SUSE Security Announcement - SUSE-SA:2005:061 - The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications).
235db4139a20a9a2c6eba65537656ab608d77d43e00c490914cf6903a3ab1f3cPHPNuke suffers from a remote directory traversal vulnerabity in modules.php. POC included.
2275b04edb6dbdcf69add72469f11b5e76743784652889fdebd1388403a68e94David Litchfield of NGSSoftware has discovered discovered multiple critical and high risk vulnerabilities in the Oracle Database Server. These vulnerabilities can be exploited by an attacker to gain complete control of the database server.
d4d0dba30ab8f34467c176fa4cc1faf701f92737ee36f1c97f217bd8229f1eb2The Linksys WRT54G suffers from a directory transversal vulnerability.
fba0ee4829cccc850ed5be431dfea1f84f9563066e7a295725ba9d940365b4fbTechnical Cyber Security Alert TA05-291A - The Snort Back Orifice preprocessor contains a buffer overflow that could allow a remote attacker to execute arbitrary code on a vulnerable system.
46101f7a12d82b7bebddf86da85d2c6af32be672f2eedc385d9e2083099baf60Secunia Research has discovered some vulnerabilities in ZipGenius, which can be exploited by malicious people to compromise a user's system.
a06892cdcbe59aadbc48aa8c3d57e8c8c48c363ab4ec3944cd3e4f1b59bd74f9Secunia Research has discovered some vulnerabilities in MySource, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
b20aff27f2ff5fe5e74059ae65e4aa37d5e08883f20daf849c01042b8b016dc5Google Talk stores proxy login credentials as cleartext in the Windows Registry.
3b3ae75d3315891b6d6432914b38f8c98f55e1c846e09288efbdfb69ff944a55A XSS vulnerability exists in NetFlow Analyzer 4. POC code included.
99cbf172705d0c9a7a9077e35929c5197c470f860dc65d4244f6c6e370e3d0f3Due to 30Gigs.com not removing old or used invitation ids a user is able to register multiple accounts on the same invite.
5983947052f9ad7edb9aff26cc714aeaf704c89b6edd437b4356b515de194547A safedir restriction bypass has been identified within the GD PHP extension.
04877c12726507f2e9d95fec9a729d814580a93f4a4c8c1aae7edd854d6e6ebeSUSE Security Announcement - The SUSE Security Team performed a security review of important parts of the OpenWBEM system. During the audit, several integer wrap arounds and buffer overflows have been discovered and fixed. If exploited, they allow remote attackers to execute arbitrary code with root privileges.
380f9bacecae2735c361e39832a96eac8cdcd39b603ebabc4c1ccc8b890d404cYahoo suffers from a XSS vulnerability in the RSS Aggregator which allows a person to add an RSS feed to It's website.
64feaea2e90d5f5314abf6e67be0a7b7e1ffdb00b2932ee8a007e0e1cb678efcThe default config of flexbackup versions less than 1.2.1 creates temporary files insecurely.
db9a3e94a99a77a49aef8291d574a5c191592b9df790c55ef8805f58e2a363a3iDescription: According to a vendor security advisory [0], a potential SSL 2.0 protocol rollback attack vulnerability exists in the cryptography toolkit OpenSSL [1]. The vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option "SSL_OP_MSIE_SSLV2_RSA_PADDING".
6edce3ab94f7e58d90ce25544e49e4304303e71525e50accdc48e69c96091c43Secunia Security Advisory - trueend5 has discovered a vulnerability in Chipmunk Topsites, which can be exploited by malicious people to conduct cross-site scripting attacks.
9261ad2534485ce778ab3f8571d90eb24037a3e09fd15cff632349d9131a31a0Secunia Security Advisory - Debian has issued an update for eric. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
367b5cfd8585631d955b76140a40dea8a004642d46b830b9fb315574f502dda7Secunia Security Advisory - Mandriva has issued an update nss_ldap/pam_ldap. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
ab878bf95faabec4720601c9965d51640eeb62e858689103960c31410534d81fSecunia Security Advisory - A vulnerability has been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
6927c22a685631ea47f4d51aad8ad72d75642bb8746d8f98fb71414e1edb55fdSecunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, a security issue, and a weakness, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions, or by malicious people to disclose certain sensitive information.
b4326ea7d034b27081fc160748c495ffbb2e434b371fd1269041e0424bfd9375Secunia Security Advisory - Mandriva has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
4cc88e2c6a758c6297bb4e63023d4ead9d5a28ce6d94173fada40e503449655aSecunia Security Advisory - Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
7cea0eda1d78c033211a5647a9fc56be19fdadfc3c64735ff4e939d9770d2bdbSecunia Security Advisory - Trustix has issued updates for multiple packages. These fix some vulnerabilities, where the most critical ones can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
d117271e93a44a42a477bbd2f257d03a07fe5daef87bba225d0f7d3288df71d9Secunia Security Advisory - Two vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1603d58140eb5bb41a03312f11e1219c061a0cfd16cffef6cd9177cc717f614cSecunia Security Advisory - SUSE has issued an update for permissions. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions.
699f76ef59bf50f7fb3c86a5e66dfc9eb8578d1a7c50c674244d1d8a9816db95
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed