leads to vulnerabilities like buffer overflows or infinite loops.
5824d78af59c485e4c5bb9f39940cd6e46ba645d578cca1837b78e822e4a3cddZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
ca61c977f812670146a0d94dbc484e48367957bd2cdc17f091fcd89dc5ca2915rPath Security Advisory: 2006-0170-1 - Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service.
0b107839b2c512624c59c4384749fdf31feddab324d5d21277c716174a9ca4d3Innovate Portal v2.0 suffers from a cross site scripting vulnerability in index.php.
e8663bc3a77e3cd4a158f861cfedb9ce498093cd14758f5a81164421e15e6263Symantec Security Advisory: Symantec AntiVirus and Symantec Client Security Elevation of Privilege: An elevation of privilege vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a local attacker to execute code with elevated privileges on the target machine.
98818d0305a13c5b474bc35d8bfd29eb55ce0b988370d5284dcb1b7c980f86cfA simple program to inject linux shellcode into the environment and find its location in memory. It contains 8 shellcodes for x86, sparc, mips, and ppc.
e5d36b983e480ffe96e9dc0e95687d5812143c67e87a4caecd8bc2d1d2851661ECHO_ADV_47$2006: WAP Y! Messenger Cross-Site Scripting Vulnerability
089a776d986d9377925ae4d34aea863001e9a836082b2a3e6386c58e98ea0ff0HP-UX X.25 Denial of Service Vulnerability: A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
035cc7693d1286497945de3ede0912bd1b1e8768fa30f3ef1fb1e8974690d872NixieAffiliate suffers from an admin bypass vulnerability as well as cross site scripting.
9aa220f140e11cbb3a5ffdbfbeec96d1ac395e07d17718ed047abdb4862d861eSecunia Security Advisory - rPath has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
44e352e540f19a9513c94e03e2a80099af5c23b963c2801edc75b389caac78d1Secunia Security Advisory - Marc Ruef has reported some vulnerabilities in Sun Secure Global Desktop Software, which can be exploited by malicious people to conduct cross-site scripting attacks.
0b10b1dcee260354828e72f5a9da414469b253287ef9d2e6ac235d76f611e750Secunia Security Advisory - Drago84 has discovered a vulnerability in A-Blog, which can be exploited by malicious people to compromise a vulnerable system.
e263b909ab3ee3dcfbbda159310a73a7098759f27e69ed8a60bb8af9944f982aSecunia Security Advisory - Gentoo has issued an update for imagemagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
3bce58402efeea78e8ba5e9e739f9616d0158ac525cb355a59deea7921977898Secunia Security Advisory - Gentoo has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
e7e6222b3db8353d706ebc5f0ae88b4b1eb5271895b88d12c0964728d787d3feSecunia Security Advisory - Gentoo has issued an update for tikiwiki. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
0d4ddd1ac0b9ac537abd8f31dace70e170056f234265b2a6b298c2a7271129e1Secunia Security Advisory - SUSE has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
751bce1ded535d8662e30c678fb1976f2aae3874930577c8378fc003902723b8Secunia Security Advisory - Red Hat has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious users to disclose or manipulate sensitive information.
c36e5c3637e4fd8ea2c793c74601e26e1480445668bfaba02e65401cb3b7caa9Secunia Security Advisory - Some vulnerabilities have been reported in PHP Invoice, which can be exploited by malicious people to conduct cross-site scripting attacks.
f1f30e3615d9588cbe873b13a56894fd6363f4edd2d2576afd213413439db2fcSecunia Security Advisory - rPath has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
faa35e9550d3dea0b8945c6103d61b5b33133618ec1e6349782df9e62940c0b5Secunia Security Advisory - SnIpEr_SA has reported some vulnerabilities in Pie Cart Pro Site Builder, which can be exploited by malicious people to compromise a vulnerable system.
36b5a71d6db589a423ead50d4c09e5a5941e721fa0d7259368cdcd4a92266446Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
db12375bf5e785904d2cd2e8198d22b920f9f4f6a6d9b2b04ff18313aa5646eaSecunia Security Advisory - NanoyMaster has discovered some vulnerabilities in JAF CMS, which can be exploited by malicious people to conduct script insertion attacks and compromise a vulnerable system.
013542504e48f3fe21a3dc835b16885957347710dcce63f7ca0bf579a2e2f2a0Secunia Security Advisory - Root3r_H3ll has discovered a vulnerability in Exporia, which can be exploited by malicious people to disclose potentially sensitive information.
f0e7fa1174114a5fb319b64363e6d7747acbba4dfd08eea920950c63b4453354Gentoo Linux Security Advisory GLSA 200609-13 - Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the LZH decompression code, where a pathological data stream may result in the modification of stack data such as frame pointer, return address or saved registers. A static buffer underflow was discovered in the pack decompression support, allowing a specially crafted pack archive to underflow a .bss buffer. A static buffer overflow was uncovered in the LZH decompression code, allowing a data stream consisting of pathological huffman codes to overflow a .bss buffer. Multiple infinite loops were also uncovered in the LZH decompression code. Versions less than 1.3.5-r9 are affected.
30fcf5b5522c1d10fe551b1d248f87e3659e6eb8846997b7b00e1c760b290dc5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed