iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
fd9a978035e6a8f73344f986c84a222dc4ac3706b901e0c1ecae9647db5e5d52sptrace is a secure ptrace() module for Linux. It limits users' access to the ptrace() call. It can disable ptrace altogether, or if you add a ptrace group to your system, only users in that group will be able to use ptrace().
5b12b0751d6b446ffc9e5227b0c97bbcef5ba151fe0717c374a2e204b1422aa5Mihalism Multi Forum Host versions 3.0.x and below suffer from a remote file inclusion vulnerability.
3eaf2408324a0c7362a2a776ceb71910d16610fa65b6b27d983daeb7cb96757fjPORTAL version 2.3.1 and UserPatch remote PHP code execution exploit that makes use of forum.php.
f1f404bfaf6b1bdfc028ac9b9544e99fd78ead0a6caa30a34cc7047ea73fd196Gentoo Linux Security Advisory GLSA 200712-21 - Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types (CVE-2007-5947). Gregory Fleischer reported that the window.location property can be used to generate a fake HTTP Referer (CVE-2007-5960). Multiple memory errors have also been reported (CVE-2007-5959). Versions less than 2.0.0.11 are affected.
244d0fd277ba8fac81e13a718b0d70f27593de6f68f4ffcc21be93c9017b2b37Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.
e3b7501c28f682a4dae876bbf5d70640402854f24b4eafc3f39148e015a7fbbaGentoo Linux Security Advisory GLSA 200712-19 - Oriol Carreras reported a NULL pointer dereference in the log_msg_parse() function when processing timestamps without a terminating whitespace character. Versions less than 2.0.6 are affected.
af2a73ce617ca3e2591566523a16dc39a1f737309c21751694645e09489caf12Gentoo Linux Security Advisory GLSA 200712-18 - nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the Authorization: Basic HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). Versions less than 0.2.4.1 are affected.
f6dc6d5291323beb2d64c29038b1d0c5f7ed88fdf9ce6318f7c6354fb9927501Gentoo Linux Security Advisory GLSA 200712-17 - Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). Versions less than 1.01 are affected.
f30846d92920feb64cca0600f08f57d830e4f7c5ad70f386131e9e96d25cbe72Gentoo Linux Security Advisory GLSA 200712-16 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the JpegThumbnail::setDataArea() method leading to a heap-based buffer overflow. Versions less than 0.13-r1 are affected.
0838f951a07633804d7f72dd5eb43d96f4126b11750c435467e868103e40c792Gentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.
548c9365116cd57441912256c386abd5de38d4e909eeeb81d347df3bf442698aDebian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.
62cfe9ae74d16a5aab70897bf8b2abb6d67747b06cb8f5bd3fba49913d6e685eCall For Papers for DIMVA 2008, the Fifth GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment; which is to be held in Paris, France, July 10-11, 2008.
86a0e3f1ff9fd43387815de96c38db4aa36ee3259786486c1f042b76ae136368PHCDownload suffers from a cross site scripting vulnerability in search.php.
78ee081c37ed4dc5d4e7ad45726e94fdf7680d4ceeb5258fa1613e0cc38c5453Makale Scripti suffers form a cross site scripting vulnerability.
9533aba270705fb7e21fe7e4d4b82399dcd4fd5040bb0cf3f1807b0af0f4091eNoseRub versions 0.5.2 and below suffer from a SQL injection vulnerability.
7c617a7f9d210fa4e8f41f2fa44f88c98fe59506a94b0cf1242e2c03c391e787CoolPlayer versions 217 and below suffer from a buffer overflow vulnerability in CPLI_Readtag_OGG.
66d3dadb5060e1f3cc0214890a623a21f31de96d30f8f1d23645f759ad9e7d5dDebian Security Advisory 1441-1 - Luigi Auriemma discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a heap overflow in the HTTP server code, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
cef02df841d0e0ba4f8993f029faa88f08ee953355da568361615eb6b6162f13Debian Security Advisory 1440-1 - It was discovered that a buffer overflow in the filename processing of the inotify-tools, a command-line interface to inotify, may lead to the execution of arbitrary code. This only affects the internal library and none of the frontend tools shipped in Debian.
c0807820bbc047f24c6961c701a657264d69fe62c7a0dd11c5dfabc0fdc7710bDebian Security Advisory 1439-1 - Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users.
ce580dc6399b167f7d677f0988c8fc1bf688e4ac1d63898af524add50e100dd3Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
cdb091cdc7a22e2e70fc77812d2d98bb673e8958c2eb906c42c3d283d52a525eThe HP Photosmart C6280 network printer ships with unchangeable insecure default settings.
3f8d822d389123e6a71204604895e1acf082a7d436552de278b7e6c6e771cd872z project version 0.9.6.1 suffers from cross site scripting and disclosure vulnerabilities.
a0ec19357f22d28af67d23b22d541023cf8a0a2e6b2e1c052b35ec02d9164937Hellsing is a utility designed for attacking web applications. It supports multiple vulnerabilities through the use of a configuration file.
fa12112c421352c6709b3bd8f058ca8e74db0f717e92ecfe0d1a694c9a5ff494FAQMasterFlexPlus suffers from cross site scripting and SQL injection vulnerabilities.
d15bc96986c91951c4905a25dcdfa25651961bb2671251caa8477328798c98d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed