SkyPortal WebLinks version 0.12 suffers from a contents change vulnerability.
7aafa1da61786fb87d31bac8d19d6a7dd5136f8a146ddb6992543af25db888e7SkyPortal Picture Manager version 0.11 suffers from a contents change vulnerability.
daa3082a33f397255d1a05615bc0033abd58f185c852100f563b9153e9e2bff2SkyPortal Classifieds System version 0.12 suffers from a contents change vulnerability.
b25fdfd2ccbd25222985fc7fc6f708edb1fb59202cbb317a9067228e0e579af0Secunia Research has discovered some buffer overflows ksquirrel-libs, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "mt_codec::getHdrHead()" function in kernel/kls_hdr/fmt_codec_hdr.cpp, which can be exploited to cause stack-based buffer overflows by e.g. tricking a user into opening a specially crafted Radiance RGBE (*.hdr) file. Version 0.8.0 is affected.
eb1d8112400b196dea2591dccfd81df121f28ffaee5ad333a604b160533fee4eSecunia Research has discovered a vulnerability in SHOUTcast DNAS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when receiving data from a relay master server. This can be exploited to overflow a static buffer by tricking a SHOUTcast admin into setting up a server to act as relay for a malicious server. Successful exploitation allows to e.g. overwrite the password of the web administration interface. Version 1.9.8 is affected.
2d7b85e2f2f5d2dc651c63804b70e4fb20f7e54604685f128142095eef9b9acdCisco Security Advisory - Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.
0f16dc8eb3c4018632232f216a4fff3a707aaf6894267ca2b15a1c4bb1f339cdCisco Security Advisory - The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can could result in administrative access, privilege escalation, and denial of service conditions.
21613419103799fc852a5f672fc0e98ebc60990ec3ec131cb87cc6938cc64d76Cisco Security Advisory - Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an unauthenticated user to gain administrative access to the MeetingPlace application. Cisco has released free software updates that address this vulnerability.
2f4ac0a59461989a540256dd74f76a1c81666efbe5df31943db981eda2c53f55Debian Security Advisory 1726-1 - Mike Wiacek discovered that a buffer overflow in the ARC2 implementation of Python Crypto, a collection of cryptographic algorithms and protocols for Python allows denial of service and potentially the execution of arbitrary code.
ba165e0a0e50093403abd4d48c8645ca1d66ff27f61ea2a6a3e92f78fb2caa4dApple Safari 4 Beta suffers from a NULL pointer dereference denial of service vulnerability in relation to the feeds handler.
2a2602ebbdda5234530d8b159eb8732d4ae55700178e1a03437137bc29fb4961Mandriva Linux Security Advisory 2009-055 - Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a.gro file containing a long string. The updated packages have been patched to prevent this.
ae1f1654d4936b7ec0e959946a7bb87bac1fc867b7d2764838172b46977fcb54LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc. This version of the rootkit is specifically ported to work on Ubuntu 8.04 with the 2.6.24 kernel. No backwards compatibility is provided. The modified rootkit was simply meant as a proof of concept for a book. The documentation was not updated to reflect the changes and this was submitted to the site anonymously. Use are your own risk.
4328023a68a04ed6b7e159bb91a29b0c38de5eb14dda0d149ea8a62073244c4dThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
e80b5d0eb3331fc5a2b7bc3a0206cbfc52e68b0ae09ad7d5789d5655275a662clibaosc is a library for converting x86 shellcode into randomized ASCII-only shellcode.
7936ef2befe0286195d1550bf335ecf775a0fea75bdcab763e2f4930de121a89JOnAS version 4.10.3 suffers from multiple linked cross site scripting vulnerabilities.
afaea5fdb0d376744371773e337421514069179b0a7143706b6fb2a2558a6b31HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS).
d37b09bcab75b8427f588b5b4b8642558b4a16897f76f295aef185f0b48fd683The call for papers for SEC-T 2009 has been announced. It will be held in Stockholm, Sweden.
08e3bd9dd1314c77ac1df1221a2d87bac1b9b0d9c0c1009ad3197e85e1a4c2c3PenPal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c8e1b1bf9c7f037e4e6dabb7b7ead53cf3ee460ed1dcc4ad90c3997245b0831cSecunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when generating the "Connecting" log message for HTTP downloads. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading from a malicious HTTP server or opening a specially crafted HTTP URL containing an overly long host name. Successful exploitation allows execution of arbitrary code. Orbit Downloader versions 2.8.2 and 2.8.3 are vulnerable.
c0fec1b2b959aed07156096d8dc79baf656806760da36812f1bc48b1d551b693Apple Mac OSX xnu versions 1228.x and below local kernel memory disclosure exploit.
bf24b33b436c0d960a5473f70ddae9cd44c63c4bed675b467c03b9f89013530cfzem is a MUA (mail user agent) fuzzer that fuzzes MAIL/MIME email headers as well as how clients handle SMTP, POP and IMAP responses.
599f60cea508535311603dca6768627d03bd9bcd767d3a2b1e4e869a9ece418aOpenSite CMS version 2.1 suffers from multiple remote SQL injection vulnerabilities.
c722fda3e8d9046bc13f4a29deb7de00b07b0eb7f9f064bf5b3d32603fe3a893The CodeGate 2009 hacking and defense contest has been announced. It will be held in Seoul, South Korea and has 40 million Korea Won in prizes (about $26,500 USD).
89a7f70973776f5f4cbc49b18077e92efbb3ee7965f3de8f66733f9f223258ceSecunia Security Advisory - Nam Nguyen has discovered some vulnerabilities in OpenSite, which can be exploited by malicious users to conduct SQL injection attacks.
b0071ceed9a7aecc653d3af2d2decea06035ebe3c29ba9266cb508619b48caadSecunia Security Advisory - Fedora has issued an update for gstreamer-plugins-good. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise a vulnerable system.
1fec7015b9b709d9a0063c23d81b2f53986f7bf8820887538ffeddee40524c7f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed