exploit the possibilities
Showing 1 - 25 of 51 RSS Feed

Files Date: 2007-10-18

Gentoo Linux Security Advisory 200710-20
Posted Oct 18, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-20 - Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in the XPDF code which PDFKit is based on. ImageKits also contains a copy of PDFKit. Versions less than or equal to 0.9_pre062906 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-3387
SHA-256 | 937ee0eb780bc0c3f024e5e6473e766ef1e4a89d102d75d7eaacb7670ba23876
Secunia Security Advisory 27287
Posted Oct 18, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Miranda, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | d433abcc0757b087672f3c759391d69819e67e5add7e27a345184b0996844ca7
Secunia Security Advisory 27165
Posted Oct 18, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - shinnai has reported a vulnerability in Microsoft Visual FoxPro, which potentially can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | ab57aa15575df087eff684cdfcc72675bc3fbb6a8f0783a3b322c4b3d2144a05
Secunia Security Advisory 27238
Posted Oct 18, 2007
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SkyOut has reported a vulnerability in Netgear SSL312, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 493bbf32e1fdef7938d779800daa1797e2abd6ce081d34a7b862bf525782b227
Mandriva Linux Security Advisory 2007.200
Posted Oct 18, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2007-5137, CVE-2007-5378
SHA-256 | fdee7478c7e7ee753aa4ed1d1053cb7018c3e5bd69240cd8459309b0d7473b47
S21SEC-038-en.txt
Posted Oct 18, 2007
Authored by Juan de la Fuente Costa, Pablo Seijo Cajaraville | Site s21sec.com

S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that allows injection of javascript code in text variables.

tags | exploit, javascript
SHA-256 | 6f7f01205b0f297adb9952ea0f556e8783078824cb75a59cf72ff44c90f8079c
Gentoo Linux Security Advisory 200710-19
Posted Oct 18, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-19 - Jean-Sebastien Guay-Leroux reported an integer underflow in the file_printf() function of the file utility which is bundled with The Sleuth Kit (CVE-2007-1536, GLSA 200703-26). Note that Gentoo is not affected by the improper fix for this vulnerability (identified as CVE-2007-2799, see GLSA 200705-25) since version 4.20 of file was never shipped with The Sleuth Kit ebuilds. Versions less than 2.0.9 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-1536, CVE-2007-2799
SHA-256 | 5d8dc392bc814f2430ff4729c0bbb583a93e7c361c2421771358d7ced56bf0e9
Gentoo Linux Security Advisory 200710-18
Posted Oct 18, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-18 - Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Versions less than 2.12r-r8 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5191
SHA-256 | 50f3319e4e75be09131765eacc9544265c63c59560154b3055e4fb1df1ac3acc
Debian Linux Security Advisory 1389-1
Posted Oct 18, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1389-1 - It was discovered that zoph, a web based photo management system, performs insufficient input sanitizing, which allows SQL injection.

tags | advisory, web, sql injection
systems | linux, debian
advisories | CVE-2007-3905
SHA-256 | e59744e32fe51d94162d7f1001926ae6bf91d7dbcd87e0acb18b31cc2cdcd882
Debian Linux Security Advisory 1388-1
Posted Oct 18, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1388-1 - It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitrary code upon the DHCP server.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-5365
SHA-256 | 2f2edd786eff4abf8efa231c16c5025821fd43b2f3b33d44e6982350990112e2
SYMSA-2007-011.txt
Posted Oct 18, 2007
Authored by Ollie Whitehouse | Site symantec.com

Symantec Vulnerability Research SYMSA-2007-011 - A vulnerability has been discovered in the SMS handler on Windows Mobile 2005 Pocket PC Phone edition which means the sender of the original SMS message can be masked from the recipient when sent a specifically crafted WAP PUSH message.

tags | advisory
systems | windows
advisories | CVE-2007-5493
SHA-256 | eee9df452f180ce03cf99ac3571d5c28ecb00ea2370f58c105f853fd6c953f0c
Technical Cyber Security Alert 2007-290A
Posted Oct 18, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-290A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, info disclosure
SHA-256 | e60de499cfb633364bb4f4a095e2156be01665d805ecba8f1483866d65313f70
Mandriva Linux Security Advisory 2007.199
Posted Oct 18, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of vulnerabilities and security-related issues have been fixed in phpMyAdmin versions since the 2.9.1.1 release. This update provides version 2.11.1.2 which is the latest stable release of phpMyAdmin.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-0095, CVE-2007-0203, CVE-2007-0204, CVE-2007-1325, CVE-2007-1395, CVE-2007-2245, CVE-2007-4306, CVE-2007-5386
SHA-256 | 950a6c444693a6c116ddbd1ea0030ebe56553584713ca3267cda047bf590ca96
Cisco Security Advisory 20071017-asa
Posted Oct 18, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. These vulnerabilities are triggered during processing of Media Gateway Control Protocol (MGCP) packets, or during processing of Transport Layer Security (TLS) traffic that terminates on the PIX or ASA security appliance.

tags | advisory, vulnerability, protocol
systems | cisco
SHA-256 | 81f355236673e2bfd72132b474ed77be4046243f77fb80af0f3b839f7f0c15d4
Cisco Security Advisory 20071017-fwsm
Posted Oct 18, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Two crafted packet vulnerabilities exist in the Cisco Firewall Services Module (FWSM) that may result in a reload of the FWSM. These vulnerabilities can be triggered during the processing of HTTPS requests, or during the processing of Media Gateway Control Protocol (MGCP) packets. A third vulnerability may cause access control list (ACL) entries to not be evaluated after the access list has been manipulated.

tags | advisory, web, vulnerability, protocol
systems | cisco
SHA-256 | 19f7c2422db56ce36d217a8d2be7a8b8bc1b10b3afe8c35ebdb6d3c522893ef4
Cisco Security Advisory 20071017-IPCC
Posted Oct 18, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Unified Contact Center and Intelligent Contact Management products contain a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View) and the web-based configuration tool (Web Admin).

tags | advisory, web
systems | cisco
SHA-256 | 84f040154fb44f3b5d13105c59fdcd0efab66e9c6020608723f86898628471ca
Cisco Security Advisory 20071017-cucm
Posted Oct 18, 2007
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two denial of service (DoS) vulnerabilities. Large volumes of UDP Session Initiation Protocol (SIP) INVITE messages may cause a resource exhaustion condition on CUCM systems resulting in a kernel panic. The CUCM Trivial File Transfer Protocol (TFTP) service contains a buffer overflow vulnerability that may result in a denial of service condition or allow a remote, unauthenticated user to execute arbitrary code. There are no workarounds for these vulnerabilities.

tags | advisory, remote, denial of service, overflow, arbitrary, kernel, udp, vulnerability, protocol
systems | cisco
SHA-256 | 43c810a9858087a094b1e5def438dab382b8314997430fcc0c4b3c655ce5c1f5
strongSwan IPsec / IKEv1 / IKEv2 Implementation For Linux
Posted Oct 18, 2007
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.

Changes: Removed recursive pthread mutexes since uClib does not support them.
tags | kernel, encryption
systems | linux
SHA-256 | 5bc92454395a62bfd1bad8aea7f4996e755416f0ff0e128c2a0fe64304ebf9b1
awzmb-rfi.txt
Posted Oct 18, 2007
Authored by S.W.A.T. | Site xmors.com

awzMB versions 4.2 beta 1 and below suffer from multiple remote file inclusion vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
SHA-256 | df18569bafe08fdf4cb98efe9c646739fac7a0397938fbb7c8743e6e4a4d914f
limesurvey152-rfi.txt
Posted Oct 18, 2007
Authored by S.W.A.T. | Site xmors.com

LimeSurvey versions 1.52 and below suffer from a remote file inclusion vulnerability.

tags | exploit, remote, code execution, file inclusion
SHA-256 | 265d5167d6be0eb574e84294ebecbf040ce54de728cca6d7d9416bc8f5d3f2e2
phpdj-rfi.txt
Posted Oct 18, 2007
Authored by GolD_M | Site tryag.cc

PHPDJ version 0.5 suffers from a remote file inclusion vulnerability in djpage.php.

tags | exploit, remote, php, code execution, file inclusion
SHA-256 | c835c301e67f241daf950d0a586a24e0c6895947bd219d789bc377a345a024e2
NISR17102007E.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle XML DB ftp service contains problems with auditing logins.

tags | advisory
SHA-256 | 2639ac2b24b2c8d5133eff124f15167a71fbd4375eea39277529464a214d3dce
NISR17102007D.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle RDBMS on receiving an invalid TNS data packet will use 100% of the CPU's time introducing a denial of service condition.

tags | advisory, denial of service
SHA-256 | e7b0e95883d2072b1a56b5fdfcf4738223ad9c7c04551753f7ce3368ba5e986c
NISR17102007C.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Oracle TNS Listener suffers from denial of service and/or remote memory inspection vulnerabilities. Systems affected include Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9.

tags | advisory, remote, denial of service, vulnerability
SHA-256 | 2df77d5f0342cb6ee96c1251a4daebb88b481263665cf072ef864d3780bd5b37
NISR17102007B.txt
Posted Oct 18, 2007
Authored by David Litchfield | Site ngssoftware.com

NGSSoftware Insight Security Research Advisory - The Workspace Manager in Oracle 10g release 1 and 2 and Oracle 9i is vulnerable to SQL injection. The Workspace Manager, owned by SYS, contains a package called LT. This package is owned and defined by the SYS user and can be executed by PUBLIC. LT contains a procedure called FINDRICSET which calls the FINDRICSET package in the LTRIC package. This is vulnerable to SQL injection and can be abused by an attacker to gain SYS privileges.

tags | advisory, sql injection
SHA-256 | 5df31c6c9790c218a2a5535198524baba532d40fd776334551174739a7f50ba0
Page 1 of 3
Back123Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close