Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.
256bf39347fa94d25d60db1bb5f30b87b73b4a7ad9539af48cf091f1412bf583Secunia Security Advisory - Russ McRee has discovered two vulnerabilities in CubeCart, which can be exploited by malicious people to conduct cross-site scripting attacks.
0097658e089a5e14b8e55b7eac383b9b3b49227f99a64dcabdb3593f9395c9fcSecunia Security Advisory - Arsalan Emamjomehkashan has reported some vulnerabilities in Aeries Browser Interface, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
cba3e949359be1c92f9742979e3dad7f1d46a7096330ec64ec2b92df3cf66670Secunia Security Advisory - rPath has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information.
a42ed452d55ae8a2ff4f4d4470fdbc3ff2914801b837d261eca745a0ffcb7c58Secunia Security Advisory - rPath has issued an update for gnome-ssh-askpass and openssh. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.
948b2e174f45229f8dad6b950a4024f3594a45e47b6b8c70482ba694e1fe3c80Secunia Security Advisory - shinnai has discovered some vulnerabilities in LEADTOOLS Multimedia, which can be exploited by malicious people to overwrite arbitrary files.
752197f427cb6f1fd9661f741fd056b3902ff89a524e2dd70be5c63e70a697f8Secunia Security Advisory - teeed has reported a vulnerability in File Transfer, which can be exploited by malicious people to disclose sensitive information.
520556a91f90cc7652f378a234c284873cfa170fae0ada76e5bec30294bb5072Secunia Security Advisory - Some vulnerabilities and weaknesses have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.
088cdec7f3f7f7f92fc6aadf554e529798355e4af974abe9f535ca64d6713eb3Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.
93087a58bcf6d38c7484e2126913575b506cd94037b00f7025076bfc7badb09cSecunia Security Advisory - A security issue has been reported in some Sun SPARC Enterprise T5120 and T5220 Servers, which can be exploited by malicious users to bypass certain security restrictions
05a143d831e9af3dff5d4204985207a0a8cb10c593608de03de031b45867e88aCisco Security Advisory - Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
a9b789f67d015ebfaacfdad835aecae916f95ae2cd8af25a282d09ab989b9064Cisco Security Advisory - A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
590abd633caccc57ef5091f07338b3bb47024165cb0abfe8e22de9efa1b6de59Cisco Security Advisory - A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
eaab00543556990c9814d3f8fdd5005a6f0b3ae28e6943684965111b23bafee3Cisco Security Advisory - Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.
dcb91b8e9e526a01e6830474e66caabdc396217550f5f948e3ede12a6af14b52Cisco Security Advisory - Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
c0d42ecfdbd323b7c72cd98ba5fa908269034f82bd1bcde8170b8fa5f6a55b4eMandriva Linux Security Advisory - Two vulnerabilities were found in the Website META Language (WML) package that allowed local users to overwrite arbitrary files via symlink attacks.
642f93fb28c1a2234f77263f6160cec95cf0a8097345eac770f28404eaf2d0ffA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. This results in a situation allowing the execution of arbitrary code.
46d033672b84882059d7bd3a080efd1b899bcbeaad30ac9d9f03740fdca6aa26Demonstration exploit code for IBM solidDB versions 6.00.1018 and below which suffer from format string, crash, NULL pointer, and server termination vulnerabilities.
038d3b3993fe0c01cfed2a62f8ce866d6eb763003f023ba470ac0ff67e251358IBM solidDB versions 6.00.1018 and below suffer from format string, crash, NULL pointer, and server termination vulnerabilities.
ff89c52841e7aa03bcec7f58142e408965df48f8aa3e374a90daa645b36be539Invision Power Board versions 2.3.x and below allow for an arbitrary iframe insertion.
8c908879829b9103be2ddd6cb8070b795c89440b8481bc82b9cd15d3aa20e5edSecunia Security Advisory - Digital Security Research Group has discovered a vulnerability in PowerBook, which can be exploited by malicious people to disclose sensitive information.
89ae84f02d17c4b3bb5a2ea74c9e267bff94a7d387381d3f67d060b4f112b7d3Secunia Security Advisory - Daniel Papasian has reported a vulnerability in the PECL Alternative PHP Cache (APC) extension, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.
8b50ce052fe5c6a38ed3f14cbe0d6d75a6d302a164f33816e15eeb716917e9b1Ubuntu Security Notice 596-1 - Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby applications. It was discovered that Ruby's FTPTLS, telnets, and IMAPS modules did not check the commonName when performing SSL certificate checks. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to eavesdrop on encrypted communications from Ruby applications using these protocols.
c8117d450a2491ab5a1b7ababcad5544029bd84fc845134213c6b2b164d9e5baUbuntu Security Notice 595-1 - Michael Skladnikiewicz discovered that SDL_image did not correctly load GIF images. If a user or automated system were tricked into processing a specially crafted GIF, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. David Raulo discovered that SDL_image did not correctly load ILBM images. If a user or automated system were tricked into processing a specially crafted ILBM, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service.
8787a0170078a9d1a7576ce3ff41cf570558373d705eef090cfb9ca7e6eb0737Ubuntu Security Notice 594-1 - It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service.
9226a1928d84d1cb3b36af5f475f4d2dd2386512949872d5714643ddfa6187ff
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed