Gentoo Linux Security Advisory GLSA 200711-09 - Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large length value in the xrates element. Versions less than 0.9.3.3 are affected.
cdb4e248d974bf9f3c2d3160376436a0968bbf8ff3b8be093cb9efd7bd4ab2e3Debian Security Advisory 1402-1 - Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack.
83cf871582c0f2f1785740f1f1c14e639dc8c07188efff8263516a3c1c55a4b6Gentoo Linux Security Advisory GLSA 200711-08 - An off-by-one error when handling ICC profile chunks in the png_set_iCCP() function was discovered. George Cook and Jeff Phillips reported several errors in pngrtran.c, the use of logical instead of a bitwise functions and incorrect comparisons. Tavis Ormandy reported out-of-bounds read errors in several PNG chunk handling functions. Versions less than 1.2.21-r3 are affected.
d69eab70f1eed07c06dddfddec2d2a89e5accf81afc417284e481013a4068d2fGentoo Linux Security Advisory GLSA 200711-07 - Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo() method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Versions less than 2.4.4-r6 are affected.
2fb3dc7550b78ddefc9837c110eab024f2532db2e6549845e662f020b562ae99Gentoo Linux Security Advisory GLSA 200711-06 - Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex. An error has been discovered in the recall_headers() function in mod_mem_cache. The mod_cache module does not properly sanitize requests before processing them. The Prefork module does not properly check PID values before sending signals. The mod_proxy module does not correctly check headers before processing them. Versions less than 2.2.6 are affected.
3af714c78881d176cc1b41256f3f354e3c88517f7cc34687fe2d8f0b5a7a9ef6Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error, integer overflow, and boundary error all exist. Xpdf version 3.02 with the xpdf-3.02pl1.patch is affected.
db7926f6baf6cd881e47ceeba424de373bbceb3b243705bc23d61922f9cb077eSIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.
44b8f1330394d7ee5c5a5ce92f71f1909241c1b2caa71c754c83930bc18bd737Secunia Research has discovered a vulnerability in AbiWord Link Grammar, which can be exploited by malicious people to compromise an application using the library. Version 4.2.4 is affected.
35cb57c20c1b5fffa8c0266a03e117db8c1180ef7b09ebd9d7b9ff6d8364e840Secunia Research has discovered a vulnerability in Link Grammar, which can be exploited by malicious people to compromise an application using the affected code. Version 4.1b is affected.
4f0f9129c0c405b31977030fcfdf263ff9f2e4be0e99cafe4813fc14f9401248SiteMinder Agent suffers from cross site scripting vulnerabilities.
913578418723ce1d7fc6a17b8379b86e3fbc7f81742bbd87fd8fec2e2caffff9Secunia Security Advisory - Joren McReynolds has reported some vulnerabilities in Cisco Unified Meeting Place, which can be exploited by malicious people to conduct cross-site scripting attacks.
46a027f9978d34ddbb18d883b21dbca8af885758eccc253f0bc5e1e4f79917f2Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.
a69780e0e06c95da7dee8344f7db533b3de45ec84e8a82fc1699aef30632febcSecunia Security Advisory - Secunia Research has discovered a vulnerability in the AbiWord Link Grammar library, which can be exploited by malicious people to compromise a user's system.
32de72b87ada2a66a050737daff796f79c3e44c46021f2c6af2a5968d13c8094Secunia Security Advisory - Chris has reported a vulnerability in the Cypress script for BitchX, which can be exploited by malicious people to disclose potentially sensitive information or to compromise a vulnerable system.
6fa57c7c91c6e66f60620f18052c9c8f1c41506f6a8feb327dc874f7496f8d1aSecunia Security Advisory - Two vulnerabilities have been reported in Plone, which can be exploited by malicious people to compromise a vulnerable system.
d49ab0bb954a787b5499aff5fd7378501827130bbcea5eeedc68bc5c2269fee4Secunia Security Advisory - DarkFig has discovered a vulnerability in JBC Explorer, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
3fb94642dc04b00a37663b1bc8faed4c093ac5e9091b54edf309e6dfb33e4baeSecunia Security Advisory - Ubuntu has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
2c72b09e161dbb94b7a00d56851b4f6530206a2567fda7baa8c8dfaf8fbc011eIBM AIX versions 5.3.0 and below setlocale() local privilege escalation exploit.
14ebfd27e72f7eebada0b196fafd8c4c2f44fc8906848a379413f15b18717824Bunny the Fuzzer - A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. Uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data. This architecture makes it possible to significantly improve the coverage of the testing process without a noticeable performance impact usually associated with other attempts to peek into run-time internals.
ebfb03563564202d26c9314f19b2cbbdf98cdb2c16d21f6628ccf680af7d3db6Secunia Security Advisory - Mandriva has issued an update for netpbm. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
b7501ae81ad03356ab9c65d2af9dbfe61904d3137b702c11fb9452a8e710f59dSecunia Security Advisory - A vulnerability has been reported in the Archive::Tar Perl module, which can be exploited by malicious people to compromise a user's system.
96992f4d0f988acf20d75c5693a0a0914a1ee190ae8b03674b68df183c9658e5Technical Cyber Security Alert TA07-310A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Versions below 7.3 are affected.
9a845607c7692d683f7a55b5861d0d9bbabe9d325b6c9f1e3396c293d93624e1Mandriva Linux Security Advisory - Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
3590d95e704a2b4bb5d685df07d508326a9d5921828ec1b7d94910404cf25c19Gentoo Linux Security Advisory GLSA 200711-05 - Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the dir parameter; the translation module also does not sanitize the values of the edit and value parameters which it passes to eval() and include(); the log-in command does not validate the URL to redirect users to after logging in; SiteBar also contains several cross-site scripting vulnerabilities. Versions less than 3.3.9 are affected.
36771fb0329b6926ba517c37cc21aa30da4b07b906f850422e0062503b31d17eGentoo Linux Security Advisory GLSA 200711-04 - The imap_rescan() function of the file camel-imap-folder.c does not properly sanitize the SEQUENCE response sent by an IMAP server before being used to index arrays. Versions less than 1.10.3.1 are affected.
6ab17f9c7332d6005a5f0de76d49e87be1e40ce82a77350dd6ded6d82833e4cc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed