Further research has been performed against the Barracuda Convert-UUlib library buffer overflow.
f6951b1ebcbd690adceae17e1c1dfc054bf9a724c4c9727d2dd586cd08c7292fPIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA's goal is to test whether or not any vulnerability exists on the content filtering platform.
4f4bf22a3446dcede66d3f4fc60bfd1cdac5e6fd174c4f6f682bbdf405cdca09Debian Security Advisory 1228-1 - Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.
e1f2cf0b745dc84e94b07a769ffacfbeca83f0f01fcf41c0d6a909221bc0f2dfHP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a denial of service.
a63c3adb81a7a6e1cbb3e069c7b5ae7ff1aa4ff929852b66154ad2e582fa94bdCYBSEC Security Advisory - A specially crafted HTTP request can remove any file located in SAP IGS file-system. SAP IGS versions 6.40 Patchlevel 16 and below and 7.00 Patchlevel 6 and below are affected.
992d1c3e589ee06443567d8375401c73114e94090b39202776695427f219875fCYBSEC Security Advisory - Undocumented features have been discovered in SAP IGS service, some of which may signify security risks. SAP IGS versions 6.40 Patchlevel 15 and below and 7.00 Patchlevel 3 and below are affected.
a54d1cedef3e5d18339a313268d765c9d82972cf5f13660663dec05e76e801b6Snort patch based on the "tcpstatflow" tool and written to be compiled with snort-2.6.1.1 using the stream4 preprocessor. It is designed to detect traffic that is not HTTP / HTTPS / FTP / SMTP, with a reasonable margin of error.
3e7d1c6ba3cd8817eff4ec346d0ef9b08d438b4e3d0085d7760509a1fd878e23KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.
5e616116d126762e0386e401b5ffeb2270a95ffca025fe458d9dd87fc7b1f07bVulnerabilities allow attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager. Authentication is not required to exploit these vulnerabilities. Versions below 5.2.9 and below 5.3.4 are affected.
b6409e103665027e1bbc1a0f81c4db6a199f6fa4adf5dc912c78d0039687c485Ubuntu Security Notice 392-1 - A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.
3f0af71c62a72c504b2c28651e5b1a81ce95ac569333fbdbe2d3f2e01d1de107Ubuntu Security Notice 391-1 - A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.
929b269c10f07d7786858ef7e0831a23174f1d6b61610c015938ae38155df102snmpcheck is a free open source utility to get information via SNMP protocols. It works fine against Windows, Linux, Cisco, HP-UX, SunOS systems and any devices with SNMP protocol support. It could be useful for penetration testing or systems monitoring. snmpcheck has been tested on GNU/Linux, *BSD and Windows (Cygwin) systems.
d761829bf0e54681d7f7286dc9fdb8136fc370c218b85024b7c22a2e209970camowdBB RC-6 suffers from a cross site scripting flaw.
f86cea861786bd96984df6e5f0de48a23fdd58a719a9e85b75f29a07cefbfac6Remote code execution exploit for Envolution versions 1.1.0 and below.
d7ea55d503f25ce48922e6071a8bf9c486ef31458e649719a55850f0f48111a5BlazeVideo HDTV Player versions 2.1 and below malformed PLF buffer overflow proof of concept exploit.
e14fc20ba2561606a692242387bab8938d4ac558a312d0f056e02d6364ffafdbAT-TFTP version 1.9 and below remote buffer overflow exploit that makes use of long filenames.
3c055612e0d3fc3c594e459088e2ca19c7013d09596cc2b275be81d1dd9fdf14TCP Knocking provides a port knocking implementation that attempts to solve problems of opening firewalls to provide remote access by incorporating the knock into unused fields in the TCP handshake sequence packets, rather than using UDP packets with secret ports.
e6853f592b09665053445d9ae0240ffcee7a2a8cf03115caa0daebc05b209b9aFloppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the floppy disk version.
5b3dcb5bdbad187b52f13220163511aec5af3bc3b26406eabfd7ac74e68b929eFloppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the ISO version.
2836e68291e1bf8f69d6babae8b3fccc0e43eefbe3657e14e4b1283ef2e95090JAB Guest Book suffers from a cross site scripting vulnerability.
de73cbd93e53f5680513b090ea1341071a7a29d9f6fe4d905318c56216a00d0bMandriva Linux Security Advisory - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
b0a8590ea11ba4afad9185f0a981496234a1d44af2df33534e836aa6a73fd319Two vulnerabilities in F-Prot Antivirus version 4.6.6 for Unix platforms could allow a remote attacker to cause a denial of service or execute arbitrary code. Exploit included.
226cbefa040587fac72452eb5aa3327444b503a468263378f2fc442655fea874Whitepaper entitled "Top 10 AJAX Security Holes And Driving Factors".
1ed5c65dfd0826c823dfd1a9f124b537e561dd5ffcc62aee60d328f4953f93efDebian Security Advisory 1227-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.
5050bcb7d102f7e9246310110557a762f337740a07b1e1485cdcae55b3c42379Debian Security Advisory 1226-1 - Teemu Salmela discovered that the links character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.
663357653cd8e772e98a4eaf6f33bbb444e0a01338c6bbdc50cec7955ddea496
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed