Twenty Year Anniversary
Showing 1 - 25 of 503 RSS Feed

Files

ExtCalendar 2.0 Beta 2 Cross Site Scripting
Posted Feb 28, 2010
Authored by LiquidWorm

ExtCalendar version 2.0 Beta 2 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 14a01ecebc1f2aca941cc89b1321c089
Ubuntu Security Notice 905-1
Posted Feb 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 905-1 - It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2010-0426, CVE-2010-0427
MD5 | 230ebfb801c7dd3050506c6006b4fd98
Mandriva Linux Security Advisory 2010-050
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues.

tags | advisory, denial of service
systems | linux, mandriva
MD5 | 0fccabbaf71e2011697935542bdec54c
getPlus Insufficient Domain Name Validation
Posted Feb 26, 2010
Authored by Yorick Koster | Site akitasecurity.nl

getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.

tags | advisory
advisories | CVE-2010-0189
MD5 | 3fdb375f69fdba6afb5d299261d069a8
Asterisk Project Security Advisory - AST-2010-003
Posted Feb 26, 2010
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.

tags | advisory
MD5 | 96b5d56898cb42ff746d93184ad1b2cd
Mandriva Linux Security Advisory 2010-049
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2010-0426
MD5 | ce54f70bd3712518207c76a2bbe77157
Mandriva Linux Security Advisory 2010-048
Posted Feb 26, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue.

tags | advisory, remote, web
systems | linux, mandriva
advisories | CVE-2010-0464
MD5 | 603ea6e56f052454b43c7ca0c358fcc1
DATEV Active-X Control Remote Command Execution
Posted Feb 26, 2010
Authored by Nikolas Sotiriu | Site sotiriu.de

The DATEV Active-X control suffers from a remote command execution vulnerability.

tags | advisory, remote, activex
advisories | CVE-2010-0689
MD5 | 4751b84357cfad67cddca8f9f4529f30
Secunia Security Advisory 38752
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions.

tags | advisory
MD5 | d7c3cece8368548eb27ebb6c56e0fa47
Secunia Security Advisory 38705
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges.

tags | advisory, local
systems | linux, fedora
MD5 | 6560c48f7f16fe8e0d34c81e38fb271e
Secunia Security Advisory 38740
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.

tags | advisory, local
MD5 | 400ecf6ba876514a39dd56de9dfb1069
Secunia Security Advisory 38734
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in XMail, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | 17f709fbe16d004150ea87db105265e3
Secunia Security Advisory 38737
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 389d748b61a74eda2b5a9dd3915d33c1
Secunia Security Advisory 38667
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Maciej Gojny has reported a vulnerability in WebAdministrator Lite CMS, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | 7628964387e260b9abbffcb696a6aa19
Secunia Security Advisory 38708
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in PHP, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, php, vulnerability
MD5 | 7cf015e71d55517a2b3de895f99b2843
Secunia Security Advisory 38747
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Website Baker, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 7e5b249bc94f294bc5677b0c6d6c47a5
Secunia Security Advisory 38746
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes multiple security issues, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | linux, redhat
MD5 | 05a457b3145f86a459da13c792cc55d5
Secunia Security Advisory 38720
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - mr_me has discovered a vulnerability in Orbital Viewer, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | e188b500c61068bcbff6a894bc21bab4
Secunia Security Advisory 38691
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the HD FLV Player component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
MD5 | ab12f61695bc465036d38aaa33d02367
Secunia Security Advisory 38686
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, ubuntu
MD5 | d6969fb23590eb8c083f87e2a83657f1
Secunia Security Advisory 38699
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in WikyBlog, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | e8eb47b9cd8ff8670196e4044f728638
Secunia Security Advisory 38738
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matthias -apoc- Hecker has discovered a security issue in rbot, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 56be1c4e2f4c96a4be9d1e4a6b4ce3e4
Secunia Security Advisory 38743
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Newbie CMS, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | 7ea5122ff10b72f12e68fcd901cf6622
Secunia Security Advisory 38719
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - AbdulAziz Hariri and Mohammad Abou Hayt have discovered a vulnerability in Symantec Altiris Deployment Solution, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | d17ef144e77ca498a4c9848f2ea99cda
Secunia Security Advisory 38676
Posted Feb 26, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Article Friendly, which can be exploited by malicious people to conduct SQL injection and cross-site request forgery attacks.

tags | advisory, vulnerability, sql injection, csrf
MD5 | 35d5516a194e94fe97314fd6531a053e
Page 1 of 21
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Iran's Banks Banned From Dealing In Crypto Currencies
Posted Apr 23, 2018

tags | headline, government, bank, iran, cryptography
RSA Fails To Assess Vendor, Leaks Attendee Details
Posted Apr 21, 2018

tags | headline, privacy, phone, data loss, flaw, conference, rsa
Trustjacking Exploit Abuses iTunes Feature To Spy On iOS Devices
Posted Apr 21, 2018

tags | headline, flaw, apple, conference
Ex-Employee Sun Trust Helps Compromise 1.5 Million Bank Clients
Posted Apr 21, 2018

tags | headline, privacy, bank, cybercrime, data loss, fraud
Teen Who Hacked Ex-CIA Director John Brennan Gets 2 Years In Prison
Posted Apr 21, 2018

tags | headline, hacker, government, usa, britain, cia
Google's Project Zero Exposes Unpatched Windows 10 Lockdown Bypass
Posted Apr 20, 2018

tags | headline, microsoft, flaw, google
LinkedIn Bug Allowed Data To Be Stolen From User Profiles
Posted Apr 20, 2018

tags | headline, privacy, data loss, flaw, social
Oracle Releases 254 Security Fixes
Posted Apr 20, 2018

tags | headline, flaw, patch, oracle, java
Yahoo! Webmail Hackers Faces 8 Years Inside
Posted Apr 20, 2018

tags | headline, hacker, email, yahoo
JP Morgan Ousted Security Chief Backed By Palantir After Executives Found Out He Was Spying On Them
Posted Apr 20, 2018

tags | headline, privacy, bank, fraud, spyware
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close