Multiple AV software vendors suffer from an evasion vulnerability through a forged magic byte.
043d1ff1ac8a90befbe8019f0bc662a8c6d287ffa2eb638ff22fd4a8aac63a74Debian Security Advisory DSA 870-1 - Tavis Ormandy noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. The SHELLOPTS and PS4 variables are dangerous and are still passed through to the program running as privileged user. This can result in the execution of arbitrary commands as privileged user when a bash script is executed. These vulnerabilities can only be exploited by users who have been granted limited super user privileges.
e9a14ef8dab682c64f1e7c280fd05a2d96066dbd60448e56eb034134f23a273cDebian Security Advisory DSA 872-1 - Chris Evans discovered a buffer overflow in the RTF importer of kword, a word processor for the KDE Office Suite that can lead to the execution of arbitrary code.
1af7cb2662f1e3cc383053176a4abb10b2caf852ef9f933d0b0819ba7f6ae2b3Debian Security Advisory DSA 548-2 - Marcus Meissner discovered a heap overflow error in imlib, an imaging library for X and X11, that could be abused by an attacker to execute arbitrary code on the victims machine. The updated packages we have provided in DSA 548-1 did not seem to be sufficient, which should be fixed by this update.
5bbd77af07750bc343460f505cfd72f0a186295dc61228c318d070c0ad1c8ac7Debian Security Advisory DSA 871-2 - Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.
260044421007518131cf8aad8aeed7558fe1d742909906a07f98c1ba0129c8b8Debian Security Advisory DSA 871-1 - Steve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.
c3646aefdb730012dabc0eeb4d157694b945b8e6159c6c2d97950d3a813e5bfdiDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in the ppp binary, as included in multiple versions of The SCO Group Inc.'s Unixware, allows attackers to gain root privileges.
9b7b97200e4750b2274b1b81babc045334523a9e5e30d75d95f0457665a531e2iDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in The SCO Group Inc.'s Openserver operating system could allow an attacker to gain root privileges.
3ae152c1a2dd00e7fcae7088b157ba81d2ff09974b77c02bc9e97c2d122f8127iDEFENSE Security Advisory 10.24.05 - Local exploitation of a buffer overflow vulnerability in The SCO Group Inc.'s Openserver operating system could allow an attacker to gain access to the backup group.
74a54f24ca55eca0f7d2feffa42849b689e2691f620f49d30c5d5e7247306c73HP SECURITY BULLETIN HPSBMA01235 - Oracle(R) has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO).
20bcdf915643f036edf047e801c71b782b796bd0b6e809bd9f6c81a33ede5b76saphp Lesson is vulnerable to SQL injection. Exploitation provided.
b18e140b3a9e28b98d2832d38991426a351a2144143751fa0b2cc1f5ec52768cDCP Portal versions less than or equal to v6 are vulnerable to SQL injection and XSS attacks.
59b439177fcdb36ff0ee49e4344d52bbda2cdf6d0181c073634a787e13c0130cNuked klan 1.7: Remote Exploit.
3c8098a28fe10e80eaf203e2936fec0e9630968fb220238be19fb8ba9d349779SUSE Security Announcement - information disclosure via permissions package.
889712208a141b0cc0923e610a384ea3c068b06274ed61d01d4e3c65d7770093Trustix Secure Linux Security Advisory #2005-0059 - Multiple vulnerabilities in apache, lynx, mod_php4, openssl, php4, php, squid, texinfo, and wget.
b4197c01fe5f684fdb98b3e5b534d68a67f885d006e32bc2b7bb8fef99c8c5f0php version 4.4.1 .htaccess apache DOS exploit.
89b45db948a6dc9783df06193d900b40d886c9e201fd99c49f8648806d4d12c6PHPNuke 7.8 SQL INjection and remote commands execution poc exploit.
df4acdcff0846dbb205c33f3ea005fe82b2971d79290c887fc92d2b99710b645PunBB versions between 1.1.2 and 1.1.5 suffer from a remote file inclusion vulnerability.
f713bad666ccd0bd7baae90f57cab948c2071b3654468d1386d041ef728e2c96A simple libpcap based MSN protocol sniffer.
f03c69e064f1269dfd5adbc668204d0a7e0eafb86317e293e9d6c1ce0a4f5761This is a ipv6 banner grabber by c1zc0 Security
e85388d2e1be213c5e3ff508b15076266d49cb3ff37175580006ed793cf2433eThis is a basic cisco mgx scanner that scans for default passwords.
645f8f559a0d20025f86a35683429de0b85591f451ec739fd80a1c5d15bc5966Qcrack is a program written to test the security of md5 passwords by attempting to brute force them. The user can also specify the characters to use when brute-forcing.
8474efd25891851e4fd91bf9b3ce4da6f2ec3c5a13c27121c5f4c24a0de25238Flatnuke suffers from file inclusion vulnerabilities and XSS
bb52f22a19b5c079e852968d2c6a8389a56300c5f66d5204debbb35f52f6e435AL-Caricatier suffers from a login bypass vulnerability.
f7b1cadb07d37326efea2ea0eb7d07f8d10779038dba1b6279795775bdd42eb2Hardened-PHP Project Security Advisory - And audit of phpMyAdmin revealed a design flaw in the way phpMyAdmin includes it's register_globals compatibility layer, that allows inclusion of arbitrary local files, which usually leads to remote code execution.
07c39621998dfc6ec31c6e8cee28b68e1549bc5e4f8dd5cf117ed955de7ddbc5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed