Ubuntu Security Notice USN-835-1 - Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
968ff370e3a79298a9b7124d53f5b9ece8d5f8e220c123a1a7ea5d7a39c1313cMandriva Linux Security Advisory 2009-238 - Multiple vulnerabilities was discovered and corrected in openssl. This update provides a solution to these vulnerabilities.
31c2e4db2c4d9a59061c28ba43c171388869223dfecb57fc075078cb0b97baedJoomla MyTube component (MyRemote Video Gallery) version 1.0 Beta remote blind SQL injection exploit.
9fe8bb9896e159c86faf048c08b176fde0924885a7399e6e40bb47a64986d77fJoomla Jinc component version 0.2 suffers from a remote blind SQL injection vulnerability.
3e57c0e4c43246aaa049a27dc474731f561ce6308630e703225234cbb2d4ee1bFirewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
bb827f54a77c0f8a9b471200eda3801c9ff3f2a576647ca6a576e546e20ac254WX Guest Book version 1.1.208 suffers from remote SQL injection and cross site scripting vulnerabilities.
568d29763da41e2fabdf85d13b913c59a6e8bed8ccede0e5723da4d2970d0b72Mandriva Linux Security Advisory 2009-237 - ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws the scope of this issue is currently limited because the amount of computation required is still large. This update provides a solution to these vulnerabilities.
6b72823540faf713afc600893f4b4f73da01b097b7de2809c1b8a8f80d4521e0Loggix Project versions 9.4.5 and below suffer from a remote file inclusion vulnerability.
7aa0124250f2a0d8f10eeff86048768dab4451a3bfe2d2802737e9c0b4b324c0ProdLer versions 2.0 and below suffer from a remote file inclusion vulnerability in prodler.class.php.
c42ba5a2cd1067802c6486cc6edcc1bb61e57cd2ab58d8851b4cfec2a233ecc0Check Point Connectra R62 suffers from a login script injection vulnerability.
973662714d2638504ccc5f296c57e238e0cf445d2393960a6bd2765cd9964e33Winplot local buffer overflow exploit that creates a malicious .wp2 file.
82f998f301f4ab0ed6175236dec21034486bef1df09702ffad20aadbd958fd76CMScontrol version 7.x suffers from a remote SQL injection vulnerability in index.php.
33f48bee1fd20e8f7199c8702398a7022976b641efdefb33632a69f21d78cdf3cP Creator version 2.7.1 suffers from a remote SQL injection vulnerability.
33bbec142065f8a7c2ce8e1109d2101f9208965bf2cbf4f54b80aff5ed1965f2Mozilla Firefox versions 3.0.13 and below denial of service exploit that leverages the pkcs11.addmodule vulnerability.
f6d5f3c2677793e732e3b1bffb1df50e9b07d6d26ce4b477595972dbb376e51aProgramChecker version 1.5 Build 531 suffers from an Active-X related command execution vulnerability.
82c25df9a2bebc070635dd0498a8741540046d1466df33e20f87b0fc1b7ac7b1Orca Browser version 1.1 Build 2 suffers from an Active-X related command execution vulnerability.
dfa1e771773ea686fa70b40028829836ae89a2d672169b8ebb2efbba76028c08NCTAVIFile Active-X DLL version 1.6.2 suffers from an insecure file creation and execution vulnerability.
dd94df3aba90558aec4635e304c81c3236c5584c19b559a632f17e32b6991a28Gom Player version 2.1.16 Active-X related command execution exploit that leverages GomWeb3.dll.
2a8a913998734a5f373444e08d236dddeb058d422d33c9bb6500e3507d9236a9Dawaween version 1.03 suffers from a remote SQL injection vulnerability.
a156e70c400b0328e12819eec5484d37f2e58ce68c18328d79769daceb6bfd3eSnort versions 2.8.1 through 2.8.5-beta suffer from an IDS logging alert evasion, logfile corruption, and alert falsification vulnerabilities. Proof of concept included. Further information available at the homepage.
47a83df144ade672eb345a1ceb0cbb347d0fb205e3fa044a51a974fbb775da4aUbuntu Security Notice USN-834-1 - It was discovered that PostgreSQL could be made to unload and reload an already loaded module by using the LOAD command. A remote authenticated attacker could exploit this to cause a denial of service. This issue did not affect Ubuntu 6.06 LTS. Due to an incomplete fix for CVE-2007-6600, RESET ROLE and RESET SESSION AUTHORIZATION operations were allowed inside security-definer functions. A remote authenticated attacker could exploit this to escalate privileges within PostgreSQL. It was discovered that PostgreSQL did not properly perform LDAP authentication under certain circumstances. When configured to use LDAP with anonymous binds, a remote attacker could bypass authentication by supplying an empty password. This issue did not affect Ubuntu 6.06 LTS.
1cc8e823bffcfd04b7086497156d8f0f84e9ce557955e7f970e2c2827c937faeMobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
1e946d6cb871e772b137783156bcec35490bf7a95c3c638abf9cd5fd9d358f6fJohn the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.
017936a2a98e0a4bcec56c53177e4ee8f515ebd5e39fd97e55b1962076eb5d16BAROSmini version 0.32.595 suffers from multiple remote file inclusion vulnerabilities.
b2421876562090d6d9b95ca27f072bfaf0f93c53277c8394a13bc19285c9220fGentoo Linux Security Advisory GLSA 200909-19 - Multiple vulnerabilities in Dnsmasq might result in the remote execution of arbitrary code, or a Denial of Service. Versions less than 2.5.0 are affected.
ec68823361b9638a1384381e81356f03b2d0d93d982e59ba4960888f743dd348
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed