SINUMERIK 828D V4.7, SINUMERIK 840D Sl V4.7, SINUMERIK 840D Sl V4.8 Security Vulnerabilities

Unfixed XSS vulnerability at loading.se

Security researcher Uber0n, has submitted on 05/11/2007 a cross-site-scripting (XSS) vulnerability affecting loading.se, which at the time of submission ranked 116728 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2007. It is currently...

Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:073)

Stack-based buffer overflow in the StarCalc parser in OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary code via a crafted document. (CVE-2007-0238) OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via.....

Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability

Description Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected...

Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability

Description Microsoft Windows GDI Font Rasterizer is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain complete control of an affected computer. Failed attempts will likely cause the operating system to crash, resulting in denial-of-service conditions.....

Microsoft Windows Cursor And Icon ANI Format Handling Remote Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a stack buffer-overflow vulnerability because of insufficient format validation that occurs when handling malformed ANI cursor or icon files. An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A...

[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities

Debian Security Advisory DSA 1270-2 [email protected] http://www.debian.org/security/ Martin Schulze March 28th, 2007 http://www.debian.org/security/faq Package : openoffice.org Vulnerability : several Problem type ...

Debian DSA-1270-2 : openoffice.org - several vulnerabilities

Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2007-0002 iDefense reported several integer overflow bugs in libwpd, a library for handling...

remote code execution in OpenOffice_org,libwpd

Several security problems were fixed in the Wordperfect converter library libwpd and OpenOffice_org: Solution There is no known workaround, please install the update...

[SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities

Debian Security Advisory DSA 1270-1 [email protected] http://www.debian.org/security/ Martin Schulze March 20th, 2007 http://www.debian.org/security/faq Package : openoffice.org Vulnerability : several Problem type ...

Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:064)

iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. OpenOffice.org-2.X contains an...

[SECURITY] [DSA 1268-1] New libwpd packages fix arbitrary code execution

Debian Security Advisory DSA 1268-1 [email protected] http://www.debian.org/security/ Martin Schulze March 17th, 2007 http://www.debian.org/security/faq Package : libwpd Vulnerability : integer overflow Problem type ...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:052)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.10. This update provides the latest Thunderbird to correct these...

SUSE-SA:2006:040: OpenOffice_org

The remote host is missing the patch for the advisory SUSE-SA:2006:040 (OpenOffice_org). Following security problems were found and fixed in OpenOffice_org: CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon...

MDKA-2006:037 : glibc

Updated glibc packages are being provided to ensure that kernel and user-space tools are in sync. This update also fixes a bug present on x86_64 platforms where strncmp() is...

MDKA-2007:012 : glibc

The version of glibc shipped with Mandriva 2007 has a bug that prevents the system from passing the lsb-runtime test suite (T.ttyname_r). This update also includes sparc64 updates and Unicode 5.0...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:206)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.8. This update provides the latest Thunderbird to correct these...

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:168)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.7. This update provides the latest Firefox to correct these...

SUSE-SA:2007:001: OpenOffice_org

The remote host is missing the patch for the advisory SUSE-SA:2007:001 (OpenOffice_org). Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted.....

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:010)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.9. This update provides the latest Firefox to correct these...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:169)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.7. This update provides the latest Thunderbird to correct these...

Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:006)

Several integer overflows were discovered in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that would cause OpenOffice.org to execute arbitrary code when opened. Updated packages are patched to address this...

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:205)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.8. This update provides the latest Firefox to correct these...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:011)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.9. This update provides the latest Thunderbird to correct these...

Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello - Cisco has posted a Security Response in reference to this issue at the following URL: http://www.cisco.com/warp/public/707/cisco-sr-20070129-vtp.shtml Cisco Response An issue has been reported to the Cisco PSIRT involving malformed VLAN...

Memory corruption

Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS...

Code injection

Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD...

Design/Logic Flaw

Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing...

Debian DSA-1246-1 : openoffice.org - buffer overflow

John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary...

[SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution

Debian Security Advisory DSA 1246-1 [email protected] http://www.debian.org/security/ Martin Schulze January 8th, 2007 http://www.debian.org/security/faq Package : openoffice.org Vulnerability : buffer overflow Problem...

code execution in OpenOffice_org

Security problems were fixed in the WMF and Enhanced WMF handling in OpenOffice_org These could potentially be used to execute code or crash OpenOffice when a user could be convinced to open specially crafted document (for instance a document sent by E-mail). Solution There is no known workaround,....

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program. Corporate 3 had contained the Mozilla suite however, due to the support cycle for Mozilla, it was felt that upgrading Mozilla to Firefox and Thunderbird would allow for better future.....

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program. Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided...

[ MDKSA-2006:226 ] - Updated squirrelmail packages fix vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:226 http://www.mandriva.com/security/ Package : squirrelmail Date : December 11, 2006 Affected: Corporate 3.0, Corporate 4.0 Problem Description: Multiple cross-site scripting...

CVE-2006-5768

Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4)...

CVE-2006-5768

Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4)...

CVE-2006-5768

Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4)...

Berty Forum <= 1.4 (index.php) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web...

WGCC Beta &lt;= 0.5.6 &#40;quiz.php&#41; Remote SQL InJection Vulnerability

Title : WGCC Beta &lt;= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability Author : ajann Dork : "Web Group Communication Center beta 0.5.6/0.5.5/.." Greetz : Tüm, Müslüman, Aleminin, Ramazan, Bayram., MUBAREK, Olsun --&gt;Login Before Injection [Inject]]]...

Active Bulletin Board v1.1 beta2 &#40;doprofiledit.asp&#41; Remote User Pass Change

&lt;html&gt; &lt;body bgcolor="#000000"&gt;...

Active Bulletin Board <= 1.1b2 Remote User Pass Change Exploit

Exploit for unknown platform in category web...

Debian DSA-1104-2 : openoffice.org - several vulnerabilities

Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update. For completeness please find the original advisory.....

CVE-2006-4889

Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3)...

CVE-2006-4889

Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3)...

CVE-2006-4889

Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3)...

UNAK-CMS 1.5 - dirroot Remote File Inclusion

UNAK-CMS 1.5 - dirroot Remote File...

UNAK-CMS &lt;= 1.5 (dirroot) Remote File Include Vulnerabilities

No description provided by...

UNAK-CMS 1.5 - &#039;dirroot&#039; Remote File Inclusion

...

CVE-2006-4788

PHP remote file inclusion vulnerability in includes/log.inc.php in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled and _SESSION[permission] parameter is set to "yes", allows remote attackers to execute arbitrary PHP code via a URL in the dir_path...

CVE-2006-4783

SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID...

CVE-2006-4783

SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID...