Mandriva Linux Security Advisory 2009-059 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory. This update provides fix for that vulnerability.
55eb7ee2984a0261f4e1d3e3a07fbf4f4009ab5f3c9d743c92ba52b69507a769Standalone MS vulnerabilities network scanner to help identify systems vulnerable to the MS08-067, MS08-065 and MS09-001 (Microsoft Bulletins) flaws. The utility operates in PenTest mode. This requires no special rights to detect network nodes without updates. System administrators and security professionals can use this utility for fast and easy discovery of vulnerable systems and install appropriate patches according to the scanning results.
2bdf2716256a2217e4805774bd00ee7462ab93d456eb875a7c5abd1985f9bbafThis is the IETF Internet-Draft entitled "On the implementation of TCP urgent data". This document describes current issues relevant to the implementation and use of TCP urgent data, aims to change the IETF specifications so that they accommodate what virtually all implementations have been doing with urgent data.
384e21ff4feb6dfa943d320a646ab513ba681507acc08360bf5b6874ae7476f9Proof of concept denial of service exploit for the HTC Touch vCard over IP that sends vCards to port UDP/9204.
c765fa0e718759e83c56f58ce3ea7a9a7b76a3590eecefea18f32a537ef6cbe7The Drupal Protected Node module version 5.x-1.3 suffers from a cross site scripting vulnerability.
dcd44c3b5242e68b940cdd1302aa3dbd16f87c2e5b6c95fd3fca6549fc1e4e3aPOP Peeper version 3.4.0.0 UIDL command remote buffer overflow SEH overwrite exploit that spawns a win32 bindshell on port 55555.
5e1096ecb0bce0b064f117ba74b2a5a09ddcb5529a2b555bff5980f790a314d9POP Peeper version 3.4.0.0 suffers from an UIDL command related remote buffer overflow vulnerability in the client.
1e2bca809abe96062727e81100e29a2caa524e9c2a45aa5c22fef4d479395bb4Whitepaper called Perl Writing Exploits. Written in Arabic.
8b6ebd0bae043cda7951d31659e23e0a59f730f5f0df37b0be58a868eb73a141Whitepaper called Playing With Cookies (ST1). Written in Morocco darija.
541fa78c66c0da566d9639891ff8d89f721449423e844711b1a2cc4a9b923263Drupal suffers from a local file inclusion when used on Windows.
9cd8ddc53a2fc1d8ef6a9b1fa8eaf39c6f24a1d28ccd8585ce811951ee8eda6fSHOUTcast version 1.9.8 suffers from a user-agent related cross site scripting vulnerability.
78ef0155f1f5cd68e8fc39a592bcf28c4b6f8891eeab746f720dd6ee8148e0ecVMware Security Advisory - A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor.
e543e4b89812eead2fd7b1d444b7c2ef8891ecc6969a7a5e7ee04258d84bc0f0Whitepaper discussing clustering. Written in Spanish.
a5b88fe70b00f0bf9be9f34f7ba605b8bec0c3a01d27597bd53d8c9c1d80d0a665 bytes small linux/x86 file reader shellcode.
fd10b2fd7fbb22a457485319a83d04f6f9f26116a56e86dcef0e4f4c6aa4fb0f111 bytes small win32 telnetbind shellcode. Written for XP SP2 FR.
2e9b2d353a417870ea61f15d06c81e4efd2a3f2ece8a551ed3b68fee7d8fdd4aUbuntu Security Notice USN-725-1 - It was discovered that Kmail did not adequately prevent execution of arbitrary code when a user clicked on a URL to an executable within an HTML mail. If a user clicked on a malicious URL and chose to execute the file, a remote attacker could execute arbitrary code with user privileges. This update changes KMail's behavior to instead launch a helper program to view the file if the user chooses to execute such a link.
0720b51cfb167d8912eefe611fa89ddc0715d03dc3005b9646d1dd9b7741d7eeDebian Security Advisory 1728-1 - It was discovered that dkim-milter, an implementation of the DomainKeys Identified Mail protocol, may crash during DKIM verification if it encounters a specially-crafted or revoked public key record in DNS.
d3a85852dfce03b4feddf0d2e3616c6cbb96a88d3f5d2e4938afa023778ebeadSkyPortal Downloads Manager version 1.1 suffers from a contents change vulnerability.
2a03e81da18dbc7cba3445084e2fdc48056791f934b463f0b52121af312e1b17Irokez Blog version 0.7.3.2 suffers from remote blind SQL injection, remote file inclusion, and cross site scripting vulnerabilities.
1ea8ca215106691168dea202db81f3f56afaa1e2eab04ad773942883417344dbHex Workshop versions 6 and below .hex file local code execution exploit.
3c7173ddd241e394771edeb7a79afaf725f7dfc676e84e70b541e915bbaa6834Orbit versions 2.4 and below long hostname remote buffer overflow exploit.
19a23b7fac23f4df28d99579e4770093121a516e730191f0f07c93a2b07b394aMandriva Linux Security Advisory 2009-058 - Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed NetScreen snoop file. Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted Tektronix K12 text capture file, as demonstrated by a file with exactly one frame. Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. This update provides Wireshark 1.0.6, which is not vulnerable to these issues.
ddb4006c7015936435473f87e6d8c0499a415d098158e2dbeffb532892a0eb42Demium CMS version 0.2.1 Beta suffers from local file inclusion, remote SQL injection, and file disclosure vulnerabilities. Full exploits included that perform local file inclusion and remote command execution leveraging both local file inclusion and SQL injection.
b101c63b28fd04922859e97761abeb7fbf14793b22ee253afcde294a8f958e80Secunia Security Advisory - Some vulnerabilities have been reported in PHP, where some have an unknown impact an others can potentially be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service).
1c7df4c023ffdd277b986027a04ca901fa798ce414a4997a5df184f6a720ac0bSecunia Security Advisory - Debian has issued an update for python-crypto. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
ab9ab455d2633d543a9f1edfb0effdcc1f34b8ad6e0a8716999a85d43a25bdf7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed