what you don't know can hurt you
Showing 1 - 25 of 72 RSS Feed

Files Date: 2005-11-15

Secunia Security Advisory 17523
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Basic Analysis and Security Engine, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Some input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This is related to: SA17314 2) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | advisory, arbitrary, vulnerability, xss, sql injection
MD5 | 51f701f0f7dada77468665b5367eb6c7
Secunia Security Advisory 17530
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jason Hoover has discovered a vulnerability in MigrationTools, which can be exploited by malicious, local users to disclose potentially sensitive information or to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to the nis.$$.ldif temporary files being created insecurely in /tmp. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running the migrate_all_online.sh script. The temporary files are world-readable are not deleted if ldapadd fails. This may disclose sensitive information such as users' password hashes. The vulnerability has been confirmed in version 46. Other versions may also be affected.

tags | advisory, arbitrary, local
MD5 | accb54f5a33311777149271081581596
Secunia Security Advisory 17533
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Abducter has discovered some vulnerabilities in Pearl Forums, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. 1) Input passed to the forumsId and topicId parameters in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the mode parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 2.4 and has also been reported in version 2.0. Other versions may also be affected.

tags | advisory, arbitrary, local, php, vulnerability, sql injection
MD5 | 3817ff706fcdcc3c219ba9cf61430b1a
Secunia Security Advisory 17540
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for sylpheed. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA17492

tags | advisory
systems | linux, gentoo
MD5 | 67ff6b4e7ca79be38d407e73975528ba
Secunia Security Advisory 17544
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in pnmtopng, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error when writing RGBA-palette PNG files. This can be exploited to crash pnmtopng and may allow arbitrary code execution via a specially crafted input file with exactly 256 colours. Successful exploitation requires that pnmtopng is used with the -alpha command line, and e.g. pnmtopng is used in a CGI application that allows remote users to submit image files for processing, or by tricking a user to use pnmtopng with a malicious .pnm file. The vulnerability has been reported in versions prior to 2.39. Note: Several potential malloc allocation overflow bugs have also been fixed.

tags | advisory, remote, denial of service, overflow, arbitrary, cgi, code execution
MD5 | 078d1fc5e38fb3631cf4efe3aa76f282
Secunia Security Advisory 17548
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HACKERS PAL has discovered some vulnerabilities in Wizz Forum, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed to the AuthID parameter in ForumAuthDetails.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the TopicID parameter in ForumTopicDetails.php and ForumReply.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of vulnerability #1 requires that magic_quotes_gpc is disabled. The vulnerabilities have been confirmed in version 1.20. Other versions may also be affected.

tags | advisory, arbitrary, php, vulnerability, sql injection
MD5 | 317ba021e599276e3187776f43ee78b4
Secunia Security Advisory 17549
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has acknowledged some vulnerabilities in scorched3d, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA17423

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
MD5 | 374da3db006ef1ec3f1d9dc5714b8f18
Secunia Security Advisory 17550
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Amin Tora has reported a weakness in Cisco ASA (Adaptive Security Appliances), which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to the ASA failover testing algorithm failing to properly identify that the active firewall has failed. The standby firewall performs failover tests by sending ARP requests for the active firewall's IP addresses. This can be exploited to prevent the standby firewall from activating via spoofed ARP responses. The failover may also fail to happen if there is another device with the same IP address as the active firewall on the same network subnet. The weakness has been reported in ASA running 7.0(0), 7.0(2), and 7.0(4).

tags | advisory, denial of service, spoof
systems | cisco
MD5 | 4af413884b4b1c116665631f549267f2
Secunia Security Advisory 17558
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for acidlab. This fixes some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. For more information: SA17552

tags | advisory, vulnerability, xss, sql injection
systems | linux, debian
MD5 | e3121407fbf9b55adbee7e80d7d65029
Secunia Security Advisory 17569
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - trueend5 has discovered a vulnerability in Ekinboard, which can be exploited by malicious people to conduct script insertion attacks. Input passed in the forum Topic Title isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious forum post is viewed. The vulnerability has been confirmed in version 1.0.3. Other versions may also be affected.

tags | advisory, arbitrary
MD5 | 61527b017102f5c7f603838917c56a36
Secunia Security Advisory 17573
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rgod has discovered a vulnerability in Xoops, which can be exploited by malicious people to disclose sensitive information. Input passed to the xoopsConfig[language] parameter in class/xoopseditor/textarea/editor_registry.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Successful exploitation requires that register_globals is enabled and that magic_quotes_gpc is disabled. The vulnerability has been confirmed in version 2.2.3. Other versions may also be affected.

tags | advisory, arbitrary, local, php
MD5 | d6cbb08b45c0e3340599f3bb780ebc60
Secunia Security Advisory 17574
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rUnViRuS has reported a vulnerability in PollVote, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the pollname parameter in pollvote.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

tags | advisory, arbitrary, local, php
MD5 | 949e0135e404094050ac8757f8c0fbbe
Secunia Security Advisory 17575
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - rgod has reported a vulnerability in the WF-Downloads module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the list parameter in viewcat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that magic_quotes_gpc is disabled. The vulnerability has been reported in version 2.05. Other versions may also be affected.

tags | advisory, arbitrary, php, sql injection
MD5 | 8b13f3bf5d45d7cd185de1dab8157364
Secunia Security Advisory 17577
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - syini666 has reported some vulnerabilities in MyBulletinBoard, which can be exploited by malicious people to cause a DoS (Denial of Service), manipulate certain information, and conduct script insertion attacks. 1) Input passed to the subject field when creating a new thread isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the main page. 2) Some input passed in the Reputation system isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed in the user configuration panel. 3) The problem is that users can delete or move other users' private messages (PM). Successful exploitation requires knowledge of the ID number. 4) An unspecified error can be exploited to cause a Denial of Service on a vulnerable server.

tags | advisory, denial of service, arbitrary, vulnerability
MD5 | 2220cd6d0eecc2c0b166cc95b164f780
Secunia Security Advisory 17581
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in openswan-2, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of IKE packets with an invalid 3DES key length can be exploited to cause a DoS. 2) An unknown error in the handling of certain specially crafted IKE packets can be exploited to cause a DoS. The vulnerabilities are related to: SA17553 The vulnerabilities have been reported in versions prior to 2.4.2.

tags | advisory, denial of service, vulnerability
MD5 | 20101346bef5749f30dd58354b38ffba
arpalert-0.4.14.tar.gz
Posted Nov 15, 2005
Authored by Thierry Fournier | Site perso.numericable.fr

arpalert uses ARP address monitoring to help prevent unauthorized connections on the local network. If an illegal connection is detected, a program or script is launched, which could be used to send an alert message, for example.

Changes: Flood detection and some small tweaks.
tags | local
systems | unix
MD5 | b33730572eba28e1d56f1c263b571462
BlockingSkype-rootn0de2005.pdf
Posted Nov 15, 2005
Authored by vi_cipher

Whitepaper called Blocking Skype Using Squid And OpenBSD.

tags | paper
systems | openbsd
MD5 | 909e63b1e1ea395ba89d9de7898c392f
Secunia Security Advisory 17545
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error in xterm. This can be exploited by malicious users to gain unauthorised access to an affected system. The vulnerability has been reported in HP-UX B.11.00, B.11.11, and B.11.23.

tags | advisory, local
systems | hpux
MD5 | e09fef7f111e25671e274c12a96395ae
Secunia Security Advisory 17551
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for abiword. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. For more information: SA16982 SA17199

tags | advisory, vulnerability
systems | linux, debian
MD5 | 9c43d816d7c5927669b87bc79c68cace
Secunia Security Advisory 17552
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in ACID, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. For more information: SA17314 SA17523

tags | advisory, vulnerability, xss, sql injection
MD5 | c671936ffe3a06f1fac521b74f2d46ab
Secunia Security Advisory 17554
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the libike library when processing IKE messages. This can be exploited to crash the in.iked process, which causes the IPSec key management services fail. The vulnerability is related to: SA17553 The vulnerability has been reported in Solaris 9 and 10 on both SPARC and x86 platforms.

tags | advisory, denial of service, x86
systems | solaris
MD5 | 346ad8ae09f2c580b1130229d5020c3b
Secunia Security Advisory 17572
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for uim. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges. For more information: SA17043

tags | advisory, local
systems | linux, debian
MD5 | 04269fce61c62b5f6d36a2a34690691e
Secunia Security Advisory 17576
Posted Nov 15, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for lynx. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA17372

tags | advisory
systems | linux, fedora
MD5 | 08d201f72986fc798ecd7d60c004af4c
HP Security Bulletin 2005-10.74
Posted Nov 15, 2005
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running xterm. The vulnerability could be exploited by a local user to gain unauthorized access.

tags | advisory, local
systems | hpux
MD5 | 5c0ee8a541cf23323f361d8371e5d886
md4coll.c
Posted Nov 15, 2005
Authored by Patrick Stach

MD4 collision generator.

tags | encryption
MD5 | afae19b001a95b469fd9897dcf208661
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close