SCO Security Advisory SCOSA-2006.23 - UnixWare 7.1.4 : GhostScript Insecure Temporary File Creation Vulnerability.
186509323f9b90527c1c74b30aaadd04b978ad623d7a6e08f6aa49aaf54833c9DUGallery v2.x suffers from a login bypass vulnerability.
0ff16a405aef77db1af7f8a80371f0fb25208dfe596e31915efd8f8266351d65Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have unknown impacts and others may disclose sensitive information or bypass certain security restrictions.
a2485359983660b69a1b5e23d5c2fabe5313cf55d7351be5bfdbf43c4171c5f1OzzyWork Gallery suffers from a file upload vulnerability.
17a2426879c3c3035162fb50cc502ea21acea7b661d88aa3d29a5f64fe3a0295OzzyWork Gallery suffers from an administrative login bypass vulnerability.
c29763013b435928dfe18fe523ca657bbbc5030de416c9d3bf8520fc348b338eSecunia Research 09/05/2006 - Where Is It unacev2.dll Buffer Overflow Vulnerability.
5cb0e38828075ccea4dfedbc776063922fb588de9953918708a8a6c6b8b4df4bUnder some conditions, the ICQ client is vulnerable to remote script injection into the My Computer Security Zone of the Internet Explorer component used to display advertisement banners.
c1b734689902bb448560a2eb96f4343e17e937067a337cfa835e1a669561f972mybb v1.1.1 suffers from SQL injection in showthread.php
bedb5319cc52825b7730f0cea7db322a713a655e3b020356c1f9a429cb998c4aTwo independent vulnerabilities (client and server side) have been discovered in the Quake3 engine and many derived games.
181082848ea3b91dc03460e31df56e8d29d10bc560a2e191e24cd2ce742d02a6DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.
f335321a092cdc708f3222ce732299289b799602076f22e1942ed152b0f17e43Mandriva Linux Security Advisory MDKSA-2006-083: A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
c90214e085a14ed4de53d0d36a90b73a0a7d631d365ebd0781eb92e21a618290Mandriva Linux Security Advisory MDKSA-2006-085: Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
fb0183cfe198c29fd672128b008bc1b5517571e9f342856b7ae45e9f08669f23Mandriva Linux Security Advisory MDKSA-2006-084: The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
e8758531751ff25fcbd4487940f9f6d238d3e79bba67f69b2fa7c0662a6ef6e5Ubuntu Security Notice 284-1: Paul Jakma discovered that Quagga's ripd daemon did not properly handle authentication of RIPv1 requests. If the RIPv1 protocol had been disabled, or authentication for RIPv2 had been enabled, ripd still replied to RIPv1 requests, which could lead to information disclosure.
9da0f7a08dc8c1a3b2763b8b2b7fada9339dc2eb0b84cebe6bb1055b049f9181Ubuntu Security Notice 274-2: USN-274-1 fixed a logging bypass in the MySQL server. Unfortunately it was determined that the original update was not sufficient to completely fix the vulnerability, thus another update is necessary. We apologize for the inconvenience.
fcc8459857be031bf163c995c9aed5eef9f1a6c1c4a29e92ef61fd80b4d8976fFedora Legacy Update Advisory FLSA:185355 - Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically signed data with detached signatures. It is possible for an attacker to construct a cryptographically signed message which could appear to come from a third party. When a victim processes a GnuPG message with a malformed detached signature, GnuPG ignores the malformed signature, processes and outputs the signed data, and exits with status 0, just as it would if the signature had been valid. In this case, GnuPG's exit status would not indicate that no signature verification had taken place. This issue would primarily be of concern when processing GnuPG results via an automated script.
3c58bb7f5c5f3e5fa0a7131c5c69f209f930bbb7c790e8d832b7f14fba242f3dFedora Legacy Update Advisory FLSA:152923 - A flaw was discovered in xloadimage where filenames were not properly quoted when calling the gunzip command. An attacker could create a file with a carefully crafted filename so that it would execute arbitrary commands if opened by a victim.
abea417f287c24356b72a663f3fbe686293514d4c2bfecac09a87b09614de4d5Fedora Legacy Update Advisory FLSA:152904 - Buffer overflows were found in the nwclient program. An attacker, using a long -T option, could possibly execute arbitrary code and gain privileges.
0b3ea20f14eb25f6e4f7be9c3515414220e49112e0eeaccdef69b7a09e017d1aFedora Legacy Update Advisory FLSA:152898 - Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs.
1cdde94e1d01de56fce8c36236798a1984f989dbb28e9d36d2d930192a5bcfa8Fedora Legacy Update Advisory FLSA:164512 - A bug was found in the way fetchmail allocates memory for long lines. A remote attacker could cause a denial of service by sending a specially- crafted email.
663ce73125d1c59b76ff31ddeb25d98e2ea2d447182edcabe8d8344cadb013b3Fedora Legacy Update Advisory FLSA:152868 - Updated tetex packages that fix several security issues are now available.
e79f006e1c45861bd0eb22d142d8595fd9af1c54911bbb02e12d6316336f3bf2Gentoo Linux Security Advisory GLSA 200605-13 - The processing of the COM_TABLE_DUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Versions less than 4.1.19 are affected.
2a4cefe7e20d1cee4c375b3aaf74a47fca879317df8a7a2b33d853c567c21bedGentoo Linux Security Advisory GLSA 200605-12 - landser discovered a vulnerability within the remapShader command. Due to a boundary handling error in remapShader, there is a possibility of a buffer overflow. Versions less than 1.32c are affected.
ddf1877d8d424736c0d1ae38e47da4a5141f914e61ff625b593c403628efdb2bGentoo Linux Security Advisory GLSA 200605-11 - Ruby uses blocking sockets for WEBrick and XMLRPC servers. Versions less than 1.8.4-r1 are affected.
ed4efa54025ad2b7f866c88b5cd771f848a6bfe13faf1c89d05ab7fb50813767Gentoo Linux Security Advisory GLSA 200605-10 - The pdnsd team has discovered an unspecified buffer overflow vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure Programming Group (OUSPG), has also revealed a memory leak error within the handling of the QTYPE and QCLASS DNS queries, leading to consumption of large amounts of memory. Versions less than 1.2.4 are affected.
5eff045d709814fedc7d6368e17407073112f9b86caa3be0d2448e2cdc4c4f39
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed