Secunia Security Advisory - IBM has acknowledged a vulnerability in bind, which potentially can be exploited by malicious people to cause a Denial of Service.
fcc9d8f00b25855699028319ad9f031eMDCrack is a free, feature filled password cracker designed to bruteforce several commonly used hash algorithms at a very aggressive speed rate. It can retrieve any password made of up to 8 characters (16 for PIX algorithms) and 55 characters when salted. In order to achieve the highest possible speed rate, this program uses several cores for each algorithm it supports. Each one of these cores provides a different level of optimization designed to best fit with a specific set of command line options. Whatever command line configuration is used, MDCrack will always arrange to use the best available core. To date, this program supports bruteforce attacks on MD2, MD4, MD5, NTLMv1 and PIX (enable and users) hashes, the list of algorithms is growing up. Multithreading allows for parallel cracking and load sharing between several CPUs and multiplies overall speed by the number of available processor(s).
a5736f935d162cadf91f57bcbab8dd7dMandriva Linux Security Advisory MDKSA-2006-161 - Daniel Bleichenbacher recently described an attack on PKCS #1 version 1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 version 1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 version 1.5, including software uses OpenSSL for SSL or TLS.
779e310851570485664d412935a7d63eThe IBM Lotus Notes DUNZIP32.dll suffers from a buffer overflow vulnerability. The vulnerability has been confirmed in versions Lotus Notes 5.0.10, 6.0 and 6.5.1. Other versions may also be affected. It is expected that the latest R5 build 5.0.12 build is affected too.
eb6e8ccd30441e2af9278fe031e04b93PHPOpenChat version 3.0.x is susceptible to a remote file inclusion vulnerability.
786cd66bf17772f05989aa8e4b56cd39Debian Security Advisory 1170-1 - It was discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories.
d9d861d67f7620169b18c69788414640Wordpress version 2.0.5 suffers from path disclosure and SQL injection vulnerabilities.
c626c03e86f99e117cbc7cc127125734Phenoelit Advisory - Cisco Systems IOS contains a bug when parsing GRE packets with GRE source routing information. A specially crafter GRE packet can cause the router to reuse packet packet data from unrelated ring buffer memory. The resulting packet is reinjected in the routing queues. Tested on C3550 IOS 12.1(19).
f09a97e7d16b1d3caf71b6f332a4a856Secunia Security Advisory - SHiKaA has reported a vulnerability in phpFullAnnu, which can be exploited by malicious people to compromise a vulnerable system.
3164d42a9903aeb2a2d67f1c4756b0e2The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
694b79a4fda0e478e560620f0f1e445fGentoo Linux Security Advisory GLSA 200609-04 - Several integer overflows have been found in the PCF font parser. Versions less than 1.2.0-r1 are affected.
77e8f04823ce0bd8ab58edb844864057Gentoo Linux Security Advisory GLSA 200609-03 - OpenTTD is vulnerable to a Denial of Service attack due to a flaw in the manner the game server handles errors in command packets. Versions less than 0.4.8 are affected.
27abf0eddb17fa36ca8627a068635e25Gentoo Linux Security Advisory GLSA 200609-02 - Michael Gehring has found that GTetrinet fails to properly handle array indexes. Versions less than 0.7.9 are affected.
a1e81f305e3cabadafbde439feec3b05Gentoo Linux Security Advisory GLSA 200609-01 - Ulf Harnhammar, from the Debian Security Audit Project, has found that Streamripper is vulnerable to multiple stack based buffer overflows caused by improper bounds checking when processing malformed HTTP headers. Versions less than 1.61.26 are affected.
8bb04206fbb8b761ba3f7d6862810b8eAn attacker can send a specially crafted ACCSEC command during the handshake process with the server, causing the server process to crash in the DB2 Universal Database versions 8.x.
253f8ce11873731c88cdfcd862c1e9afAn attacker can send a specially crafted EXCSAT command during the handshake process with the server, causing the server process to crash in the DB2 Universal Database versions 8.x.
da70d9291764aa0b92e4fa9dc9cf1476Ubuntu Security Notice USN-340-1 - Tavis Ormandy discovered several buffer overflows in imagemagick's Sun Raster and XCF (Gimp) image decoders. By tricking a user or automated system into processing a specially crafted image, this could be exploited to execute arbitrary code with the users' privileges.
6e5488de7d25c5623b523bd91b1d26f4The Canon ImageRunner remote UI web interface software will reveal username and password pairs contained in address book entries when the address book is exported. Tested and verified on Canon iR C3220, iR 5020, iR9070, iR C6800, iR C6870, and iR 8500.
51f5d277ec198b1f10ca9d211b51459dHP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, denial of service, or unauthorized access.
7060db2e730ca644a55dcccbba488d35ZIXForum version 1.12 suffers from a SQL injection flaw due to a lack of sanitization in the RepId variable.
c3a60be3e68d008313570f33a45ea271AnnonceV version 1.1 suffers from a remote file inclusion flaw.
93743bf3e716e720dcc8e8c0ad768f66Secunia Security Advisory - Secunia Research has discovered two vulnerabilities in ZipTV, which can be exploited by malicious people to compromise an application using the library.
b72ebaa145f1a8da56714dc29a8ed62aSecunia Security Advisory - DrEiNsTeIn has discovered a vulnerability in PhpLeague, which can be exploited by malicious people to conduct SQL injection attacks.
caffb56f4d407204ca308746a6758546Secunia Security Advisory - Debian has issued an update for gcc-3.4. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
a80eb083457ccba3771c8cd86debc9ceSecunia Security Advisory - Gentoo has issued an update for gtetrinet. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
0d13b195f99db2caca6393d9d7eedc5f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed