openSUSE 10 Security Update : kernel (kernel-2705)

This kernel update fixes the following security problems : - CVE-2006-5751: An integer overflow in the networking bridge ioctl starting with Kernel 2.6.7 could be used by local attackers to overflow kernel memory buffers and potentially escalate privileges 222656 - CVE-2006-6106: Multiple buffer...

CVE-2007-5422

Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module BSM in Sun Solaris 10, when configured for auditing of networking nt events, allows local users to cause a denial of service panic via unspecified vectors...

Sql injection

SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script psisns, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter...

CVE-2007-4881

SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script psisns, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter...

CVE-2007-4881

SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script psisns, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter...

CVE-2007-4881

The CVE-2007-4881 issue affects the psi-labs.com social networking script (psisns), specifically the profile/myprofile.php component. The vulnerability is an SQL injection that can be triggered via the u parameter, potentially allowing remote attackers to execute arbitrary SQL commands. This corr...

[Aria-Security Team] social-networkin SQL Injection

A R I A - S E C U R I T Y http://www.social-networking.tv/ Demo: http://www.social-networking.tv/musicians/ http://mytarget/profile/myprofile.php?u=SQL We will just provide an example to show the result when an SQL command is given...

socialnet-sql.txt

A R I A - S E C U R I T Y http://www.social-networking.tv/ Demo: http://www.social-networking.tv/musicians/ http://mytarget/profile/myprofile.php?u=SQL We will just provide an example to show the result when an SQL command is given...

Command injection

The getsysteminfo command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk DRD A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors...

CVE-2007-4590

The getsysteminfo command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk DRD A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors...

CVE-2007-4590

The getsysteminfo command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk DRD A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors...

CVE-2007-4590

CVE-2007-4590 affects HP-UX environments where Ignite-UX (C.7.0–C.7.3) and DynRootDisk (DRD) (A.1.0.16.417–A.2.0.0.592) are used. The get_system_info command on HP-UX B.11.11/11.23/11.31 does not inform local users of networking changes it makes, with impact and attack vectors not clearly defined...

Cisco VPN Client on Windows Dial-up Networking Dialog Local Privilege Escalation

The version of the Cisco VPN client installed on the remote host reportedly allows an unprivileged local user to elevate his privileges to the LocalSystem account by enabling the 'Start Before Login' feature and configuring a VPN profile to use Microsoft's Dial-Up Networking interface. C Tenable...

Code injection

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" SBL and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box...

CVE-2007-4414

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" SBL and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box...

CVE-2007-4414

Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" SBL and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box...

Cisco VPN client privilege escalation

Weak files permissions, code execution before logon with "Allow launching of third party applications before logon" and dialup networking...

Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Local Privilege Escalation Vulnerabilities in Cisco VPN Client Advisory ID: cisco-sa-20070815-vpnclient http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml Revision 1.0 For Public Release 2007 August 15 1600...

CentOS 3 : kernel (CESA-2007:0436)

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the ninth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles t...

RHEL 3 : kernel (RHSA-2007:0436)

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the ninth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles t...