Gentoo Linux Security Advisory GLSA 200601-10 - Adam Gowdiak discovered multiple vulnerabilities in the Java Runtime Environment's Reflection APIs that may allow untrusted applets to elevate privileges. Versions less than 1.4.2.09 are affected.
2e648923cd041ff66dffd132045418f51277f8716ab8fc6bff668755db426148PunBB BBCode suffers from a script injection vulnerability.
4b3f756b76ee9a2fc41d0fcaded8a692ac7c0235fcde2eb839afee5bccdae4eeUbuntu Security Notice USN-242-1 - Aliet Santiesteban Sifontes discovered a remote denial of service vulnerability in the attachment handler of mailman. An email with an attachment whose filename contained invalid UTF-8 characters caused mailman to crash. Mailman did not sufficiently verify the validity of email dates. Very large numbers in dates caused mailman to crash.
d4b482330864088fe99c59474e161f30aad2cfee1cef487ded2cd1ad374aa43bphpXplorer version 0.9.33 is susceptible to a classic directory traversal attack.
ac4ae6dbda767c9e844fa3bd3eca0ecf7a6711db13f20a93a1daa41e9d71e3a5dnsgrep enumerates DNS information from a domain, attempts zone transfers, and performs a brute force dictionary style attack.
49bb65538635d1e5e57ad75ecf19fff9476d1befb97e65c9a87d81466598aefaThinkSECURE has discovered that certain well-known wireless chipsets, using vulnerable drivers under the Windows XP operating system and when configured to use WEP with Open Authentication, can be tricked by a 802.11-based wireless client adapter operating in master mode ("the attacker") to discard the WEP settings and negotiate a post-association connection with the attacker in the clear.
85332b49ddbb1be65ef1f303c4d24404a14fb00bc71d5cf6480c1a568aee24b5Debian Security Advisory DSA 942-1 - A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution.
405d9bbc999d40cf28ff3aec11fdef6d04a64fa08e217a56121a78b378813149Debian Security Advisory DSA 941-1 - The Debian Security Audit project discovered that a script in tuxpaint, a paint program for young children, creates a temporary file in an insecure fashion.
18e883fa2d306bcebd3c4fe5f9adff5936444196f9eb65536da89db3e4b3bc88eyeBeam softphone remote denial of service SIP header mishandling exploit.
c9af2dfdb21e5a5ab2c257b74a84585563a0f0be60d3124fc374306d1a84e010WHITEAlbum is susceptible to SQL injection attacks via pictures.php.
ae1fcebac9700b83ec80ba4aa8ce091854b6d6537de98123711e7ec7fa906238Veritas NetBackup v4/v5 "Volume Manager Daemon" remote stack overflow exploit.
6bf7782bcf9b0245b5dabd142ec6d47ca62c1fc2f9680b45ea2ab2ef81f1da93The Web Application Firewall Evaluation Criteria project is proud to announce version 1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluate and and compare web application firewalls.
30934b361df1e3d08250b193e224b8b6ceb4dc93d5c4c031e85dcf23afe88bf8Bit 5 Blog version 8.01 is susceptible to arbitrary javascript injection. Exploitation details provided.
20802863624b0c230d55b2395c9f22fd31cfe95f68382012775c98d0f8ec744cBit 5 Blog version 8.01 is susceptible to SQL injection attacks. Exploitation details provided.
d20f451f887b429370f4acfe04bcd2a7745d6e075c3304a35479ec1277cd9894Benders Calendar version 1.0 is susceptible to SQL injection attacks. Exploitation details provided.
60854192744acb437eb561a320b50d6ef605efb6442f681091424b95853a7b01Cerberus FTP server versions 2.32 and below remote denial of service exploit.
f22de0e2d4844c1294de07fe53ef9dc93dad62bddf095223e5f309589eac21f9HomeFTP r1.0.7 is susceptible to a denial of service condition. Exploit provided.
b8d1a8782b1d5466279e00c6898f2133b9f66204741fdffd0c4a16648a2c1a81Apache Geronimo version 1.0 suffers from cross site scripting vulnerabilities.
a7abdcc2cf2d5a7466c234929075a4549954e4fd37dc2826b8144ae0ebd188fdAmbiCom Blue Neighbors versions 2.50 Build 2500 and below suffer from a buffer overflow in the Object Push service.
da47d3a1cfa2a10633bedd980ce061b8059930008236018cc8db60cc23de5f44Ultimate Auction versions 3.67 and below suffer from cross site scripting flaws.
9128386042efd1779d1c7c56f599177b0f4f184a4a37715ff86f4358c23d98dbZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
6f7678c11d532e2dadabcbc05d91558265b6fc461a82c4b03342340ae8202b44Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
3f136163626400c62192bab817c2e81c36503a9e5b8e018ca3df67bdeef745c1FLoP is utility designed to gather alerts with a payload from distributed Snort sensors at a central server, and to store them in a database. Both PostgreSQL and MySQL are currently supported. High priority alerts may be sent out via e-mail.
3e8650213f09e8611b518feccdd3d3e7306a04a1ba21d5a41b31cf8a2273ae86Bob the Butcher is a distributed password cracker. It is built around a client/server system. Cracking speed scales linearly with the number of connected clients. It is designed for efficient cracking resource usage. It will handle many password files at once, aggregating passwords as much as possible.
3565d156d637501a1c623bca37f256022300a8b1c85d29c84bc142e0c01480cbEZDatabase versions below 2.1.2 are susceptible to cross site scripting, directory traversal, and path disclosure flaws.
cc361d96f5afcac49024f0503bb6866e25b0a4c51fe3912ad76626370d097d6e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed