what you don't know can hurt you
Showing 1 - 25 of 72 RSS Feed

Files Date: 2005-11-15

Secunia Security Advisory 17523
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Basic Analysis and Security Engine, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Some input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This is related to: SA17314 2) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | advisory, arbitrary, vulnerability, xss, sql injection
SHA-256 | 664f4183e341414680039000ca16f722a475f0ffec0bf7afc2d0da5708e997ac
Secunia Security Advisory 17530
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jason Hoover has discovered a vulnerability in MigrationTools, which can be exploited by malicious, local users to disclose potentially sensitive information or to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the nis.$$.ldif temporary files being created insecurely in /tmp. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the migrate_all_online.sh script. The temporary files are world-readable are not deleted if ldapadd fails. This may disclose sensitive information such as users' password hashes. The vulnerability has been confirmed in version 46. Other versions may also be affected.

tags | advisory, arbitrary, local
SHA-256 | e69d45af74d3a29e2bf6c6fc22f2faa33798154c127002aacab0f6e615a37381
Secunia Security Advisory 17533
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Abducter has discovered some vulnerabilities in Pearl Forums, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. 1) Input passed to the forumsId and topicId parameters in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the mode parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 2.4 and has also been reported in version 2.0. Other versions may also be affected.

tags | advisory, arbitrary, local, php, vulnerability, sql injection
SHA-256 | 241875297444cd4a4e33999e1bb7785220e8336ff7bf7fd393d80a6a4fbdf7a1
Secunia Security Advisory 17540
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for sylpheed. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA17492

tags | advisory
systems | linux, gentoo
SHA-256 | cdb8f2eccf9cfb71a3ef7508edd9b7c15472b44541aaf1413831aa7eec00668d
Secunia Security Advisory 17544
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in pnmtopng, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error when writing RGBA-palette PNG files. This can be exploited to crash pnmtopng and may allow arbitrary code execution via a specially crafted input file with exactly 256 colours. Successful exploitation requires that pnmtopng is used with the -alpha command line, and e.g. pnmtopng is used in a CGI application that allows remote users to submit image files for processing, or by tricking a user to use pnmtopng with a malicious .pnm file. The vulnerability has been reported in versions prior to 2.39. Note: Several potential malloc allocation overflow bugs have also been fixed.

tags | advisory, remote, denial of service, overflow, arbitrary, cgi, code execution
SHA-256 | 2a67b238c8a336d7c27f90f087853e6afc3d41ee8449d22c4fc25797fc1d329d
Secunia Security Advisory 17548
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HACKERS PAL has discovered some vulnerabilities in Wizz Forum, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed to the AuthID parameter in ForumAuthDetails.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the TopicID parameter in ForumTopicDetails.php and ForumReply.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of vulnerability #1 requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 1.20. Other versions may also be affected.

tags | advisory, arbitrary, php, vulnerability, sql injection
SHA-256 | 78b70584e20ab1498ea68110af703a34393d0e32a9e92fa00de339a4f7f69ccf
Secunia Security Advisory 17549
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has acknowledged some vulnerabilities in scorched3d, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA17423

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | 0903e4da365f0003ecbef50166cc7f6ce985cdbae58e738b2ba56b4f3fcb13af
Secunia Security Advisory 17550
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Amin Tora has reported a weakness in Cisco ASA (Adaptive Security Appliances), which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to the ASA failover testing algorithm failing to properly identify that the active firewall has failed. The standby firewall performs failover tests by sending ARP requests for the active firewall's IP addresses. This can be exploited to prevent the standby firewall from activating via spoofed ARP responses. The failover may also fail to happen if there is another device with the same IP address as the active firewall on the same network subnet. The weakness has been reported in ASA running 7.0(0), 7.0(2), and 7.0(4).

tags | advisory, denial of service, spoof
systems | cisco
SHA-256 | 0d1639aba1d7aa19dffa7ea920fe1f0db9aca7d53b5fcd19be30ba0ce4f44bfd
Secunia Security Advisory 17558
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for acidlab. This fixes some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. For more information: SA17552

tags | advisory, vulnerability, xss, sql injection
systems | linux, debian
SHA-256 | 90950bec3cf0fb9158e1998b26b9e7400458c85db8c9d9b3b1020b04523c1f58
Secunia Security Advisory 17569
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - trueend5 has discovered a vulnerability in Ekinboard, which can be exploited by malicious people to conduct script insertion attacks. Input passed in the forum Topic Title isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious forum post is viewed. The vulnerability has been confirmed in version 1.0.3. Other versions may also be affected.

tags | advisory, arbitrary
SHA-256 | 9f175fae1b7bcc9ac28a1cea058301860ef36d24d3ca4373cd78c8d0baeb6c08
Secunia Security Advisory 17573
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rgod has discovered a vulnerability in Xoops, which can be exploited by malicious people to disclose sensitive information. Input passed to the xoopsConfig[language] parameter in class/xoopseditor/textarea/editor_registry.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that register_globals is enabled and that magic_quotes_gpc is disabled. The vulnerability has been confirmed in version 2.2.3. Other versions may also be affected.

tags | advisory, arbitrary, local, php
SHA-256 | 0d1ce427fb9dd7b5356b6b4e430e01193f4c202fa0861044cff60de0b098bcaf
Secunia Security Advisory 17574
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rUnViRuS has reported a vulnerability in PollVote, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the pollname parameter in pollvote.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

tags | advisory, arbitrary, local, php
SHA-256 | a419c38bdb77b87c805d1e386772ae891318f4334d357c12cda260dc5264bbd7
Secunia Security Advisory 17575
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rgod has reported a vulnerability in the WF-Downloads module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the list parameter in viewcat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerability has been reported in version 2.05. Other versions may also be affected.

tags | advisory, arbitrary, php, sql injection
SHA-256 | f2e0d9b82eebb522e0559aa40f0b7ec7813d14b8f6af2e5366a94a7b97ffbfb1
Secunia Security Advisory 17577
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - syini666 has reported some vulnerabilities in MyBulletinBoard, which can be exploited by malicious people to cause a DoS (Denial of Service), manipulate certain information, and conduct script insertion attacks. 1) Input passed to the subject field when creating a new thread isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the main page. 2) Some input passed in the Reputation system isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the user configuration panel. 3) The problem is that users can delete or move other users' private messages (PM). Successful exploitation requires knowledge of the ID number. 4) An unspecified error can be exploited to cause a Denial of Service on a vulnerable server.

tags | advisory, denial of service, arbitrary, vulnerability
SHA-256 | d709d4dc02083dc2a4a63a3939a57f68b30a1a2724b44314e44b4aec0258c98e
Secunia Security Advisory 17581
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in openswan-2, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of IKE packets with an invalid 3DES key length can be exploited to cause a DoS. 2) An unknown error in the handling of certain specially crafted IKE packets can be exploited to cause a DoS. The vulnerabilities are related to: SA17553 The vulnerabilities have been reported in versions prior to 2.4.2.

tags | advisory, denial of service, vulnerability
SHA-256 | e5506c483cdfea03647f7a679b2084145190797d0e1f8f572dd9e65398abc113
arpalert-0.4.14.tar.gz
Posted Nov 15, 2005
Authored by Thierry Fournier | Site perso.numericable.fr

arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.

Changes: Flood detection and some small tweaks.
tags | local
systems | unix
SHA-256 | 9fa6dbc00464a0c332d3c31d644bbd9d9931dcbc6876e1f570c7d708602285ac
BlockingSkype-rootn0de2005.pdf
Posted Nov 15, 2005
Authored by vi_cipher

Whitepaper called Blocking Skype Using Squid And OpenBSD.

tags | paper
systems | openbsd
SHA-256 | b6e11672d312290a29ac341bb69e71f5b97baaf44a2d7993e2f938c88277b329
Secunia Security Advisory 17545
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in xterm. This can be exploited by malicious users to gain unauthorised access to an affected system. The vulnerability has been reported in HP-UX B.11.00, B.11.11, and B.11.23.

tags | advisory, local
systems | hpux
SHA-256 | b1a3b38eef352b8e97b4bb1c8c59339252a01fa71ebb0884df2eac80c55cb027
Secunia Security Advisory 17551
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for abiword. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA16982 SA17199

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 290ab2d758c3c807d4c02f1629f5312fcb0df8ca805e12353feee37dc2630e86
Secunia Security Advisory 17552
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in ACID, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. For more information: SA17314 SA17523

tags | advisory, vulnerability, xss, sql injection
SHA-256 | ca07b5b2ba9191ada28ab0e551d91b628119944a4f36d0fab9363215b2b00b96
Secunia Security Advisory 17554
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the libike library when processing IKE messages. This can be exploited to crash the in.iked process, which causes the IPSec key management services fail. The vulnerability is related to: SA17553 The vulnerability has been reported in Solaris 9 and 10 on both SPARC and x86 platforms.

tags | advisory, denial of service, x86
systems | solaris
SHA-256 | 85322bf197ef5bdf0e1a0296650aceb34f76d028d0adb093160824966ad60f04
Secunia Security Advisory 17572
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for uim. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. For more information: SA17043

tags | advisory, local
systems | linux, debian
SHA-256 | b62839f9b6422190f7ec84f7e06cef10b5fe8cf2bbb3578aea575100a345bf16
Secunia Security Advisory 17576
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for lynx. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA17372

tags | advisory
systems | linux, fedora
SHA-256 | 87694fb1428506eb64e46226abe56d0ee67790c8ff21284e7bf3157af325d25a
HP Security Bulletin 2005-10.74
Posted Nov 15, 2005
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running xterm. The vulnerability could be exploited by a local user to gain unauthorized access.

tags | advisory, local
systems | hpux
SHA-256 | da66a5cfb48201539eed609e943e1e4ba9cc435a7d2998bce28593c2a2acb41c
md4coll.c
Posted Nov 15, 2005
Authored by Patrick Stach

MD4 collision generator.

tags | encryption
SHA-256 | 2bebad65909745571594f17a961b74232c8dfde3ae0949d01246d67c9c0e48a3
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close