Ubuntu Security Notice 627-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Dnsmasq. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
cb404dc54429d950c1d1d7ecc6e18257623b69fed004179d6405f75cc94eea70Claroline eLearning and eWorking Platform version 1.8.10 suffers from cross site scripting vulnerabilities.
8a6fd8d055c7b39b99b5e06c88f885a8a11ce9a0d9b35e02b9bac37f97aaf94dDebian Security Advisory 1613-1 - Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following three issues:
1ec400aa47c3df11688f737aeb1905ab1846b62ee1039d4e1efa0f452cf223c9Mandriva Linux Security Advisory - A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code. The updated packages have been patched to correct this issue.
d77255632167d8e079334e1ac6dc2207c1e4054933ef0bd049ea348c40534cafSecunia Security Advisory - Some vulnerabilities have been reported in Zoph, which can be exploited by malicious people to conduct SQL injection attacks.
47dd4f357d1a9f6d46fe1a92e294c1d727de6b19f8021f2ff99112bb41fd0331Secunia Security Advisory - Red Hat has issued an update for acroread. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.
e71a26a177bb392608dda0cb7bd35aced95debaa223795b1128b8eb998aad8aaSecunia Security Advisory - A vulnerability has been reported in phpScheduleIt, which can be exploited by malicious people to bypass certain security restrictions.
73e607ceb74e96aa1e8d56904b9bf7d30eb283a3f7987b85ad474177efb3d0fcSecunia Security Advisory - Mr.SQL has reported a vulnerability in MojoAuto, which can be exploited by malicious people to conduct SQL injection attacks.
135bfe759d7f6eaab1ec7d9352517a36cbe0bf382e394a7e574a1e7a29589b1dSecunia Security Advisory - rPath has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
e5e84cdef553d6b451118bbd300ff981c2ee00a0183b22b084f613093e9ee6c7Secunia Security Advisory - CWH Underground has discovered some vulnerabilities in Def-Blog, which can be exploited by malicious people to conduct SQL injection attacks.
7a71b8cc90fc80b71bb5d26f1cc98b654fed550dfc30e9a7281846e6a25c66e5Secunia Security Advisory - Khashayar Fereidani has discovered some vulnerabilities in EasyE-Cards, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
3a4d2790842f518a896eedbeee0168dd6635220395de33c3d84a25e62da4f572GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
9a9b4b2231879cfe08831865d54b6c2c0b4dd0b7b48dff234e7966295d71c73aipt_pkd is an iptables extension implementing port knock detection. This project provides 3 parts: the kernel module ipt_pkd, the iptables user space module libipt_pkd.so, and a user space client knock program. For the knock packet, it uses a UDP packet sent to a random port that contains a SHA-256 of a timestamp, small header, random bytes, and a shared key. ipt_pkd checks the time window of the packet and does the SHA-256 to verify the packet. The shared key is never sent.
b916e1e9b1aa5e336281e12310107a6a4b78a6bde277739bf28b965060f2df78ShopCartDx version 4.30 suffers from a remote SQL injection vulnerability.
ce0f42243468c7e69336f7301ab5eb0135d96feb69b949855b5dc2ee8fd2f4edYouTube Blog version 0.1 suffers from remote file inclusion, SQL injection, and cross site scripting vulnerabilities.
a50e2f091599c999be8c97a2747599e63ccf5a3b8efd6f918620e97a81dcb80dIntelliTamper version 2.0.7 html parser remote buffer overflow exploit.
ee4d8782a990f920991b6dd6b69efd2bb04c56e1b8a33d5b8fc628cb5e1c246eApache mod_jk version 1.2.19 remote buffer overflow exploit for win32.
52e6834ca38fee98b4404e27c3dfaee4c68b36555f1efbb823cce0f071cf1ab8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed