Mandriva Linux Security Advisory 2009-339 - Security issues were identified and fixed in Firefox 3.0.x. These include multiple unspecified vulnerabilities as well as memory corruption issues.
06915cef15d98b90ecc13511e6cf2f4cb0b21ccd16512646a4af384606c37067Mandriva Linux Security Advisory 2009-338 - Security issues were identified and fixed in Firefox 3.5.x. These include denial of service, code execution, integer overflows, and more.
9cc7efa925a6bb9208535359b11a52745232675dc023425cf0797df51d561d00PHP Open Chat version 3.0.2 suffers from cross site scripting and path disclosure vulnerabilities.
a18ffcbe95654f91433ac8f45e14488044e54c4265e15009d3b535d2c2edd03eWinScanX is a Windows enumeration utility featuring over 20 options including the ability to identify easy-to-guess Windows passwords, the ability to identify easy-to-guess SNMP community strings, and the ability to locate and decrypt WinVNC passwords. Includes an optional GUI front-end.
f9dbed28af952224082a4edc3d5bdbf2b0cf610bb56a3ac334b31ef7e6c366d0The Uploader version 2.0 suffers from a remote shell upload vulnerability.
5df5f7ae98cc5aa80fe90945b7d81d756240669bf316d09f94f48ba37d0e7b5bJpGraph version 3.0.6 suffers from a cross site scripting vulnerability.
0453010652eb79a6e0be9d48a2f4c48c61ac2edd0ceab142870919b01afd159dActive PHP Bookmarks version 1.3 suffers from the same SQL injection vulnerability as previously discovered in version 1.1.02.
efff500a3f085104f9a9fe116a56584cbb5616054d5a4db29b313deef8d46603Active Business Directory version 2 suffers from a cross site scripting vulnerability.
8f4f2f5c9699c2a94e0026618b4de97f0cb22cd0b04a405b8e19ea2dfc6a5be9paFileDB version 3.1 suffers from a cross site scripting vulnerability.
26e4128ac41caac62e1b1475d05b97df71507d093904650c769229ff08bf12ccThe Uploader version 2.0 suffers from a remote file disclosure vulnerability.
c8f1633d34ea1e29a96f01b5dd320c58b1bfd0e5c5d8e33bb33c1cefc89bddd9HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
677d879a6c783d645a2b9009ce4ddc894aafbf68792e7d5834806f213d5548f9CoolPlayer version 2.18 buffer overflow exploit that creates a malicious .m3u file.
6700526e38ec442a9156602160821f1b9ce13c13fa14d9fcf8333b2ea85187afMandriva Linux Security Advisory 2009-337 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update fixes this vulnerability.
9b1d9248d325b326cd89a7044db3b54eff9749fe5c542bf03caba727ff178cbfDeluxeBB versions 1.3 and below suffer from cross site scripting, unprotected administrative panels, and disclosure vulnerabilities.
77d8b4283ae07441efc3b56b5823c28026880c849cb61e83991af5cd5054d520Clark Connect suffers from a cross site scripting vulnerability.
75397143ee3801cd547e906bf165b9a2e21f225a47e48fa4d318d8ab306d0f80GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
feb6050dc00e59d426485550a2af8d416cf975e5e1e0ecf1c5f1bd139baafca5MyPage version 0.4 suffers from a local file inclusion vulnerability.
2c2b9c5998bf2d4f00b79f9af33ab48be08d8f1b1ad148f593fbccf18c31bfd6Mini File Host version 1.5 suffers from a remote shell upload vulnerability.
d9da0b34d0f15a273f2decfab3873b7fa45d1ff35ea0d7136787cbbc4ebd3ec9Easy RM To MP3 version 2.7.3.700 buffer overflow exploit for WinXP SP3 that creates a malicious .m3u file.
c0cfbcc3155e96fd913073f82536fe22a167397bd8c6ebc3eb349f2301f1e8e2PlayMeNow universal local buffer overflow SEH exploit that creates a malformed .m3u file.
ee083e818333905f354ed994a3b30cc37f8e04c9a2fa2802d7c8f59a0a3f4b8aProof of concept code that generates a PDF file to be loaded by Adobe Reader or Acrobat. It demonstrates a use-after-free vulnerability by spawning calc.exe.
da9b0a3b739effa9d24b5c103657aeb649579295386b7c9a39443550e726fec4Secunia Security Advisory - A vulnerability has been reported in Absolute Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks.
52334d79b576b72dab615b323fa0632471859e6c1dbe09f61a2819601d607952Secunia Security Advisory - Fedora has issued an update for libtool. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.
7a5c75a0549597f55b54220dc23602f4310a0a1250a966b9ada9260754c58e78Secunia Security Advisory - Fedora has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
c50d8406eabc2f307cadebf5d6406da7831ed61621fed585aaeea90d9d8aff6fSecunia Security Advisory - A vulnerability has been reported in Condor, which can be exploited by malicious users to bypass certain security restrictions.
4ca79cb34b56a8ed823663983dbfb04998c5de67d17efad0e3a36dff8355e389
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed