Exploit the possiblities
Showing 1 - 25 of 588 RSS Feed

Files

Mandriva Linux Security Advisory 2008-246
Posted Dec 31, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-246 - Some vulnerabilities were discovered and corrected in the Linux kernel. These include buffer overflow and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2008-5033, CVE-2008-5025
MD5 | 88e7a51465ebb1e8366af1c351f07a6e
Debian Linux Security Advisory 1693-1
Posted Dec 31, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1693-1 - Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2007-2865, CVE-2007-5728, CVE-2008-5587
MD5 | 24d444430024f8f686a85710366f2b01
Debian Linux Security Advisory 1692-1
Posted Dec 31, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1692-1 - It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs.

tags | advisory, php, xss
systems | linux, debian
advisories | CVE-2007-2739
MD5 | f41ed7a4666dd0bffd2f68570c5bb697
PHP GD Library Information Leak
Posted Dec 31, 2008
Authored by Hamid Ebadi | Site bugtraq.ir

The PHP GD library suffers from an imageRotate() function information leak vulnerability.

tags | advisory, php
advisories | CVE-2008-5498
MD5 | 3b10310b2b3238b9e232348dcde9ee11
Ubuntu Security Notice 700-1
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.

tags | advisory, remote, denial of service, arbitrary, local, perl
systems | linux, ubuntu
advisories | CVE-2007-4829, CVE-2008-1927, CVE-2008-5302, CVE-2008-5303
MD5 | 65a3adf90302db633e4eb6ec2740caba
Gentoo Linux Security Advisory 200812-24
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-24 - Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Versions less than 0.9.8a are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5032, CVE-2008-5036, CVE-2008-5276
MD5 | afec13854b9f525ff9f43ffe0d228df1
Gentoo Linux Security Advisory 200812-23
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-23 - A buffer overflow vulnerability has been discovered in Imlib2. Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load() function of the XPM image loader. Versions less than 1.4.2-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-5187
MD5 | f36f76defa7313385c3af139d9d1c8ac
Gentoo Linux Security Advisory 200812-22
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-22 - An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Versions less than 3.4.3 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-3929
MD5 | 6fe9149cb6c50424e826a2b986308f87
Gentoo Linux Security Advisory 200812-21
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-21 - Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Versions less than 0.94.2 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5050, CVE-2008-5314
MD5 | 726a95c30e8603b9e4641b9ad06dadfa
Ubuntu Security Notice 677-2
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-677-2 - USN-677-1 fixed vulnerabilities in OpenOffice.org. The changes required that openoffice.org-l10n also be updated for the new version in Ubuntu 8.04 LTS. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS.

tags | advisory, remote, overflow, arbitrary, local, vulnerability
systems | linux, ubuntu
MD5 | c5ce60e29ca1d9ec61428d86ae3b05f8
Digital Defense VRT Advisory 2008.16
Posted Dec 30, 2008
Authored by Digital Defense, Corey LeBleu, r@b13$ | Site digitaldefense.net

The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.

tags | advisory, web, sql injection
MD5 | 657e79ffbf7ce2e8ad204969e22dbf2f
Ubuntu Security Notice 698-3
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-698-3 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.

tags | advisory, web, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2008-5027, CVE-2008-5028
MD5 | a7ec34bbabf9efacbbc0c7554ba52dbb
FreeBSD Security Advisory - XSRF In ftpd
Posted Dec 30, 2008
Site security.freebsd.org

FreeBSD Security Advisory - The ftpd server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command. This could, with a specifically crafted command, be used in a cross-site request forgery attack.

tags | advisory, csrf
systems | freebsd
advisories | CVE-2008-4247
MD5 | d4e9949e6da9de0feb54477c867297cd
FreeBSD Security Advisory - Bluetooth Privilege Escalation
Posted Dec 30, 2008
Site security.freebsd.org

FreeBSD Security Advisory - Some function pointers for netgraph and bluetooth sockets are not properly initialized. A local user can cause the FreeBSD kernel to execute arbitrary code. This could be used by an attacker directly; or it could be used to gain root privilege or to escape from a jail.

tags | advisory, arbitrary, kernel, local, root
systems | freebsd
MD5 | 3b4c79643fc921b786c6b143619ddf8d
HP Security Bulletin 2008-01.87
Posted Dec 30, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.

tags | advisory, vulnerability
advisories | CVE-2008-4844
MD5 | efa652c000780478f70ac48e06dc9997
Debian Linux Security Advisory 1688-2
Posted Dec 30, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1688-2 - The update of courier-authlib in DSA 1688-1 caused a regression with setups that do not use mail addresses for authentification. This update fixes this regression.

tags | advisory
systems | linux, debian
advisories | CVE-2008-2380, CVE-2008-2667
MD5 | 884a88331d9ae470046f8144b1fa49be
Mandriva Linux Security Advisory 2008-241
Posted Dec 30, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2008-241 - Multiple symlink attacks affect MailScanner Corporate 4.0.

tags | advisory
systems | linux, mandriva
advisories | CVE-2008-5140, CVE-2008-5312, CVE-2008-5313
MD5 | fa23ebb57a8e8a18bf38aad0896ee16c
Secunia - Trend Micro HouseCall Code Execution
Posted Dec 30, 2008
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an implementation error within the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to e.g. download and load an arbitrary library file by specifying a custom update server. Successful exploitation allows execution of arbitrary code. Trend Micro HouseCall ActiveX Control versions 6.51.0.1028 and 6.6.0.1278 are affected.

tags | advisory, arbitrary, activex
advisories | CVE-2008-2434
MD5 | c39f454134e8e3db4411d722cfe3e92d
Ubuntu Security Notice 698-2
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-698-2 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.

tags | advisory, web, arbitrary, csrf
systems | linux, ubuntu
advisories | CVE-2008-5027, CVE-2008-5028
MD5 | 99b83b98f9c65bf290a362750390f524
Ubuntu Security Notice 698-1
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-698-1 - It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2008-5027
MD5 | 95879967a3ac3c366de8d3174d8732c7
Ubuntu Security Notice 697-1
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-697-1 - It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-2426
MD5 | b84d6f9b4ef98b4ccd8f69cf4d152e2f
Ubuntu Security Notice 699-1
Posted Dec 30, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.

tags | advisory, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2008-1102, CVE-2008-4863
MD5 | c8d53d5490045ee86e1fec957f826785
Debian Linux Security Advisory 1691-1
Posted Dec 30, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1691-1 - Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.

tags | advisory, remote, vulnerability, code execution, xss
systems | linux, debian
advisories | CVE-2007-3555, CVE-2008-1502, CVE-2008-3325, CVE-2008-3326, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5432
MD5 | 62a1fbbcb919d588796fd881589a0211
Debian Linux Security Advisory 1690-1
Posted Dec 30, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1690-1 - Two denial of service conditions were discovered in avahi, a Multicast DNS implementation.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2007-3372, CVE-2008-5081
MD5 | f3b11a054e995f304198eec9f29fc8d0
Gentoo Linux Security Advisory 200812-20
Posted Dec 30, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200812-20 - Multiple vulnerabilities have been discovered in phpCollab allowing for remote injection of shell commands, PHP code and SQL statements. Versions less than or equal to 2.5_rc3 are affected.

tags | advisory, remote, shell, php, vulnerability
systems | linux, gentoo
advisories | CVE-2006-1495, CVE-2008-4303, CVE-2008-4304, CVE-2008-4305
MD5 | a14f795b5cd30218af0c9e568d7f68fb
Page 1 of 24
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close