Secunia Security Advisory - IBM has acknowledged a vulnerability in bind, which potentially can be exploited by malicious people to cause a Denial of Service.
fbeb1e5f2eef2db31bd6ae849dfc4b126c3e6016e26fb962c73110cbb8a86cbdMDCrack is a free, feature filled password cracker designed to bruteforce several commonly used hash algorithms at a very aggressive speed rate. It can retrieve any password made of up to 8 characters (16 for PIX algorithms) and 55 characters when salted. In order to achieve the highest possible speed rate, this program uses several cores for each algorithm it supports. Each one of these cores provides a different level of optimization designed to best fit with a specific set of command line options. Whatever command line configuration is used, MDCrack will always arrange to use the best available core. To date, this program supports bruteforce attacks on MD2, MD4, MD5, NTLMv1 and PIX (enable and users) hashes, the list of algorithms is growing up. Multithreading allows for parallel cracking and load sharing between several CPUs and multiplies overall speed by the number of available processor(s).
e7746486dd30fc6921a9e419810f4a9c48ca31e4139cb7b2298bfea7b4875075Mandriva Linux Security Advisory MDKSA-2006-161 - Daniel Bleichenbacher recently described an attack on PKCS #1 version 1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 version 1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 version 1.5, including software uses OpenSSL for SSL or TLS.
86907d7bcb3bf538c9b78a910f70dfa76124fc22f9b4a679a734619d66a77555The IBM Lotus Notes DUNZIP32.dll suffers from a buffer overflow vulnerability. The vulnerability has been confirmed in versions Lotus Notes 5.0.10, 6.0 and 6.5.1. Other versions may also be affected. It is expected that the latest R5 build 5.0.12 build is affected too.
f50eebce81e8697be73c3b6c759c3fc554ef738216b59e82629d9eb6a87f507aPHPOpenChat version 3.0.x is susceptible to a remote file inclusion vulnerability.
2730101bdb89d1500bca693dab2dc3731383aaac06ef946d0b422ebb6fff64b3Debian Security Advisory 1170-1 - It was discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories.
16b06490c97872dce8f9ac96a7eb0daa08a5993000f04480760498debe4b724eWordpress version 2.0.5 suffers from path disclosure and SQL injection vulnerabilities.
c7111f974a7773ef8c3f42ed3e7f6292ad155b5b75b01801a2a26b617f36e500Phenoelit Advisory - Cisco Systems IOS contains a bug when parsing GRE packets with GRE source routing information. A specially crafter GRE packet can cause the router to reuse packet packet data from unrelated ring buffer memory. The resulting packet is reinjected in the routing queues. Tested on C3550 IOS 12.1(19).
c399511f9b9e38917acdb9d548663a1225fa3fd434df65d78c4c032042e0b87aSecunia Security Advisory - SHiKaA has reported a vulnerability in phpFullAnnu, which can be exploited by malicious people to compromise a vulnerable system.
8abc018bbde5caba1c25269dd6d0bb6e674f5270aa7b26c180b42bc9e759ad94The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
c4c5521266fe2983724a4c92b2958cb6d08257a47ffcb13f06d3e5fa16107ad3Gentoo Linux Security Advisory GLSA 200609-04 - Several integer overflows have been found in the PCF font parser. Versions less than 1.2.0-r1 are affected.
538d03b0f314d47899d15012351f89812c22d9f2c15870280d73dd70e7425f1fGentoo Linux Security Advisory GLSA 200609-03 - OpenTTD is vulnerable to a Denial of Service attack due to a flaw in the manner the game server handles errors in command packets. Versions less than 0.4.8 are affected.
802e433d290e2f373b1db958ad305ad3a92661ffc82586a1f78126bbe9d192dcGentoo Linux Security Advisory GLSA 200609-02 - Michael Gehring has found that GTetrinet fails to properly handle array indexes. Versions less than 0.7.9 are affected.
b2a5af30a2164db615161e6065ef3da7e7414a034797b52daddddbf27893e80dGentoo Linux Security Advisory GLSA 200609-01 - Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing malformed HTTP headers. Versions less than 1.61.26 are affected.
53dbbd1cefbb7c1523a013ee80f9b3554eb8ad62466d6b71042266950acf59e8An attacker can send a specially crafted ACCSEC command during the handshake process with the server, causing the server process to crash in the DB2 Universal Database versions 8.x.
1a8410f5b85a180b22f0f8b9883db77dd9e57286bb5e6f8f59e05eba2bfa3d57An attacker can send a specially crafted EXCSAT command during the handshake process with the server, causing the server process to crash in the DB2 Universal Database versions 8.x.
c98ea2020768ceafc724a6ef194ffa77adce1cf1b41123451210d5e693131c72Ubuntu Security Notice USN-340-1 - Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges.
04aa57fc5f938a8312846efec3bc970ceecb4289437e578b7d249cf70d128cceThe Canon ImageRunner remote UI web interface software will reveal username and password pairs contained in address book entries when the address book is exported. Tested and verified on Canon iR C3220, iR 5020, iR9070, iR C6800, iR C6870, and iR 8500.
aaf3626f07dba31cc2373a96b075a9874d4650995009783d0bc2f6360209c404HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, denial of service, or unauthorized access.
b9ab5890e9d10ad4d8db2527868e8497b4d79f5d2d485da41d732ecbb31e0001ZIXForum version 1.12 suffers from a SQL injection flaw due to a lack of sanitization in the RepId variable.
d80b1cf52f2400e9fe3aa4dfb14c9882fb98cb549e0eb988b673fee93a3d1d79AnnonceV version 1.1 suffers from a remote file inclusion flaw.
658118eb6a0938fe0df438ca864aa9ada4e93ed0c1b01f813c3818db10efe9c8Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in ZipTV, which can be exploited by malicious people to compromise an application using the library.
dc4b2becf6c12d97062bfc909cf11c283853aca25a7b328f59f9ae36dff67348Secunia Security Advisory - DrEiNsTeIn has discovered a vulnerability in PhpLeague, which can be exploited by malicious people to conduct SQL injection attacks.
80ba16924949d294a4e5431ff1ded56c5efeafce2b6372d6184b4565a06f74e8Secunia Security Advisory - Debian has issued an update for gcc-3.4. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
c2fd68cc4aa48cbe5bf772bd01a480e3ffdfc2eb27ae3b84b13ab73697520f0dSecunia Security Advisory - Gentoo has issued an update for gtetrinet. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
dbc1b7eb01d92b7aed15c839a86aedd440e7645bceef7ff221f840d4cf7bc2f8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed