iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
90cfa8a554a29b0b859a625e701af2a7sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace().
d0b58eced8f60e696c39dfaf4b306771Mihalism Multi Forum Host versions 3.0.x and below suffer from a remote file inclusion vulnerability.
bfdefa79b928c3f68a21aafde8c26220jPORTAL version 2.3.1 and UserPatch remote PHP code execution exploit that makes use of forum.php.
5e3b261d3856d240743784d21dcec82eGentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.
62d7fd5d1e0e1068e081617596992ee8Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.
d24f2caf1e6066ee693b8371b745cbdeGentoo Linux Security Advisory GLSA 200712-19 - Oriol Carreras reported a NULL pointer dereference in the log_msg_parse() function when processing timestamps without a terminating whitespace character. Versions less than 2.0.6 are affected.
5e698d3b561576cc13d4422b5922d9f2Gentoo Linux Security Advisory GLSA 200712-18 - nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the Authorization: Basic HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). Versions less than 0.2.4.1 are affected.
42ba0e2495aa71dc5c890aaff6b91084Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.
a584664894341f424cd8e43143f62ef8Gentoo Linux Security Advisory GLSA 200712-16 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Versions less than 0.13-r1 are affected.
fc872ddcea86f6cda5645bb69903878bGentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.
0036504c0eb90eb8567eeebf7ed675d9Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.
57b37d2a4f4496939ae7a1675e08b537Call For Papers for DIMVA 2008, the Fifth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment; which is to be held in Paris, France, July 10-11, 2008.
f1e328c3fb0b9d3d765eb9a3a62f1c1aPHCDownload suffers from a cross site scripting vulnerability in search.php.
a12bd0e79671216f9a7f1c56d27268e8Makale Scripti suffers form a cross site scripting vulnerability.
91e364318741f97ec6b1a586df101bccNoseRub versions 0.5.2 and below suffer from a SQL injection vulnerability.
082b8e4c54ce3efe96c596a7cfe889dcCoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.
2ce29fda2f085a9662141dc8d5b8db3cDebian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
1cc219462c7386396c86f93e433fbadaDebian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.
6d8f37da4c823567251a11b86460b9b6Debian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
e6a6d67fe7190ab1580b7f1d8cb23e1dDebian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
9876b5a2363d163e5bd48c7c91cf6a80The HP Photosmart C6280 network printer ships with unchangeable insecure default settings.
526cb2ee10c1bd7f0a8519a5b5fabf462z project version 0.9.6.1 suffers from cross site scripting and disclosure vulnerabilities.
6a6d35e720d4f19593df620e1add5276Hellsing is a utility designed for attacking web applications. It supports multiple vulnerabilities through the use of a configuration file.
cba08e78e868169474623a4bd3ce0ea4FAQMasterFlexPlus suffers from cross site scripting and SQL injection vulnerabilities.
c761ff5b85434505508ed324adc3dc62
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed