Bugzilla versions 2.18, 2.19.2, and 2.16.8 suffer from information disclosure and and password leak flaws.
f08f267ae5cc5f1603bab4b6f18bd0f39e04e2252633e85565a25b94267ff2caThis advisory concerns an as-yet unpatched problem in QuickTime 7 on Mac OS X 10.4.
e7ce6810a1cc4cc40d313e30ebb902b919e44fc8a46b32f75a1d7c496a33a8d2Cisco Security Advisory - The Cisco Firewall Services Module (FWSM) is a high-speed, integrated firewall module for Catalyst 6500 series switches and Cisco 7600 series routers. A vulnerability exists in the Cisco Firewall Services Module when URL, FTP, or HTTPS filtering is enabled in which inbound TCP packets can bypass access-list entries intended to explicitly filter them.
1dee9ac29e26a23c6615b8a03062252875e0fc9e1ffe94b42705cbf9238225e0Guestbook PRO versions 3.2.1 and below suffer from a cross site scripting flaw.
3b089b45b88defa85c610c65d7475714e89b1c4dc05661e22010b51308b20524Zoidcom versions 1.0 beta 4 and below suffer from an unallocated memory access bug.
1504b2a7ecb20d42e2404e62a94ddeaa0b4045f8f0ad3de3b6f4aa1ff8cfc9f5The default error page in the optional-use JRun Web Server bundled with ColdFusion MX 7 is vulnerable to a cross-site scripting attack.
bb38ddfad4cb7a4de8cbe47b2786b4499b2ffc34117037b3d15edf6bdd252b0fMultiple issues exist revolving around poor authentication mechanisms in GeoVision Digital Video Surveillance systems. These issues allow sniffed authentication credentials to be reused as-is or descrambled to allow the discovery of the original password. In certain configurations still pictures from security cameras can be viewed without providing any authentication. Versions 6.04, 6.1, and 7.0 are affected.
fa47f036c836b7eaac311e5f78e9e43ed2a9065ea93c82d010777ac1313bdeb3Three attacks that apply to certain configurations of IPsec have been identified. These configurations use Encapsulating Security Payload (ESP) in tunnel mode with confidentiality only, or with integrity protection being provided by a higher layer protocol. Some configurations using AH to provide integrity protection are also vulnerable.
d0606c851923c75a62e9d1bf58eb7a365eb5e42a9a5b404504811b1aaae0ad08Suresec Security Advisory 2 - A buffer overflow exists in the distcc dissector for Ethereal. Version 0.10.11 fixes this.
e279b0a7f689b2cc7777332d919f035a59fa7a81d5a6a808600f3594dd0e4084Debian Security Advisory DSA 723-1 - A buffer overflow has been discovered in the Xpm library which is used in XFree86. A remote attacker could provide a specially crafted XPM image that could lead to the execution or arbitrary code.
f52c9b70b5b5d3a49daa112645517c32838eb6cd9f287f5dd021186e83258c3bDebian Security Advisory DSA 722-1 - A buffer overflow has been discovered in Smail, an electronic mail transport system, which allows remote attackers and local users to execute arbitrary code.
6e785bcf44c3a9da2c69b7ccbececc6f8d4e885b67aca58ee379d6e0462c361fSite Studio guestbook does not filter HTML code from user-supplied input. A remote user can create a specially crafted entry that, when the page rendered, will cause arbitrary scripting to be executed by the user's browser.
d1ecee131bdc6efb5f7fa557e952149ebfb57fd6db7044011a2e7d9c08c7f7eeH-Sphere allows for local username and password disclosure.
3ce67c3e92d804139dd783d5e61b2ca3af8105f347e031dc542d406b77434aa4Firefox remote compromise technical details write up.
8d125e44febe76ca4e89dc4e0cc3b2e4dea91edd20d851758f459de63b97997dEthereal versions 0.10.10 and below suffer from a SIP dissector overflow.
913cc5c73c172ef2621693541639a18cda985b10f8edbc56805252abc1e23272Ubuntu Security Notice USN-123-1 - Two buffer overflows have been discovered in the MMS and Real RTSP stream handlers of the Xine library. By tricking a user to connect to a malicious MMS or RTSP video/audio stream source with an application that uses this library, an attacker could crash the client and possibly even execute arbitrary code with the privileges of the player application.
1588ba8842777dc277d2e0428063a0849fdb931fb09087d28dbc225e7043146cThe RSA SecurID Web Agent suffers from a heap overflows. Versions 5, 5.2, and 5.3 are affected.
e010b40af665d69382ab4aebc8c25938d3ad8941470fa0cf633f41bb5fe578efFreeBSD Security Advisory FreeBSD-SA-05:08 - In many parts of the FreeBSD kernel, names (of mount points, devices, files, etc.) are manipulated as NULL-terminated strings, but are provided to applications within fixed-length buffers.
7b6aaa70807a670d6dd9019e62eee21d12cbe814525a0fe9b97d0c2e7ddca5a4FreeBSD Security Advisory FreeBSD-SA-05:07 - The i386_get_ldt(2) system call allows a process to request that a portion of its Local Descriptor Table be copied from the kernel into userland. The i386_get_ldt(2) syscall performs insufficient validation of its input arguments. In particular, negative or very large values may allow inappropriate data to be copied from the kernel.
04fa0fee6b63c8ba41c37a7811a6462ab62955205b703bf973f33ee92e6da579FreeBSD Security Advisory FreeBSD-SA-05:06 - The default permissions on the /dev/iir device node allow unprivileged local users to open the device and execute ioctl calls. Unprivileged local users can send commands to the hardware supported by the iir(4) driver, allowing destruction of data and possible disclosure of data.
9ebaba97534f52d79c1400d144ce3197429e42a0672b056673e3918480351f3aInvision Power Services versions prior to 2.0.4 suffer from cross site scripting and SQL injection vulnerabilities.
b8bf3466e307247bc48b42810996ed9e65cb7ab87a84029aa0f25cee9605095cDebian Security Advisory DSA 721-1 - Michael Bhola discovered a bug in Squid, the popular WWW proxy cache. Squid does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.
180e04f417cf4cafea4b6478b034d4d28b823b71e2594c367dd73be18f901646Ubuntu Security Notice USN-122-1 - Michael Bhola discovered that errors in the http_access configuration, in particular missing or invalid ACLs, did not cause a fatal error in Squid. This could lead to wider access permissions than intended by the administrator.
61a13e5fe5b4b4da41b9e1a72b60fe19b6da49a870d6c4924d47a1d28bc4f2e2Ubuntu Security Notice USN-121-1 - The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.
cdf1f9dd2da38e3b10b4658ab67df4dc1a8941af89e8d3d82768b76a27658a5dUbuntu Security Notice USN-120-1 - Luca Ercoli discovered that the htdigest program did not perform any bounds checking when it copied the user and realm arguments into local buffers. If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script.
8138e2be0a078d5d656787fda86f83f293df9f68fdc2bad9d56fe03dac7414f6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed