Mandriva Linux Security Advisory 2009-059 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory. This update provides fix for that vulnerability.
7274b4efdabde5a46185ad99bba0cb04Standalone MS vulnerabilities network scanner to help identify systems vulnerable to the MS08-067, MS08-065 and MS09-001 (Microsoft Bulletins) flaws. The utility operates in PenTest mode. This requires no special rights to detect network nodes without updates. System administrators and security professionals can use this utility for fast and easy discovery of vulnerable systems and install appropriate patches according to the scanning results.
182b4a62d0f99f0a01e79a9e63464deeThis is the IETF Internet-Draft entitled "On the implementation of TCP urgent data". This document describes current issues relevant to the implementation and use of TCP urgent data, aims to change the IETF specifications so that they accommodate what virtually all implementations have been doing with urgent data.
159a184cd58a0d138051732e2abf043fProof of concept denial of service exploit for the HTC Touch vCard over IP that sends vCards to port UDP/9204.
e972043b77a48f18ab176344407b7900The Drupal Protected Node module version 5.x-1.3 suffers from a cross site scripting vulnerability.
c3477d72b9fca4d975b76e9a2481a941POP Peeper version 3.4.0.0 UIDL command remote buffer overflow SEH overwrite exploit that spawns a win32 bindshell on port 55555.
3017edb87b1f27ccd84b722ac3eadccaPOP Peeper version 3.4.0.0 suffers from an UIDL command related remote buffer overflow vulnerability in the client.
d82d9e1b78eb2f986cdcd9e2b58b442eWhitepaper called Perl Writing Exploits. Written in Arabic.
9c406cd0adb7a1afca3c2e49fe280baaWhitepaper called Playing With Cookies (ST1). Written in Morocco darija.
143c5f913987635537e3077d3170db5fDrupal suffers from a local file inclusion when used on Windows.
6d8be985723bf5092b5f4d8e84f56d16SHOUTcast version 1.9.8 suffers from a user-agent related cross site scripting vulnerability.
e628376b60bd850827bd0e16b6567120VMware Security Advisory - A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor.
75617133ef80ad3c7604cda09531c539Whitepaper discussing clustering. Written in Spanish.
0dafc23a33c499929b003d1029c45f8465 bytes small linux/x86 file reader shellcode.
1da28fb49a243b605d6283e5d046a8f8111 bytes small win32 telnetbind shellcode. Written for XP SP2 FR.
7a4f6133acb078a7cae6c6c9d3b24978Ubuntu Security Notice USN-725-1 - It was discovered that Kmail did not adequately prevent execution of arbitrary code when a user clicked on a URL to an executable within an HTML mail. If a user clicked on a malicious URL and chose to execute the file, a remote attacker could execute arbitrary code with user privileges. This update changes KMail's behavior to instead launch a helper program to view the file if the user chooses to execute such a link.
0eda36c8c9e6e1e1f71a69879a36c78fDebian Security Advisory 1728-1 - It was discovered that dkim-milter, an implementation of the DomainKeys Identified Mail protocol, may crash during DKIM verification if it encounters a specially-crafted or revoked public key record in DNS.
f17daccbfabfb3c44ec2f31e493e904dSkyPortal Downloads Manager version 1.1 suffers from a contents change vulnerability.
fd71ebf44db5f9aa95ba6303176b4a6fIrokez Blog version 0.7.3.2 suffers from remote blind SQL injection, remote file inclusion, and cross site scripting vulnerabilities.
d36fb32ba7645db78dc712eff8432180Hex Workshop versions 6 and below .hex file local code execution exploit.
c5d8c9b0de321f74ef7db697a47575acOrbit versions 2.4 and below long hostname remote buffer overflow exploit.
8cd2bd5c505262190be95e7ebac9be8dMandriva Linux Security Advisory 2009-058 - Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. This update provides Wireshark 1.0.6, which is not vulnerable to these issues.
df009a77b440818d40a16a5c4e1bd4f4Demium CMS version 0.2.1 Beta suffers from local file inclusion, remote SQL injection, and file disclosure vulnerabilities. Full exploits included that perform local file inclusion and remote command execution leveraging both local file inclusion and SQL injection.
dedbbf1523962b4b8c21b7c057b3cca1Secunia Security Advisory - Some vulnerabilities have been reported in PHP, where some have an unknown impact an others can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service).
d9b3ce970dd4c980a5840d785fd451bfSecunia Security Advisory - Debian has issued an update for python-crypto. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
4500a0dd568da19a456801534a369810
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed