Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
ae88faae108f01ca6ae7ea5089ab26ccdc686f733c93ddbd726ddb2b9f5100ffSecunia Security Advisory - rPath has issued an update for openssl. This fixes some vulnerabilities and a weakness, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to potentially bypass certain security restrictions or to cause a DoS (Denial of Service).
0cce34c7d131303f32a64dffaeec7548e6a03beea391c0dc8cf71a40115589ddSecunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
f4eba2703a2f33c25aa54751b737178bdbbe28df50b712e768423e1cbbe8e110Secunia Security Advisory - Fedora has issued an update for ntfs-3g. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
c64e2afc6774972bf68eb4e32a42d8517c40cb688fec7f750e0509c28c7d1fd5Secunia Security Advisory - Red Hat has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
c025905117b738dc0174fa087018efe0115e05bdb4be6330b720dc62da237a8cSecunia Security Advisory - Ubuntu has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information.
d3cc8d3494a50adb331851812ef82a995ae84d7d3b368470c77f3d3bad021009Secunia Security Advisory - Janek Vind has discovered a vulnerability in the Dance Music module for PHP-Nuke, which can be exploited by malicious people to disclose sensitive information.
437b399504b607900beeb770c6aa812161c59452a75c5faabe6725b9a3cc2253Secunia Security Advisory - Jason Kratzer has reported some vulnerabilities in JSPWiki, which can be exploited by malicious people to disclose system information and conduct cross-site scripting and script insertion attacks.
fe0007408d063b313e2c712ca7c462ec21e3cd26078704b913cf9df8deb787bcSecunia Security Advisory - Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
9c285fb00edd50ae37ef1f780bd6bbb590c1ef0927a17973d19d9a1dd7cf5e39Secunia Security Advisory - Luca ikki Carettoni and Luca Daath De Fulgentis have reported some vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to compromise a vulnerable system.
e801a02c9a902072d6ae0c6b5c8e63eaf8bfab85d7e9f4b4770ae2c0f5a173d8Ubuntu Security Notice 520-1 - Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service.
08fdf822b219ed0f0abf8b3431b5a4c1910e9651393d36ef7b66b19ca7021083OrakelCrackert is a tool that can crack passwords which are stored using the latest SHA1 based password hashing algorithm. To speed up cracking, the tool exploits a weakness in the Oracle password storage strategy. Therefore, cracking - for most passwords - is still just as fast as it was before the introduction of Oracle 11g.
5293c61b9916b0a25af39e553ff393284d2acd51443e7e5e0dd7b3270a0955b4Secunia Security Advisory - K3ZZAP66345 has discovered two vulnerabilities in FrontAccounting, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
8817e159c2dedf33fa7367995968cdf693e8c71b40454ed14f6ddb9acefe3f51Secunia Security Advisory - Red Hat has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.
e1e607520371b27bd3a905bb402ee6f8bbdf482eb379a99ab1fc66cd086b45c0Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
6526e3a4fb2fb638aa2f6f55fc53198350d77d349f17a5d512a64b6ac0410c18Secunia Security Advisory - Fedora has issued an update for bugzilla. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
05148f2762ebba2bf81711d610b845204840416046bdf97bfea2c06b6c1aaefeSecunia Security Advisory - Jesper Jurcenoks has reported some vulnerabilities in SimpGB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1eab444ef3e1bf6056b14272679d2878f482651a68b2e967b6d37bd02f170611Secunia Security Advisory - Jesper Jurcenoks has reported two vulnerabilities in SimpNews, which can be exploited by malicious people to conduct cross-site scripting attacks.
e2f6764f8eb9d9c664e05be0aa07c8963bbe1a292f8ad3fe8e17e16f9830bd57Ubuntu Security Notice 519-1 - Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information (such as passwords).
8eb3ffc0a271f7162f7d84997a46e1b0768044e5a04c16030d0c288789b788b0Mandriva Linux Security Advisory - PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
25a0c70c9813bfaedfc228bc8e7892c1430ac76c2a3b7232fe0568c80eac73f2Core Security Technologies Advisory - Remote command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software. Versions 6.1, 6.2, Pro, and Lite are affected.
a169752bda3d6b540fda18a859076936d25011576f4d4dcaa1301b5888256f66SimpNews version 2.41.03 suffers from a local file inclusion vulnerability.
66293223fd03c19a5fcd12f3842660cc0deeb3af05a93b299417b9837443317fSimpGB version 1.46.02 suffers from an information disclosure vulnerability.
2963f36b0a3ca99b6716c8153cf68812209159f572fe153b2c4456b7754d3411SimpGB version 1.46.02 suffers from path disclosure vulnerabilities.
c9981ca4a730f121d4211200f419eb49d93bcbecb992b49f9ae7d075667fd42dSimpNews version 2.41.03 suffers from path disclosure vulnerabilities.
3ee4df8a1f7ac08c8902567a0e2a16ae61b9b3db066ac1c66bea635c0c6fdb8e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed