Packet Storm new exploits for July, 2006.
d7668749bea4492043760c7281574495ad942216a132f5325f62290a5fa61780Debian Security Advisory 1133-1 - Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web scripts.
b50961dabf02bafd2e89f168c1b0fb26b93ea204253f66b15ef128c55a6ed855AxMan is a web-based ActiveX fuzzing engine. The goal of AxMan is to discover vulnerabilities in COM objects exposed through Internet Explorer. Since AxMan is web-based, any security changes in the browser will also affect the results of the fuzzing process. This allows for a much more realistic test than other COM-based assessment tools. AxMan is designed to be used with Internet Explorer 6 only.
d370f47f163ca2cf28ccae2e40fe171d874e6ee4533383e7585b974694f7bb4fMandriva Linux Security Advisory MDKSA-2006-137 - Tavis Ormandy, Google Security Team, has discovered several vulnerabilities in the libtiff image processing library.
e76f9d9701f3ba6cb4b0952f13fee917025fdfaed8cd57eae5ad1df836cb0b1fMandriva Linux Security Advisory MDKSA-2006-136 - Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library. Older versions of kdegraphics use an embedded copy of the libtiff code.
3bbf3a925c124d13b730b87a6f85b70e473d95635bce0807246f5170dec94594SUSE Security Announcement SUSE-SA:2006:045 - This security update fixes crashes in the PCF handling of freetype2 which might be used to crash freetype2 using applications or even to execute code in them.
0874e0be2f7d8fd87b2c7f605835b3c516e2803397babf6b875c0a8fdb747dcdSUSE Security Announcement SUSE-SA:2006:044 - This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker.
6a33cbb63f8b28b041c9fe86b364e74bd2a3ac1255c40090586f0c51a9e70e23WoW Roster versions 1.5.x and below suffer from a remote file inclusion vulnerability.
3b0c26cc50b91afc5e251dedcdb37de37abfc8604b249ae597ead330b0892b79Debian Security Advisory 1130-1 - A cross-site scripting vulnerability has been discovered in sitebar, a web based bookmark manager written in PHP, which allows remote attackers to inject arbitrary web script or HTML.
6bdc0f0e4a163c941e81c3f58d833cfd185a47f4f3eb3ab7f333ab7553945b7bShoutbox suffers from a remote command execution vulnerability.
0b8b9dfa9afabd88b40279cbe3a3217c382792dd9e2c0d4b74a12c9914359980Quickie suffers from a remote command execution vulnerability.
29c7dd4a33ba3243188f4478a1cef6f9c7744b76f2e7de43a01d973d28883d2eFileManager suffers from a remote command execution vulnerability.
4e9aa3eb53cee8bde232cafbd8b510042fdce155a24d16aeb15b5efff1dc1c92FAQ Script versions 1.0 suffers from a remote command execution vulnerability.
36b93f65f96db91e171339ccd77ee912eb94198363c947736f93c9bf1c8bd7a2Guestbook version 3.5 suffer from a remote command execution vulnerability.
359a34a679b7aa9dd024856e39e4a154963bc9fe00d0b7aab1ead87cf8331205NewsLetter versions 3.5 and below suffer from a remote file inclusion vulnerability.
e108393ca886336021816b371be6cff7eb5c85a2ac3235869b82badf498787d9Debian Security Advisory 1132-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code.
d881e081cc1047a05de35da2701a6d15839e8c889d5ce867834afeda3805bdc7Gentoo Linux Security Advisory GLSA 200608-01 - An off-by-one flaw has been found in Apache's mod_rewrite module by Mark Dowd of McAfee Avert Labs. This flaw is exploitable depending on the types of rewrite rules being used. Versions less than 2.0.58-r2 are affected.
c5e3c1137b9c61ad3a97acb279df4b72498e6564b716fe9a69ed5a648d7ad634Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.
152d80defe45091ec4c68c29eae58bbb844caf87f53c6822cfdf8877a025f9c2Debian Security Advisory 1131-1 - Mark Dowd discovered a buffer overflow in the mod_rewrite component of apache, a versatile high-performance HTTP server. In some situations a remote attacker could exploit this to execute arbitary code
cff27e3d4e10567a89d5fc3f42af79a452df17ae7317ee82c5f7f6ebf191ec49Test exploit that was built to demonstrate an inability in BlackICE to protect pamversion.dll.
ad129e42f141e134089554385e33fb216e5302fc307a5c6c229aaa1045b6ce9cBlackICE does not protect pamversion.dll in its installation directory and because component protection fails to protect BlackICE processes this can be misused to inject a fake DLL into BlackICE service.
91b50a33f2fdb9350d7974f8965ac76e6398400c864849ded4a9489604966256TSEP version 0.9.4.2 suffers from a remote file inclusion vulnerability.
e1b812266015d3cbcfec4ae118f37b879b21e5de46aeb718bd69b171c9e08d99The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. The Framework will run on any modern system that has a working Perl interpreter, the Windows installer includes a slimmed-down version of the Cygwin environment.
4096fcc8828e35b33d3bbf5ee48213a79dae9cc7c96745443229d41940649449Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
088a5544cdb1133ddcc0fe84b27f2508bbe070ab15f59a986bf42341b1d672d9fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
a0c9f9c04bd5b01067c0f59a31293b75bf385afe331f33448a84bc0178cfd22a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed