The United Kingdom's Centre for the Protection of National Infrastructure document entitled "Security Assessment of the Transmission Control Protocol (TCP)".
44dc58c211bb1352cd020643a92ef5268a0eb859d3199842caa9f1cd57484e42Whitepaper called From Boot to Remote Root - How I owned the network.
1a588e4d805936eee393c484afd2b76ff7c29819ab3cd06638e6d84686263080Whitepaper called From Legal Frame Injection To Illegal Redirect.
1932efdcb260e088e8506743defaac5713b0bd721444bef458f897c63e340921Gentoo Linux Security Advisory GLSA 200902-04 - An error in the processing of special sequences in xterm may lead to arbitrary commands execution. Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String (DECRQSS) sequences. Versions less than 239 are affected.
0131e76876c7cebbb97deee77a4673733c286d37eb16cfe9f06ef660692c0383Gentoo Linux Security Advisory GLSA 200902-03 - An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code. Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Versions less than 3.4.0 are affected.
75a6bce8f765b9f7d40c28eb61f9aa4b9f47555fdf157d4e90dc3535d6589745Gentoo Linux Security Advisory GLSA 200902-02 - An error in the OpenSSL certificate chain validation might allow for spoofing attacks. The Google Security Team reported that several functions incorrectly check the result after calling the EVP_VerifyFinal() function, allowing a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. Versions less than 0.9.8j are affected.
f13499deaa027a65c3d9771c2e9479aff96cdfb004eaf1507e2bcfc5c18d1863Baran CMS version 1.0 suffers from file upload, cross site scripting, SQL injection, cookie manipulation, and database disclosure vulnerabilities.
16990994f77c72a74621ea1b02449b8f745086850ed573d04fa0b2870c179533Ubuntu Security Notice USN-720-1 - A significant amount of vulnerabilities in PHP 5 have been addressed. These range from security bypass to denial of service issues.
a31f39cf30e5eb073f9dc121d4e40f5b0fdbb62143587c9dc60669c009e7c708Ubuntu Security Notice USN-719-1 - It was discovered that pam_krb5 parsed environment variables when run with setuid applications. A local attacker could exploit this flaw to bypass authentication checks and gain root privileges. Derek Chan discovered that pam_krb5 incorrectly handled refreshing existing credentials when used with setuid applications. A local attacker could exploit this to create or overwrite arbitrary files, and possibly gain root privileges.
ccb390c7c8ac7375711ca07de825f8151af54f882f27007ed7f3ab0cf68d877dFree Joke Script version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d6352f23b9fb17c4781ca666437d2dbcc199aa6df4c5182fa275037261b460d3Mandriva Linux Security Advisory 2009-036 - Multiple integer overflows exist in various versions of python. The updated Python packages have been patched to correct these issues.
4bc7c56b44f04c83e5be7c57de9017257d3056e21d5866a60447ee4c5deced03PHP Krazy Image Host Script version 1.01 suffers from a remote SQL injection vulnerability in viewer.php.
68827498d8b9331f4ba810bbec89a9ad06716e07b2c8eb264c3d6c0df7b60775Debian Security Advisory 1723-1 - Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL over the web, performs insufficient input sanitizing allowing a user assisted remote attacker to execute code on the webserver.
0ce8623c3eb2df117c5ee0aa0b3dbaa95f8eddf9d15ced49b7924312e3411fd2Secunia Security Advisory - Debian has issued an update for libpam-krb5. This fixes some vulnerabilities, which can be exploited by malicious, local users to overwrite files and to gain escalated privileges.
4b308d431a19d6e32c51108994802e1e8f9a73d12f4ff8a2a4296f3e946b09b5Secunia Security Advisory - david.vorel has reported a vulnerability in Trend Micro InterScan Web Security Suite and Trend Micro InterScan Web Security Virtual Appliance, which can be exploited by malicious people to disclose sensitive information.
1812723500b3c21417fcfae1d842739342aa0f9171fca401a25eef2313d30332Secunia Security Advisory - A vulnerability has been reported in FAST ESP, which can be exploited by malicious people to conduct cross-site scripting attacks.
f0e7c8546070e69be689e0078b66547f4f8cceadc1f9c62f274c33353ba6fefeSecunia Security Advisory - Dejan Levaja has reported a vulnerability in GeoVision Digital Video Surveillance System, which can be exploited by malicious people to disclose sensitive information.
c2238e0d3c0ab1e1929f842c865264c610291318ce49bfc0ecbc26945f49e569Secunia Security Advisory - A vulnerability has been reported in Becky! Internet Mail, which can be exploited by malicious people to compromise a vulnerable system.
1f808fee7fa5f64a1f40d55ce1ea9830a74f8603ab192666158ab4f9de2a4485Secunia Security Advisory - nuclear has reported a vulnerability in Den Dating Website Script, which can be exploited by malicious people to conduct SQL injection attacks.
1bacf5dcc9d1144bb80dd289bf21cb5a61de2ceba83cdc7acdbead2c5a770e7aSecunia Security Advisory - x0r has discovered some vulnerabilities in Graugon Gallery, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.
e1965ed6f356b0cb289d1b891aa98a680f5ff222250d2a6ce97a752e27f3cde0Secunia Security Advisory - Two vulnerabilities have been reported in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks.
88bbc3f7defae3f866741ee8c1b55bd22cbb34586c5e10cab095aff0b50a02b1Secunia Security Advisory - Jaykishan Nirmal has reported two vulnerabilities in Calendarix Advanced, which can be exploited by malicious people to conduct SQL injection attacks.
6e1046e4410f89ffbf7a545537779f1e89d9d88f3800b7787316b669e9c01495Secunia Security Advisory - Justin C. Klein Keane has reported a vulnerability in the Advertisement module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
7ef4bd3679d8c6171e46107e8d0fdf2374908df45cba6a9b6d6429557084dc7cSecunia Security Advisory - Debian has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
07ab8fe2440aea08956e69550b25877ea6acf88224b6c580b13e82d6786ff988Secunia Security Advisory - A security issue has been reported in Drupal, which can lead to unauthorised users performing actions with escalated privileges.
321127bcafd0197ef532fd9a4d0f52f299cde9193a3a3e9be1ddec4a795406b4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed