iDefense Security Advisory 10.25.06: America Online 9.0 Security Edition ships with an ActiveX control which is marked as safe for scripting and contains a buffer overflow vulnerability which allows for the arbitrary execution of code.
a5023c957a2edcb61e500280df5b7eb3f11d62cbf1fc86ec2a18cc26a175cc42iDefense Security Advisory 10.25.06: AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability
bc6ad719bdb1a058e5459389cefc84c7df7e4a6edc8671dfda0ae37823b13e85rPath Security Advisory: 2006-0198-1: In previous versions of the screen package, the screen program had a bug which is known to make screen vulnerable to a minor denial of service attack in which the screen program would crash if presented with particular output. It is possible that this attack could also allow a user-complicit attacker to assume the privileges of the complicit user. The screen program is not setuid in rPath Linux, so any attack is limited to the complicit user.
9d6aa5849f0d951882c19d3c203f88b7b542c54aa21a1ef825a48ca850a0ca48rPath Security Advisory: 2006-0195-2: Previous versions of the qt-x11-free package include Qt libraries contain an integer overflow flaw that causes them not to properly bound pixmap image data. This may enable a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution, in applications which use vulnerable versions of the Qt libraries.
0bfa2913fc97e3bfc7630e182f6e6aceb9c1e399a7194c1829a5a615d64446fcTrustix Secure Linux Security Advisory #2006-0059: multiple vulnerabilities in postgresql.
99d17aaa01752a5dfdc9b3630e376f955e2d374c7b81ff89b254c13476bba128ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability.
eb5bfb0ae83feb926f3181599a8d113b5099355c3075f37ccc39f9e96f9dd7dbGentoo Linux Security Advisory GLSA 200610-13 - Luigi Auriemma reported that the XM loader of Cheese Tracker contains a buffer overflow vulnerability in the loader_XM::load_intrument_internal() function from loaders/loader_xm.cpp. Versions less than 0.9.9-r1 are affected.
6836d8e6883b2d5667426d301fac2690e17ef78baea18bdf775a5cb8506f00f2Mandriva Linux Security Advisory MDKSA-2006-187: An integer overflow was discovered in the way that Qt handled pixmap images. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using an application that uses Qt (like Konqueror), would cause it to crash or possibly execute arbitrary code with the privileges of the user.
88cbe33bbc5f6a69752cb29e2e256cae7857261c5c3921cca8f4db01499eef28Two vulnerabilities have been found in CruiseWorks. When exploited, the vulnerabilities allow an authenticated user to retrieve arbitrary files accessible to the web server process and to execute arbitrary code with privileges of the IIS IUSR_MACHINE account.
6ded8d2684f90a3812fd49e9f82867b5dc550992e640d71d72193a57d9bafc44Possible Firefox 2.0 Iframe cross site scripting vulnerability.
e541d0cf9e93f13a4fdf465fdab9d26c2ac165299c6f22233c823ef7a6da8f71SYM06-022 Symantec Device Driver Elevation of Privilege: Boon Seng Lim notified Symantec of a vulnerability in SAVRT.SYS which could allow a malicious user to use the output buffer of DeviceIOControl()to overwrite kernel addresses because the address space of the output buffer was not properly validated. A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system.
f5202c722020e111fddf5bf3e2bd2045903fbb7dc8ff2fb201d8425a9084b16bThe package XDB.DBMS_XDBZ0 contains SQL injection vulnerabilities in the procedure enable_hierarchy_internal [DB01], disable_hierarchiy_internal [DB15]. Oracle fixed this problem by using bind variables and verifying table names.
0bc0fcf44b3587488b47fde10758d3000967bf7dad61df65add1616a307eaa07The package SYS.DBMS_CDC_IMPDP contains SQL injection vulnerabilities. Oracle fixed this by using dbms_assert.
648ea5ceb80599a2e691a1cb28f91392a881db00ad56e55abda3cd3476411d08The package DBMS_SQLTUNE_INTERNAL contains SQL injection vulnerabilities. in I_SET_TUNING_PARAMETER and SELECT_SQLSET. Oracle fixed this by using bind variables in their dynamic SQL statements.
4069956a10c351e3cef1567cf88f9a1d8575c9c417fa3e3ffb5bbc73bd747a58The Oracle package MDSYS.SDO_LRS contains a SQL injection vulnerability in the first parameter of convert_to_lrs_layer. Oracle forgot to fix this problem with the April CPU. Oracle fixed these vulnerabilities with the package DBMS_ASSERT. To exploit this vulnerability it is necessary to have the privilege to create a PL/SQL-function.
e534a5773771e19c3b85bf82e2c954ea1824a79bf7333544191910efe07b0cfdThe Oracle Reports parameters showenv [REP01], parsequery [REP01], cellwrapper [REP02] and delimiter [REP02] are vulnerable against Cross-Site-Scripting.
6dc5d2078bd03101c9d465edd2759c33b1fbc60013e65092cefc7c6e9079c3efOracle 9i - 10g Rel.2 Advisory: Updates, deletes and inserts are possible with least-privilege via inline views. A user with create session only can insert/update/delete data (e.g. the dual table). This bug is similar but not identical to the bug which was fixed in the July 2006 CPU (Modify Data via views). No workarounds available.
1f9c0e6ff91688e81437a17159b854620002de70ed2b2f738ea364f727c081daThe list of values (LOV) in Oracle wwv_flow_utilities.gen_popup_list contains a SQL injection vulnerability. Depending of the APEX application it is possible to inject custom SQL statements.
31b98b197a3734d9bdbf1e6602233a75c9d700af6752b4ba006bad71a156b817The package WWV_FLOW_ITEM_HELP in Oracle APEX contains a cross site scripting vulnerability.
91ba505930f02bcbaefdcb8f89bfba0654ef85250394f1dfdaa6191eeeb5744fThe parameter NOTIFCATION_MSG in Oracle APEX NOTIFICATION_MSG contains a cross site scripting vulnerability.
39968f8da257a3d90ebd519ef0e6d6d1f40dce618c3be5c3b4e53ed0e7231646phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-002: Some scripts inside the admin interface were displaying parameters collected by the delivery scripts without proper sanitizing or escaping. The delivery scripts have public access, while the admin interface is restricted to logged in users. An attacker could inject HTML/XSS code which could be displayed/executed in a later time inside the admin interface.
2e25fc4dbd7f2e8667f215f5c7b29bcecfb4f2df299917ae69d01e51ba800864Zwahlen's Online Shop suffers from a cross site scripting vulnerability in article.htm.
d861ee2fa2119ea8bb74a0306d89eafe124001b486738c8153fb4b70fcde68eeiDefense Security Advisory 10.21.06 - Novell eDirectory NCP over IP length Heap Overflow Vulnerability: Remote exploitation of a heap overflow vulnerability in Novell Inc.'s eDirectory product could allow an attacker to execute arbitrary code in the context of the running daemon.
dc5474d0694fa7b14b331edde1edc4bb1c9f1b20d63cb4402abdc1ca5ce549cbiDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Heap Overflow Vulnerability - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s eDirectory product could allow an attacker to execute arbitrary code in the context of the running daemon.
30158593b9365d8bfcd058c6a4c512c4438d61b1122142bea89af170d19bd94ciDefense Security Advisory 10.21.06: Novell eDirectory evtFilteredMonitorEventsRequest Invalid Free Vulnerability - Remote exploitation of an invalid free vulnerability in Novell Inc.'s eDirectory product could allow an attacker to execute arbitrary code in the context of the running daemon.
852542c0c78828dd85165aa8f1e8ca012edf50e273cf7a90c75b4d8c2cd3f4f3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed