Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
4cbfc786e2c69b36aa788fb55e19050b1b7e7119ae8178d6528475e1cc9b058cMandriva Linux Security Advisory 2009-085 - Integer overflows in gstreamer0.10-plugins-base Base64 encoding and decoding functions may lead attackers to cause denial of service. Although vector attacks are not known yet. This update provides the fix for that security issue.
891a03bb1aee1a11efbe9c7b8bbfa659fbd781b1b23999b817ef8e0d856f7e99Gentoo Linux Security Advisory GLSA 200904-01 - Multiple vulnerabilities were discovered in Openfire, the worst of which may allow remote execution of arbitrary code. Versions less than 3.6.3 are affected.
f380d0bfe92436732548477d1098f7a56b2edb3e20c897bdd1bca009cfce64eaThe Src, Background, PackageXml properties in the Autodesk IDrop Active-X control, IDrop.ocx version 17.1.51.160, can be manipulated to trigger a heap use after free condition resulting in arbitrary remote code execution.
1fbcf13d54df0e114fd96ea3f5e09559387f9e25c424f2d139670a609329cc27Asterisk Project Security Advisory - The Asterisk maintainers have made it so that a scan for valid SIP usernames always returns with the same response.
ee9968f99acb80ce4acfeaba744f770db13f2fda8eef9ea61b86c99b6e3eaa8fTessera 4CMS suffers from remote SQL injection and local file inclusion vulnerabilities.
e6aae8d3dbbd74d2a6ab420235c945486296f9a7ae556015eebb25bb3b2e8e10TinyPHPForum version 3.61 suffers from a shell upload vulnerability.
9ccfd51971ba5c99d8c90fde7cc1f6c8790741116add13fde33c83ee4007292eThe parsing engine in F-PROT can be bypassed by manipulating the ZIP method field. It is as easy as opening a ZIP file in an editor and typing a number greater than 15 on your keyboard. This is a four year old vulnerability that they still have not patched.
32f11246969d4155068655689ca4f9c6ab515a0c2d759dc6e70b8a523521f060The parsing engine in IBM ISS Proventia can be bypassed by manipulating RAR archives in a certain way that the IBM engine cannot extract the content but the end user is able to.
886d00514b2f82efe2ac88764af3dbf921d459eedb7677dd4ebbc80781b7f291The parsing engine in Clam AntiVirus versions below 0.95 can be bypassed by manipulating RAR archives in a certain way that ClamAV cannot extract the content but the end user is able to.
1ad9a4ac9d3a2014ada24abfdc78454052f88645c0a7e7f90b20fe8a14b687f4IBM DB2 versions 9.5 prior to Fix Pack 3a denial of service exploit. Requires DB2TEST database present and GUEST account with QQ password to work.
06d35255f64ddc320db337ddffdfbc0a585de92a8fb494a9641eb2fed1a2cc7aIBM DB2 versions 9.5 prior to Fix Pack 3a pre-auth denial of service exploit.
e2b71aaeb3132897022d4933939b2a31ccdca19a2e3ab004859d20495f0a1367ContentKeeper versions 125.09 and below suffer from remote command execution and privilege escalation vulnerabilities.
7b0e6a68dec445f1b9b8ea919e24acdff1c5f7fa8262df16f7e2bff2161cb2c6ConnX version 4.0.20080606 suffers from a remote SQL injection vulnerability.
a6fbf4350f943105c85f2528b5b3bb0e393500377b3bdb74b5113fc48e753300Webunit Calendar version 1.2 suffers from a cross site scripting vulnerability in date.php.
4a57a39649d93561e8729030f73245747b6f0803a2dc3aabf9ededce2815945cDebian Security Advisory 1762-1 - It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to cross site scripting attacks.
394edea748c82370feee9e6c67fcfc3ee1cc25518848f11aee385f9ca573e1ceSAP BusinessObjects Crystal Reports suffers from multiple cross site scripting vulnerabilities in viewreport.asp.
fce3185bc71a241e9920ff0d2d40f556e07582a6a9c248380cf2b345f436b30eFile Thingie version 2.5.4 suffers from an arbitrary shell upload vulnerability.
3db61bf8d3ee9ee5f70452630bb6d2c2bd22e197df09e726a0ca373dd2d6be4eLayered Defense Research Advisory - FortiClient version 3.0.614 suffers from a format string vulnerability.
03c7157f2662b4ea6613ac679d2324fc6483c5a47915efcd34f14575cddd1f83Amaya version 11.1 suffers from a XHTML parser buffer overflow vulnerability.
e06481c2ac84dec30573ee6880da02eb452e1c86152df403ce833bbfe51fc186OSCommerce suffers from a session fixation vulnerability.
24e5402d991c1aa68ccabcb222c4a29a553a4674afec08bd8604a11913605245Secunia Security Advisory - HP has issued an update for OpenSSL. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
5a12cdb3f3ccbd2435134ccddaa08bf2fd0dd83deaefb48677e89a1a265d00b0Secunia Security Advisory - Some vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious people to conduct HTTP header injection and cross-site scripting attacks.
e01f548bdd33afffb714df225812c3d14dfe1e270da0f590e27da08d5c078ae0Secunia Security Advisory - TaMBarUS has reported a vulnerability in Nokia Siemens Flexi ISN, which can be exploited by malicious people to bypass certain security restrictions.
17c21bd2a9b7597cb730e482c933fd03191361b5b580eb1f52688d47ab42dbd4Secunia Security Advisory - Some vulnerabilities have been reported in XOOPS Cube Legacy, which can be exploited by malicious people to conduct cross-site scripting attacks.
a50a919f632bf5727132fb77d5a79618b97046a9045d1e60559eea7a3e9b21cf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed