Mandriva Linux Security Advisory - Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
22b534682be7c308115f64e42b216bf5eb9aa48e9cefa357ef9f44cfd05ead13Mandriva Linux Security Advisory - An integer overflow flaw was discovered in how python's pcre module handled certain regular expressions. If a python application using the pcre module were to compile and execute untrusted regular expressions, it could possibly lead to an application crash or the execution of arbitrary code with the privileges of the python interpreter. Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
768924f6a4c4dc0d8aa6d014cd64650fde1304e861e573e4128b3711365bab10Secunia Security Advisory - Some vulnerabilities have been reported in BugTracker.NET, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.
503cc5c94ff10a6a1605952c67858f19a7e0d3ac4ac6adedea8b6f0bb71250f4Ubuntu Security Notice 568-1 - Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges.
47d59960e481124c283b84984065380cc224fcda98eb11e54fce799c288e75c1A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.
d3505a1cd6fd799ea1c25183890de56f606ba71453077a7b318259b08b71a0a0The F5 BIG-IP web management interface is susceptible to a cross site scripting vulnerability via the search functionality. Tested against version 9.4.3.
f24e831838b0cad45609bd942c655b29b4ed3bad399ec918e6c0487981cb4ac5Macrovision FlexNet Connect download manager is susceptible to an arbitrary file download/overwrite vulnerability.
8656555b01e9b0c8e79ba5f966804d2fc68fd444657ea0fcadbb3c73f9b8cd4fSQL injection digger is a command line program that looks for SQL injections and common errors in websites.
b76ba9f76bdaeffbdf068c3668af79e1c700692ab288ce7f8cdb25c51dbb034dradmind is a suite of Unix command-line tools and a server designed to remotely administer the file systems of multiple Unix machines. Radmind operates as a tripwire which is able to detect changes to any managed filesystem object, e.g. files, directories, links, etc. However, radmind goes further than just integrity checking: once a change is detected, radmind can optionally reverse the change.
d7fda757c317f079a7ba1be30313a36c20de6c873d256c33d826065c4e747c39pMachine Pro version 2.4.1 is susceptible to cross site scripting attacks.
bdc37f2832cee5b6136998e922d72de5e15df74fa5bb26ee2f0dfd3fdfdaacdbSecunia Security Advisory - A vulnerability has been reported in the Meta Tags module for Drupal, which can be exploited by malicious users to compromise a vulnerable system.
c338a4807bdfc44f8758597abf82ed3a3b758b488c8b95d5fddb31d024569c23Secunia Security Advisory - A vulnerability has been discovered in Merak Mail Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
d888525f35ccfd4b31cabaed84617585267676c2fe5451971fc3e98d4391caefSecunia Security Advisory - Avaya has acknowledged a vulnerability in multiple Avaya Products, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
2b29f54ab29d3187fb74b1297b55d5fc8349e6820650f968cdbc3c7fb9fef9faDebian Security Advisory 1463-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
bf82c28f78aa61e68865b176249ca0279e41256a1de3a041b5d109a070a22eebDebian Security Advisory 1462-1 - Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user.
34d83e3f33fc2dc2320bc5364a40d153c1cc12515fa7ebe63bb9aa861ba28301Debian Security Advisory 1461-1 - Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop.
2bbc3fa2b0758e79588a696950f034e141bb876356c2272039fa877fb0f10858OpenStego is a tool implemented in Java for image based steganography, with support for password-based encryption of the data. It currently supports embedding of messages/files in a 24bpp images.
7d5861e2b2cbe80051d2f00db1b195b9062c6284c4a38504c5e49bef3292ea58nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
ee8da86e3e3ddbf4b2ea22dded69011ef2bd21bd252c5a7bc3345b0ba33103f6NUVICO DVR NVDV4 / PdvrAtl module with PdvrAtl.DLL version 1.0.1.25 remote heap overflow exploit for Internet Explorer 7 on Windows XP SP2.
9ee68690af569f2155d52e1d0bea6ce85186e02b540a9a4924aeebc6c338d350UnHash is a program that performs a brute force attack against a given hash. The hash can be MD5 or SHA1, and the program will auto-detect which one is given.
0da019894b5b5cb8fc598fdb80398008f06dba86151dacf31b57a1aba8189481Floppyfw is a router and firewall in one image. It uses Linux basic firewall capabilities, and has a simple packaging system. It is ideal for masquerading and securing networks on ADSL and cable lines, using static IP, DHCP, and PPPoE. Installation involves editing of only one file on the floppy. This is the iso version.
753536fe2af35d138de722bf798be521b1e439751d0d0efb32be27d8aaa043b6X7 Chat versions 2.0.5 and below remote SQL injection exploit.
39ef9682ce0dc16c45ccb63792eb60654cac2f859b0121185f5ccd3e962e460dDebian Security Advisory 1460-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
15fa8c37a84c4650b0057ddb1f483cac6bd377383f70e2bbe3482537af09de8aDebian Security Advisory 1459-1 - It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.
46c3e291053b62c8aa599099c781e01b50fc301f5004cbe793852f1d8f556e1dGarment Center suffers from a local file inclusion vulnerability in index.cgi.
dd75805444e5db8d161ce01da7de47d07ccf1013b33c66cfd8e358e510ee0fbf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed