[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 1830 Download | Alert*

passwdehd script in pam_mount would allow local users to overwrite arbitrary files via a symlink attack on a temporary file. The updated packages have been patched to prevent this.

A vulnerability has been found and corrected in sympa: sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability . This update fixes this vulnerability.

A vulnerability have been discovered and corrected in VirtualBox, affecting versions prior to 2.0.6, which allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-qateam-ipc/lock temporary file . The updated packages have been patched to prevent this.

A vulnerability has been found and corrected in netpbm: pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service via a crafted image file that triggers an out-of-bounds read . This update fixes this vulnerability.

A vulnerability has been discovered and corrected in foomatic-filters: foomatic-rip allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file . Packages for 2009.0 are provided as of the Extended Maintenance Program

A symlink vulnerability was found in the javareconf script in R that allows local users to overwrite arbitrary files . The updated packages have been patched to prevent this issue.

A format string vulnerability in Ruby-GNOME 2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. The updated packages have been patched to prevent this issue.

A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs . The updated packages have been patched to correct this issue.

Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code or cause a denial of service via a special Hello packet . Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE statement; as well it would not, under certain conditions, prevent two databases from using the same paths ...

Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patched to correct this issue.


Pages:      Start    164    165    166    167    168    169    170    171    172    173    174    175    176    177    ..   182

© SecPod Technologies