Gentoo Linux Security Advisory GLSA 200508-13 - Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags. Versions less than 1.4.0 are affected.
b392e04daac6a3131a159750ecf6640f104e46dc1e949490958e28588b03b917Debian Security Advisory DSA 783-1 Eric Romang discovered a temporary file vulnerability in a script accompanied with MySQL, a popular database, that allows an attacker to execute arbitrary SQL commands when the server is installed or updated.
0bdaf61278be5abca20b301dac437ae4001a24bd0b9e600a1bd8632d16a251e8Exploit for the Ventrilo 2.3.0 malformed status packet vulnerability.
ad0ab9cf0589c79a21541d14896eedcac439df6ebd2f779645049f293aea60c1It is possible to crash Ventrilo 2.3.0 by sending a malformed status packet.
6cb018997e473aaa91fd732430eed0e401f4cd1feee78f164f7540daf14e6263This Metasploit module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simple delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10.
3865e92d6319da6652ab4c7ed8c01bd18db40efa2f58d0e789c6a8a79b4fb63dSecunia Security Advisory - Phuket has discovered some vulnerabilities in PHPKit, which can be exploited by malicious people to conduct SQL injection attacks.
d82f266f336a74620fb5e0beb194c3a5184abbbc6196aca3831ddab467dc340bSecunia Security Advisory - Ubuntu has issued an update for libpcre3. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
ff26acd3f887f68ec0a47bcc150cfaf7e28cf56ecefd9c186d683ce6fe3af904Secunia Security Advisory - Red Hat has issued an update for elm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
3e08750339bfda75bf38c6c8de95a2442dfb29828bcaf345f66061158c428530A buffer overflow has been discovered in the PCRE, a widely used library that provides Perl compatible regular expressions. Specially crafted regular expressions triggered a buffer overflow. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library.
90dedc2182e9f13fe60b58ffaaf6d0166a5497e077ce7855d8e3d7e2c6b8fd3bGentoo Linux Security Advisory GLSA 200508-12 - Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers (CVE-2005-2549). He also discovered that Evolution fails to handle special calendar entries if the user switches to the Calendars tab (CVE-2005-2550). Versions less than 2.2.3-r3 are affected.
c3c0a5ca715423ba57ad0ed3bb8e8b0cddf7444a0020c4349015ede584102d19Javier Fernandez-Sanguino Pena noticed that the pwmconfig script created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges since pwmconfig is usually executed by root.
376f85a08e46d04bd581a85bbc2d275ce2e2f13f3f55865875c59d8ef2fb241fZipTorrent stores proxy server information and password in X:\\[Program_Files_Path]\[ZipTorrent_Path]\pref.txt in plain text. A local user can read passwords and others.
f17cbabb6214be4b1a15c231b17cecd4ba1bdd923fb0449fab9505b53fb8a0daMercora IMRadio 4.0.0.0 stores username and passwords in the Windows Registry in plain text. A local user can read the values.
baac3f4238dc50049d9fc04fadf14b5bfe96c656f5abe232e2c22c30f47da2d1A dictionary based Oracle password checker. This is a useful and fast (150.000 pw/sec) tool for DBAs to identify Oracle accounts with weak or default passwords.
347557ee38aed91ccdfda881256b418152b5fc74c3ede2186cf61ff83fe5f29cLogcheck parses system logs and generates email reports based on anomalies. Anomalies can be defined by users with 'violations' files. It differentiates between 'Active System Attacks', 'Security Violations', and 'Unusual Activity', and is smart enough to remember where in the log it stopped processing to improve efficiency. It can also warn when log files shrink, and does not report errors when they are rotated.
170d528a300aa2f1792277680a460ba822c427433349e63d2a245318f6e0bfa1Wepdecrypt is a wireless LAN tool based on wepattack that guesses WEP keys using an active dictionary attack, a key generator, a distributed network attack, and some other methods.
29ae072985616a0141a07e767e667cd33c917605338d37824de96c765a692333AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
50c01c400c85b72038d9386969b13645f68d8f9087df927ba4adbdb86d82a839Sysmask is a security package for Linux systems that can prevent arbitrary malicious codes from causing permanent damage. It protects the system against daemon exploits and user accounts against viruses and worms, whether known or unknown, without requiring the recompilation of existing software.
7242e1e7df113be5894e705e07bd061b8bd640c267fdc13d2147a8e5b3cf8f22Debian Security Advisory DSA 782-1 - Due to missing input sanitization in the bluez-utils package, it is possible for an attacker to execute arbitrary commands supplied as the device name from the remote device.
fb543879e70119f5254b5ca8165f6a8b1c313acc9fee8d0bba01a49d6da69e9cdsidentity on Apple OS X 10.4 allows any user on the system to add accounts to Directory Services.
9a589fe2fcf5a4e2c8797a0b1bd8fe9ec95ad4366d0ccffadf8656195041becdDuring a recent internal audit, CA discovered several vulnerability issues in the CA Message Queuing (CAM / CAFT) software. CA has made patches available for all affected users. These vulnerabilities affect all versions of the CA Message Queuing software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on the platforms specified below.
d5bbb6c6ef69369d57bffbc7b601ba4afb4ce1009bb13cdc9ffd06f706f43207PHPKit 1.6.1 suffers from various SQL and PHP injection attacks.
786d6d2133def57a80ff158ea2edd319f472a79c2e721d1c855fc00f6de96736Cisco Security Advisory: Cisco Intrusion Prevention Systems (IPS) are a family of network security devices that provide network based threat prevention services. A user with OPERATOR or VIEWER access privileges may be able to exploit a vulnerability in the command line processing (CLI) logic to gain full administrative control of the IPS device. Vulnerable Products: Cisco Intrusion Prevention System version 5.0(1) and 5.0(2).
4c94afaddf19c9eb20203fe958a6da48230347365872adb7c394201d86b31f03Cisco Security Advisory: A malicious attacker may be able to spoof a Cisco Intrusion Detection Sensor (IDS), or Cisco Intrusion Prevention System (IPS) by exploiting a vulnerability in the SSL certificate checking functionality in IDSMC and Secmon. Vulnerable Products: IDSMC version 2.0 and version 2.1. CiscoWorks Monitoring Center for Security (Security Monitor or Secmon) version 1.1 through version 2.0 and version 2.1.
a5385d17f8941372698a734b6a53fcd1a3048bb8c2bcf8f5600a8287611824d4PostNuke 0.760 suffers from cross site scripting and SQL injection vulnerabilities.
db0ff0cb54efaab2f793cc7e9f64870bb6ca7bb1eabc75f10fe944a4c07d26be
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed