Gentoo Linux Security Advisory GLSA 200611-11 - In numerous files TikiWiki provides an empty sort_mode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also improperly sanitizes the url request variable sent to tiki-featured_link.php. Versions less than 1.9.6 are affected.
a50004c5dd35a28c5793c35aabb98960c6ae228aab3ed8f8d37622e0ac10faa5The Classified System suffers from cross site scripting and SQL injection vulnerabilities.
17e4c2f7a80a753ddcf844a851d5f47cc0e7521715f6eda663e875c69640c2b5The Classified Ad System suffers from cross site scripting and SQL injection vulnerabilities.
faf4ae27b59ef2cf69e1efdf991df772f1cbe57297dda40417437e99943facd2ltwCalendar versions 4.2.1 still suffer from remote file inclusion vulnerabilities. This same vulnerability was discovered during the 4.1.3 release, but apparently never patched.
fe853e2bf3276e107b28deb4b02227296379db212b239c9cb5337e72595d869eSecunia Security Advisory - Bas Zoetekouw has discovered a vulnerability and a weakness in chetcpasswd, which can be exploited by malicious people to bypass security restrictions and identify valid user accounts.
79495c9fd72f76510ec3afaced9f5e929b69605220eb70e0df92aa5a66422432Secunia Security Advisory - Laurent Gaffi
86991c7b4d1e4584f33d1473c4c78359960ba971004b5d922911ba9ec1daa1faSecunia Security Advisory - Greg Linares has discovered a vulnerability in XMPlay, which can be exploited by malicious people to compromise a user's system.
672518bb376c3f533dde9ed857a9732b23706cf74b4942969d8ebac415ca5dfaUbuntu Security Notice 384-1 - Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service.
78d7199c3aeed3ec321d49e5ffdfafeedaaa363302cd95bef99195d0aeea4a2eMandriva Linux Security Advisory MDKSA-2006-217 - As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration, which is not the case in the default configuration of ProFTPD.
061ad57de475b81795f7f9162860d0e6424a67bfe493a75cd523fc34b5103ef9Mandriva Linux Security Advisory MDKSA-2006-216 - The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
c2c7aa8b98b93e61147ccde3c66134caa316b1758c6d60228184ba7b3d20dc2dMandriva Linux Security Advisory MDKSA-2006-215 - Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service.
ab09ea6bc7e3513692c82676d9fb8d671ba1c8c7b58e7e53379535d610943febDebian Security Advisory 1217-1 - Paul Szabo discovered that the netkit ftp server switches the user id too late, which may lead to the bypass of access restrictions when running on NFS. This update also adds return value checks to setuid() calls, which may fail in some PAM configurations.
876216d28ca2491cadd58471692fd3f0533c8535fcc5e4734fc2054bb5c2610fDebian Security Advisory 1215-1 - Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code.
91199bcedaeac7b7f0c84e6aba8ff91a4cf469ff658a798cee66b618fd0c0c56Debian Security Advisory 1216-1 - Eric Romang discovered that the flexbackup backup tool creates temporary files in an insecure manner, which allows denial of service through a symlink attack.
c1597d6e3540c800291a315596eade3bff4f6e9a0ef2e7a7fa96cd4da82de814Debian Security Advisory 1214-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow.
16b6e3210d3ac75c90cf81ad1784813c76b78f9acdefad2ef7e69b79cd134bd1Sharpener is an ssh brute force blocking tool for Linux and the BSD's (Open/Net/Free). It runs in cron and parses out the brute force attempts to your server and automatically blocks those hosts from connecting. The script will also send an email of the attackers address to an account.
0f0f3d5796706797226b090e68269f4841ad31cd4e8d7f8814fefb9374304dd7Gentoo Linux Security Advisory GLSA 200611-14 - TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems with more permissive access rights to the spool directory are vulnerable. Versions less than 2.1.2-r2 are affected.
57a4cb9abde1537e010e1f32a644fab74c9c7131b1112d5d7e9bb24e423b86e9Gentoo Linux Security Advisory GLSA 200611-13 - Avahi does not check that the netlink messages come from the kernel instead of a user-space process. Versions less than 0.6.15 are affected.
38e702e443aa99463076f862a1b24a434ef567c8ad1a020f15c2cf0d6ea37049Gentoo Linux Security Advisory GLSA 200611-12 - Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user. Versions less than 1.8.5-r3 are affected.
6cfb14bd5a497bf404a5923e3462f938f41beb472078d12adfdc808dd106ce0dDrKnock is a port knocking solution based on sig2knock by Cappella and Tan Chew Keong (http://www.security.org.sg/code/portknock1.html). Right now, the only functional improvement over sig2knock is the ability to use the client under Windows XP SP2. The client and server work on both Unix and Windows.
76d15e1c2f65a3ba5ac38d0e235f66076cf4a55e3d850f84b1b4422f4568075bAdministr8 versions 0.3b and below suffer from a remote file inclusion vulnerability.
37327612a60e9f8ec519ea6b98c2fda11107faad3e454608aa4a72c51434f8ddmAlbum version 0.3 suffers from path disclosure and directory traversal flaws.
f1c4157563a8778bc2f01b4187812af73d50d13d84755010754280095443e188gNews Publisher suffers from multiple SQL injection vulnerabilities.
be6f59a63043674223034ae598ff6c7e7dcddf91d4b9bbc9e3fb6fad2b42816aASPNuke versions 0.80 and below suffer from a SQL injection vulnerability in register.asp.
3042f9ef5e75487cb014723ea56cecc40bb567cccd349a1924a7fc6ace1362fdehomes suffers from multiple cross site scripting and SQL injection vulnerabilities.
c0a29d66c0cab2f31e0b3e9b6c0e816e83743419fc62e099aa38cf6ac98d2b08
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed