Secunia Security Advisory - Red Hat has issued an update for avahi. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
67b6715c27d80d2913bd919442d0e80c7cb5d1a61997ab629b38b7424bdda5e4Secunia Security Advisory - High-Tech Bridge SA has reported a vulnerability in DSite CMS, which can be exploited by malicious users to conduct script insertion attacks.
7f74e3e4e566e87a3a4f893ed012a0b8c86168003c85552c23008387e18238e8Secunia Security Advisory - A vulnerability has been reported in IBM solidDB, which can be exploited by malicious people to potentially compromise a vulnerable system.
d437731c994324e20552810297cb3c07d26179d1f8b6cd292d9f9d545b246f74Secunia Security Advisory - A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
d6e91def315c441964cfe66632de03c3fefcc9ad6670d2686e7a6fbeb1ff409cSecunia Security Advisory - Luigi Auriemma has reported a vulnerability in the Unreal Engine, which can be exploited by malicious people to cause a DoS (Denial of Service).
2aceef1e11c1000050a31170dcff3c297a4e29b8b6b3ae48e5285f14a2368778Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Pixie CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
30b2522e01471f68a266f863f0e888f166edb7aafe1ea570eed2e9041ab6d4d1Secunia Security Advisory - Some vulnerabilities have been reported in Gnome VTE, which can be exploited by malicious people to compromise a user's system.
f50e00d57c417b36c50f5dfbb68234da344f09f5048bfa1ad095b78956820d25Secunia Security Advisory - Salvatore Fresta has discovered a vulnerability in the redSHOP component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
12bb9fe27f984ea4392e9e9c6bb4bcfb8388f2597b7b7cfe1de415fb2aa15c9aSecunia Security Advisory - Ubuntu has issued an update for vte. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
f169da69213e17c214c420f777505070f7f0ce5ed0029b1af314257d8ad14d85Secunia Security Advisory - Multiple vulnerabilities have been reported in Joomla, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
4711cf64cea566fe2fd5dcaf964e63600373ab78a5145d9eb58b29ed1740b53fSecunia Security Advisory - Multiple vulnerabilities have been reported in Ipswitch IMail Server, which can be exploited by malicious people to potentially compromise a vulnerable system.
462693521ec74dd119c5e7635348ed814fcf6a41ef56a80d473b46a6180f32b7Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in FestOS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
0357423101f88cb0e443564c9ce5a50f377ab7f35afc74d131dea23a5bf0937fSecunia Security Advisory - SkyLined has discovered a vulnerability in UltraEdit, which can be exploited by malicious people to compromise a user's system.
a27a337b7fa4cd1c91ecccd3f854a5625c0ba9def6f7d1a83a9383fbd7acad62Secunia Security Advisory - Elazar Broad has reported a vulnerability in SAP GUI, which can be exploited by malicious people to compromise a user's system.
1a28c3ec1a4257969e365aaf9a430ace74631fa0f135373c8d1a3f4f0020f120Secunia Security Advisory - A vulnerability has been discovered in Whizzy CMS, which can be exploited by malicious people to disclose sensitive information.
bb89298209fe0f0dee2f6ac5d6c846bbb79621f6d28a08c386ee640a96314a12Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Pligg, which can be exploited by malicious people to conduct cross-site scripting attacks.
5a9d4dd8913f0b0927e455f43e3f377aaf8155fedef85deb4e2d7faec996a387Secunia Security Advisory - Two vulnerabilities have been reported in Oracle TimesTen, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
72e0e102e9c323ccad608bf36d135e96131d59ff3b2c8bd264aaacb13267f941Zero Day Initiative Advisory 10-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within SMTPDLL.dll (called by queuemgr.exe). When handling a message queued for remote delivery user supplied data can be used to specify additional format specifiers to a vsprintf call. This can be accomplished by providing a specially crafted -NOTIFY argument to the SMTP "RCPT TO:" argument. Additionally, the destination buffer supplied to vsprintf is a local stack buffer and can also be overflowed with a large -NOTIFY argument. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
37ce4e96b82bcbbb30c5465567f06bd93fbb056083143279c00663505e89a796Kiwicon '10 Call For Papers - This year Kiwicon will be held from November 27th through 28th, 2010 in Wellington, New Zealand.
092e3df5929c816e6d15328da8296b90daff45007d94b9e0e436333471a0b337Zero Day Initiative Advisory 10-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication might be required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message subject contains a "?Q?" operator the string following that sequence is copied to a local stack buffer. No validation of the data or data length is done. In order to reach this code path a mailing list must be password protected (authentication required) or have previously had a password configured (no authentication required). A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
fb402162bacb3d8b6e64e4a1aa1bbde1598d7c8988808c9a74716f131ba6ef8fThe SAPGui BI component version 7100.1.400.8 suffers from a heap corruption vulnerability that can result in the execution of arbitrary code.
48281966e185d95a67bcf3b10926975fea33c0f7622999f0956eade3661b272bZero Day Initiative Advisory 10-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail List Mailer. Authentication is not required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message contains multiple "Reply-To:" headers the imailsrv.exe process concatenates these into a single fixed length buffer on the stack. No validation of the data or data length is done. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
ebbdc56c6961aa1b5a00fba623e5ec83c7e6155db97b3dbd2d88dea4062486acThe Call For Papers for ClubHack 2010 has been announced. For a full list of topics and more information on the convention, hit the home page.
42a8e81e63da7e01426eb310ae9c0d83ee10f2d9edc499f369802f6670e7213cUbuntu Security Notice 962-1 - Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.
80c4d64b72f9a308db9f8e5b218bb0ad4dff2e8abe8e73d44a908a8521f7dfe1Media Design Studio suffers from a cross site scripting vulnerability.
2ff3669cc6cd612ef4920846f1ac13a928ef7b67e3642cf7d6e98aa8a027252b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed