Jamroom versions 3.3.8 and below from Talldude Networks, LLC suffers from an authentication bypass vulnerability.
0edf8afd7e9b2e3de2494cd401c1b994310121456fe06ad1d4bc1602e49444f1Secunia Security Advisory - A vulnerability has been reported in Trac, which can be exploited by malicious people to conduct cross-site scripting attacks.
2fb300e3d8c715ccd9ddbf0bf7dde6b674555ce574b66cf1163ae528afa9c820ISR-evilgrade is a module framework that allows you to take advantage of poor upgrade implementations by injecting fake updates. This tool is especially useful for DNS cache poisoning attacks.
e76335e42f8a96170e521a354e344acbe972302a445d7803a8159c90337ad9c3Pixelpost PhotoBlog version 1.7.1 suffers from a local file inclusion vulnerability.
005aeac44994ed5d89df09371670cda8a4f56ea9bbfbf9fe5d3872d4c3f043dcMandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16. This update provides the latest Thunderbird to correct these issues. It also provides Thunderbird 2.x for Corporate 3.0 systems. The previous update provided the incorrect version of the enigmail locale files. This version correctly builds them for Thunderbird 2.0.0.16.
dbca2c291e326b6ba9c90f4a0212519e0799cfb0cfa010fc788bf50a34fa8c40TalkBack version 2.3.5 suffers from a local file inclusion vulnerability.
bc2609204edd1cffc0db98243e3bfc764c015a03841e10e5f061f606d688110cYoutuber Clone suffers from a remote SQL injection vulnerability in ugroups.php.
7f9929412be1c6c74d88d2477ec27307b41fa1cb9e3f088f6ca89121c249eaf7Pligg CMS version 9.9.0 suffers from a remote SQL injection vulnerability in story.php.
20f2f8683f6a290d30517db7edf0707bb7bd88dcbac491dfd39914bb833e0c2fDebian Security Advisory 1621-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
d9e9b17ae430792b3892c2e8cc7aba7e6dc8661a98936f7ac20724829756f2a5Debian Security Advisory 1620-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.
6e3e15e9e8b3836df02d4373a1b2c87302d63c013578893c8e1e739ccfe98812Debian Security Advisory 1619-1 - Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DNS implementations. Scott Kitterman noted that python-dns is vulnerable to this predictability, as it randomizes neither its transaction ID nor its source port. Taken together, this lack of entropy leaves applications using python-dns to perform DNS queries highly susceptible to response forgery.
ebe12a113c6df6c042ef47a1dba8bec4c568a74767c16910863035f96e4a9dbfDebian Security Advisory 1618-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.
18280e047380ecb31bcbcbd6d8fe8de6559af0e4692a69fa5ec3ea2352e79e79Debian Security Advisory 1616-2 - This update corrects a packaging and build error in the packages released in DSA-1616-1. Those packages, while functional, did not actually apply the fix intended. This update restores the fix to the package build; no other changes are introduced. Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configurations, such as when clamav is used in combination with mail servers, this could cause a system to "fail open," facilitating a follow-on viral attack.
51275dc8498a1260ec4a99764c2986c3d3164b4dc36a15ff51cec45f58d14d6aDie Eier Von Satan is a quick and dirty rewrite of the old ADMnog00d code. This version exploits the DNS cache poisoning vulnerability and discovered by Dan Kaminsky. This proof of concept makes use of a MX RR to spread its poisonous payload, a A RR, but can easily be adapted for other flavors.
10620955e93ad4e6de3b0a1a937dfcfaa4e383b2965a6eb178c2bfd654baf6daSiteAdmin CMS suffers from a remote SQL injection vulnerability.
7cf273c08cd8ea451b102dd33b56aabb491887b4a265433aa24947081cf99ae9Whitepaper discussing simple web hacking techniques.
0a432eb4f3a3bc68716128668d568024808926dd6b1509597f9ccf88b1ba8924strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
8e5717d47b32ff84d089138cb7aa088fdd833d6a1b780b01ed2a4afe902453a3GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
363726c40c8927cab74a666bef67082ee0b16740c41ea9c98c0838dc6ab2c799GC Auction Platinum suffers from a remote SQL injection vulnerability.
70470b5c82e294b05b26b8ee1c9fcee74805121b5f9c5d29336f701f94ad488cThe Getacoder clone script suffers from a remote SQL injection vulnerability.
3396c7573fcfb059df20bfaed9ffb3734ffe690774fe4dc7b2d550712dcd82ecCMScout version 2.05 suffers from a local file inclusion vulnerability.
4a780a1186439aed71db3da375a208850161d4682f1ca12bd596b8bba22264d9EPShop versions below 3.0 suffer from a remote SQL injection vulnerability.
7d19228538373db262e62d6a4ae6162091a6527c4e9cb718824619720ab64e5cMobius versions 1.4.4.1 and below suffer from a remote SQL injection vulnerability in browse.php.
c9cb308f9ff4aa89f94878b3314ddbc6ba11944e1c52e22d3f6f858914bf3620TriO versions 2.1 and below suffer from a remote SQL injection vulnerability in browse.php.
39ebad0b570430729345b00e2e83bb3169424e5785876aa9927c6d5bfc1c41daphpLinkat version 0.1 suffers from insecure cookie handling and SQL injection vulnerabilities.
d0526916899c6eee806daad44e111d33b5674d899151e9f68410eee85c0e7141
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed