ipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
f420f6fd1d85f1272c4ba95244e27bb7c54c3c5dd2be5df4a01673d04169da58Secunia Security Advisory - Gentoo has issued an update for openoffice and openoffice-bin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
bba0adba5d9bfc7f9c5ef557dd2438ed03ea5667f5732e50f7dc5e5192e7e221iDefense Security Advisory 07.09.08 - Remote exploitation of a heap buffer overflow vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists due to an incorrect calculation when allocating a heap buffer to store the search parameters. By passing NULL search parameters, it is possible to overflow a heap based buffer with the string "(null)". This can result in the corruption of heap management structures, and depending on the layout of the heap, possibly function pointers. iDefense has confirmed the existence of this vulnerability in eDirectory version 8.8 SP2 for Linux. Other versions may also be affected.
627e6dd7ce09a52c670678f4c422f600ab53d2e3e6fcfe6e750bf708d64d17c2A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, bound by default to TCP port 524. Flawed arithmetic applied to a user-supplied value results in an integer overflow and subsequently a complete stack smash allowing an attacker to execute arbitrary code via SEH redirection.
b8fab3a9c1fe5bdfe8b5490324976c46300330796237327dfa591f6ec5ca1bcbSecunia Security Advisory - Red Hat has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
9d45f6ffb2a15c2815e7d5ae0f1b8d382fae1b832c8aac27d26791ea890f8094Secunia Security Advisory - Slackware has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
d623e7d1a01334bed4296e331bd246f33a6203c1cb0741b50bf2807ce129478ePython script that cracks a 256-bit WPA-PSK hash (64 char) using wpa_passphrase and a wordlist.
64f83af457754e31a3d03e207fb755e633bab664fab632e28121f6d198cb0ca0Several cross site scripting vulnerabilities were found in within Outlook Web Access (OWA) 2003/2007. An attacker can craft a malicious email which will trigger within a user's browser. Different version of OWA and different clients (Light and Premium) have different attack vectors which can result in an attacker gaining persistent control over a victim's use of Outlook Web Access.
6205a42f3bf0ba82a7bf26ac1fb8f7a9a54e2491097c347b64ff8486727cbf74Secunia Security Advisory - k1tk4t has reported a vulnerability in AuraCMS, which can be exploited by malicious people to manipulate certain data.
49df3bb2bbfa329c7587548d2526f2c5168c1b7baba710d4294b3083a8b892d0Secunia Security Advisory - Hussin X has reported a vulnerability in DreamPics Builder, which can be exploited by malicious people to conduct SQL injection attacks.
004e4c7ddc5555b2944dd8b0b67e1c24eef8503c13c50ba625432a7298fd8812Secunia Security Advisory - Fedora has issued an update for java-1.7.0-icedtea. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
1cb677812b72dd44d4b8e191ebe610f2458ca5e156552c042dbd60791183560aSecunia Security Advisory - Slackware has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
f7d24a5aec385fcd0cf7137218c19ca8435639dbd0ff55fe37698111ffdf0380Secunia Security Advisory - Some vulnerabilities have been reported in vbDrupal, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, session fixation, SQL injection, and script insertion attacks.
7af3d48a96f80b18c6b39f2d401d09e2246437871b81d710cb5b9a6e5edf1397Secunia Security Advisory - Gentoo has issued an update for nx. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
d720095f588dbadd7b20e295ce24eee335c13070fd9c3c397a1a7113333264e6Secunia Security Advisory - Gentoo has issued an update for apache. This fixes a some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and cause a DoS (Denial of Service).
1824580692839faaaaa91c644edd7adec1f0b126ce0ec6260fefbfba8c519c35Secunia Security Advisory - Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, session fixation, SQL injection, and script insertion attacks.
592fd9632da540ec09596b2729ae2c750ac46f9daa38f5d013f1de6c47a51105Secunia Security Advisory - A vulnerability has been reported in Infoblox NIOS, which can be exploited by malicious people to poison the DNS cache.
cfa0a209bd2314cd0ad262d62d38c77e9933b93c02d94cd500b80cd3a8538ab6Secunia Security Advisory - A vulnerability has been reported in Nixu Secure Name Server, which can be exploited by malicious people to poison the DNS cache.
6158abd92f736f6c1c41b241404b27ff6eaa9b48383ddb2b11fc48e064b2d3c0Secunia Security Advisory - A vulnerability has been reported in some Sophos products, which can be exploited by malicious people to cause a DoS (Denial of Service).
9004dd169b1ed6c7659568507847ba051564f157b00de3548cc9f420a3780862gapicms version 9.0.2 suffers from a remote file inclusion vulnerability.
5b85676724985ad2a1eb250ccd6d87902782fcf9c4daeed8f4317efd19663860phpDatingClub suffers from a local file inclusion vulnerability in website.php.
3e18f03c175ccb6f59fcbe4f2150f91405040e958817805d174bbbbee0a8ba6fThe DreamNews Manager is susceptible to a SQL injection vulnerability.
98732797b4dcb4c761bc0e1f76e53fbced654cf7cd8ed204d54367fb1acc1cfdGentoo Linux Security Advisory GLSA 200807-07 - Multiple integer overflow and buffer overflow vulnerabilities have been discovered in the X.Org X server as shipped by NX and NX Node (GLSA 200806-07). Versions less than 3.2.0-r3 are affected.
de5dcf9d37e34e1ca625be05a6241f4dfac3593a33c3c3e46bdf53fcc1b1075dGentoo Linux Security Advisory GLSA 200807-06 - Multiple vulnerabilities in Apache might lead to a Denial of Service. Versions less than 2.2.9 are affected.
f81470d25768f8c79f9875c31bea172f9710de2892364cb602d9c02db8e85a6cGentoo Linux Security Advisory GLSA 200807-05 - Sean Larsson (iDefense Labs) reported an integer overflow in the function rtl_allocateMemory() in the file sal/rtl/source/alloc_global.c. Versions less than 2.4.1 are affected.
56902be5c5e213a71bea6f352a05ba6fb8539b4595fbd903b4dd774ddbc86008
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed