Secunia Security Advisory - Patrick Webster has reported a vulnerability in Tumbleweed SecureTransport, which can be exploited by malicious people to compromise a user's system.
fb17fc905e830ae313433bd74277c186fee45a5ef9ec304dcde91466c2a35c24Secunia Security Advisory - jiko has discovered a vulnerability in Gallery Script Lite, which can be exploited by malicious people to disclose potentially sensitive information.
5803922cd58965bb535b7bf18821e280b99baf4a83f4d4db4a7dac04fab22732Secunia Security Advisory - Debian has issued an update for pdns-recursor. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
e177f55620d2b5ffb2c2fe946715179a1bd40eb44412f803a1fea211925460e2Secunia Security Advisory - Debian has issued an update for libcairo. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
f2dff637537148ddf969d1a9bf70f8f33c6caf24e0ff1d5cb5a986f2b3b02a7bSecunia Security Advisory - Some vulnerabilities have been reported in multiple TIBCO products, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system.
e084dcd72504e67a3550a926e9a28e6f1d426411124f929a90805fcb0e462da6Debian Security Advisory 1545-1 - Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution.
1827e372b92c56183e284fa9fe36a2f2c5531bb3ca1a0f0ecd54470b1fbbdcd3Gentoo Linux Security Advisory GLSA 200804-10 - Multiple vulnerabilities in Tomcat may lead to local file overwriting, session hijacking or information disclosure. Versions less than 6.0.16 are affected.
8450c98731084fc3778d5989e4cdf6f3480430925f6a49b95dbac75077cc749cGentoo Linux Security Advisory GLSA 200804-09 - Tavis Ormandy discovered that, when creating temporary files, the 'expn' utility does not check whether the file already exists. Versions less than 6.1.5 are affected.
b41ea37f2afaa8f0d0245a01c64bad135a1f594ef54551d4ab76dc299d159c12Gentoo Linux Security Advisory GLSA 200804-08 - Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the nobody user's $HOME is / (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531). Versions less than 1.4.19-r2 are affected.
04d53fca65adca4c84d85a814f6f371863f45711fbaaacda55d307182040adffKsemail suffers from a local file inclusion vulnerability in index.php.
a3f43003fdde908dde9bc5d92f92c2c49647c238465bfaa32214530f77fc12d4Mandriva Linux Security Advisory - Joe Nall reported a stack-based buffer overflow in Audit's log handling that could allow remote attackers to execute arbitrary code via a long command argument.
ccaca9e923f62b0bfefd3ff00cb5072c1a9fd126b05e7dfed40a71997e85d53cThe zlib extension module in Python version 2.5.2 contains a method for flushing decompression streams that takes an input parameter of how much data to flush. This parameter is a signed integer that is not verified for sanity and is thus potentially negative. When passed a negative value memory is misallocated and then the signed integer is converted to an unsigned integer resulting in buffer overflow.
c3a0dd34a8717e04bba206262904ef9f4e4455f57c9ce9a73f69101d7914ff88LiveCart versions 1.1.1 and below remote blind SQL injection exploit.
107be2548129287a96a29b1b127458a72ca19ac5d96f88ad377fc54f1dcdaf51nipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing.
cbf184c8ded6a683b0073ff128f4db90c15feef1e1f4882afd9718bdef696d2enipper is a Network Infrastructure Configuration Parser. nipper takes a network infrastructure device configuration, processes the file and details security-related issues with the configuration together with detailed recommendations. nipper was previous known as CiscoParse. nipper currently supports Cisco switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX/ASA/FWSM) and Juniper NetScreen (ScreenOS). Output is in HTML, Latex, XML and Text. Encrypted passwords can be output to a John-the-Ripper file for strength testing. This is the Windows version.
a3195d1d021851ed6c95a1d56f1188e11ad05683ee4dc23feda7ee527649f5f4KnowledgeQuest version 2.6 suffers from multiple SQL injection vulnerabilities.
94fdfeb65103fb6136731b84912cb455dfb3e27579a9b2c56ab7ab8f1c2d2784Ubuntu Security Notice 599-1 - Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
723595e75c329e38966862f5974a59101e29f1e92aa132ad4e27b01e5ebe3827Phaos version 4.0.1 suffers from a remote file disclosure vulnerability.
a15dd3958d2f5afeb31686556313b2273d7fcd60f9317f7e5c8728c7c1ba3a29Mandriva Linux Security Advisory - Daniel Papasian discovered a stack-based buffer overflow in the apc_search_paths() function in APC that can be triggered when processing long filenames. A remote attacker could exploit this vulnerability to execute arbitrary code in PHP applications that pass user-controlled input to the include() function.
766c996264b4e2557d35f52f0bfe0df851ad2330c10786943ad6440732a4c6eeDebian Security Advisory 1544-1 - Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a weak random number generator to create DNS transaction IDs and UDP source port numbers. As a result, cache poisoning attacks were simplified.
34b28618f53686ec50a6ed32dab59f6c2876d3f1bfc3242c71bb8b32d6e82dfbDebian Security Advisory 1543-1 - A fair amount of people have discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc.
43c8e38327a0f4ab711aed482ec7c4baef51ac88dd524fe85382da636923474eFree Photo Gallery site script suffers from a remote file disclosure vulnerability.
74f7a36a8eed1272899f2083f8ab5a60d155a8b249954c1c22a464882b0a16acSimple Python Keylogger is a cross-platform keylogger. It is primarily designed for backup purposes, but can be used as a stealth keylogger too. Windows version. Archive password is set to p4ssw0rd. Use at your own risk.
e5b61a518ec92e02a6691f25951f614fac05c67d702ac933ee3deb1b40b19898Simple Python Keylogger is a cross-platform keylogger. It is primarily designed for backup purposes, but can be used as a stealth keylogger too. Source archive that works on Linux. Archive password is set to p4ssw0rd. Use at your own risk.
420b57d01160dc5157219f64dfc366df1e5cf6dc64052fab792a4b3dff97896aThe Joomla component PU Arcade versions 2.2 and below suffer from a SQL injection vulnerability.
58867d325dee02be37877858b3c185ff14f3d5af48eff4fae6e098f0e848b169
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed