SUSE-SA:2002:041: perl-MailTools

The remote host is missing the patch for the advisory SUSE-SA:2002:041 perl-MailTools. The SUSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain...

Fedora Core 1 2004-087: libxml2

The remote host is missing the patch for the advisory FEDORA-2004-087 libxml2. This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or...

RHEL 2.1 : XFree86 (RHSA-2003:289)

Updated XFree86 packages provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries ...

Vulnerability: Arbitrary File Access & DoS in Crystal Reports

Dear List, Impervatm's Applidcation Defense Center has recently discovered a vulnerability in Business Objects' Crystal Reports Web Delivery Modules. This vulnerability may lead to arbitrary file access and denial of service. Following are the advisory's details...

imperva.crystal2.txt

Dear List, Impervatm's Applidcation Defense Center has recently discovered a vulnerability in Business Objects' Crystal Reports Web Delivery Modules. This vulnerability may lead to arbitrary file access and denial of service. Following are the advisory's details...

PostNuke Phoenix 0.726 - openwindow.php?hlpfile Cross-Site Scripting

PostNuke Phoenix 0.726 - openwindow.php?hlpfile Cross-Site Scripting source: https://www.securityfocus.com/bid/10191/info Multiple vulnerabilities were reported to exist in PostNuke Phoenix. The following specific vulnerabilities were reported: - Multiple path disclosure vulnerabilities that occu...

Phorum 3.x - 'profile.php?target' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidde...

VirtuaSystems VirtuaNews 1.0.x (Multiple Modules) - Cross-Site Scripting

source: https://www.securityfocus.com/bid/9812/info It has been reported that the VirtuaNews non-default modules 'Files' and 'Vulns' are prone to multiple cross-site scripting vulnerabilities. These problems surround the application's failure to properly validate user supplied URI input. When...

VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion

VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the...

Sun Solaris allows unprivileged local user to load arbitrary kernel modules

Overview Sun Solaris allows an unprivileged local user to load arbitrary kernel modules. Description Sun Solaris supports loadable kernel modules LKMs. LKMs are pieces of code that can be dynamically loaded and unloaded into the kernel. Sun Solaris contains a vulnerability that could allow an...

Kernel security update

New kernels are available for Slackware 9.1 and -current. These have been upgraded to Linux kernel version 2.4.23, which fixes a bug in the kernel's dobrk function that could be exploited to gain root privileges. These updated kernels and modules should be installed by any sites running a 2.4...

Important: Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes

Updated XFree86 packages for Red Hat Linux 7.1 and 7.2 provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in...

Important: Red Hat Security Advisory: XFree86 security update

Updated XFree86 packages provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries ...

CVE-2003-0690

KDM in KDE 3.1.3 and earlier does not verify whether the pamsetcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pamkrb5 module...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin...

CVE-2003-0690

Concretely, CVE-2003-0690 affects KDE kdebase (KDM in KDE 3.1.3 and earlier). The flaw is that kdebase does not verify whether pam_setcred succeeds, which can allow a root privilege escalation under certain PAM module configurations (notably MIT pam_krb5). Public sources in connected docs referen...

Mambo Site Server 4.0.14 - banners.php?bid SQL Injection

Mambo Site Server 4.0.14 - banners.php?bid SQL Injection source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database querie...

CVE-2003-0703

KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVERKEXT environment variable as used in 1 vihadriver.sh, 2 macjackload.sh, or 3 airojackload.sh, or 4 via "similar techniques" using...

[KDE SECURITY ADVISORY] KDM vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KDM vulnerabilities Original Release Date: 2003-09-16 URL: http://www.kde.org/info/security/advisory-20030916-1.txt 0. References http://cert.uni-stuttgart.de/archive/suse/security/2002/12/ msg00101.html...

Moderate: Red Hat Security Advisory: kdebase security update

Updated KDE packages that resolve a local security issue with KDM PAM support and weak session cookie generation are now available. KDE is a graphical desktop environment for the X Window System. KDE between versions 2.2.0 and 3.1.3 inclusive contain a bug in the KDE Display Manager KDM when...