Asterisk Project Security Advisory - A missing ACL check for handling SIP INVITEs allows a device to make calls on networks intended to be prohibited as defined by the "deny" and "permit" lines in sip.conf. The ACL check for handling SIP registrations was not affected.
a028170ecb278eb6b1813a2f959521f86bee010953bfc98dd29af7dda75eda1cDebian Linux Security Advisory 1920-1 - A denial of service vulnerability has been found in nginx, a small and efficient web server.
a58d06e16a9d3a6b827169a516aff66f2157145f16fcf840430a9cbddc18b800SquidGuard versions 1.3 and 1.4 suffer from multiple buffer overflow vulnerabilities that can lead to filtering policy bypass and denial of service.
94086b40a1ab7017bb9bc377bf84cfff6fd6d58ed0253373907a92dca67adc7dSharePoint Team Services suffers from a remote source code disclosure vulnerability in its download facility.
4e7055eb3038cde6c4ec6d7dddd8f7a0b00a1c88f6274975ea98f42e56ba948exp-AntiSpy versions 3.9.7-4 and below local buffer overflow exploit that creates a malicious .xpas file.
fb7c0d38c62756cc07427f4f9cc68a113bb21c52a93dcd03c74d4ea5f5190bc2Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
32e9e06c425bc37a382439688f3aa52f6edd0bffe5039116acef4bc00ae5811ekeychain is a utility that helps manage ssh keys in a convenient and secure manner. It acts as a frontend to ssh-agent, but allows the user to easily have one long running ssh-agent process per system, rather than the norm of one ssh-agent per login session. It also makes it easy for remote cron jobs to securely hook-in to a long running ssh-agent process, allowing your scripts to take advantage of key-based logins.
7784773ca4eaed559c0ad7be1d9a0b7c3d96bad1be03696a3dffa90458737a22Oracle Database versions 9G and 10G are susceptible to a PL/SQL injection vulnerability in the ctxsys.drvxtabc.create_tables procedure.
84daa237dd1a6738c1129e914291f5c78d13ae5fea34ce0cf4c5505af298c54aThe Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.
d218ae46a81a248e35dee10baea3e087404f8327ea92a0b2aee6adf48cad3ca6This pdf has the Anti-virus PWN2RM Challenge results. An amusing read discussing how to disable McAfee, Norton, and various other AV software.
232bf4211083bfc95c523a4af38a1e65423009125b74c66afdafd26c6bd3968aCherokee web server version 0.5.4 remote denial of service exploit.
bc5ae7c21bcb8c03242d5ca9efe893b038532ab37ece8f6120f1d93318696b2bNetreconn is a collection of network scan/recon tools that are relatively small compared to their larger cousins. These include nstrobe, ipdump, and ndecode.
ee882726312658fdb64084f3d9a51c98927c49b5b5f040c16b122a0cbe79e6ebGentoo Linux Security Advisory 200910-3 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code, or other attacks. Multiple vulnerabilities were discovered in Adobe Reader. Versions less than 9.2 are affected.
cf303bc61426589808c198dba2d9c4e5dc717575857163c0c64d5200873a727a59 bytes small Linux/i686 pacman -R <package> shellcode.
9fdcaebcc059d12655b9ae6ddaf35b30a0d628ce708478877b288fa9989270a8Jetty versions 6.x and 7.x suffer from cross site scripting, injection, and information disclosure vulnerabilities.
5f6bdd64a6596d46cbd0a5ae2448106b4656a8543eb8f07317ef5d4b92ae82d9Debian Linux Security Advisory 1919-1 - Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine.
e81d5c75010f479d4b00e96bf9841a9e460fd58089ab86927076c5b5f3212808Debian Linux Security Advisory 1918-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web.
4d4adb4605ffe4527fd5c970fde5a8eb921aa1aa3a8d0bb58a365697b47926cdRunCMS version 2M1 store() remote SQL injection exploit.
5ec198e21d6cd21d61f5fdc3c6a5ee8d87713cb7314e10d3097198cadcd066a8TFTgallery version 0.13 is susceptible to a cross site scripting vulnerability.
63c864ab65c6626cd22619a37272b2397a4e4a8dfda92c12502c770de28ed5caRunCMS version 2M1 /modules/forum/post.php semi-blind remote SQL injection exploit.
b2726e7da364c32aec8f8908559cc2dcf26bc16728ad3c42b92e056f14f27478Novell eDirectory version 8.8 SP5 for Windows proof of concept buffer overflow exploit.
ba9b1bdb9f350ebe348f99b9a102fd4c9f4d556dfbe999f07b23a3755a9a0738Debian Linux Security Advisory 1917-1 - Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML.
f4eec4bd418d00f6295ba89cc77c83571f52da70023e4e2e892335b60cb58dc1Debian Linux Security Advisory 1916-1 - Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from the official KDE release, does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
88d9ef536fbb093198ad22faeeb4c73bad0b94a4bafd1f42e43a6c1f079e8091Debian Linux Security Advisory 1912-2 - Due to the fact that advi, an active DVI previewer and presenter, statically links against camlimages it was necessary to rebuilt it in order to incorporate the latest security fixes for camlimages, which could lead to integer overflows via specially crafted TIFF files (CVE-2009-3296) or GIFF and JPEG images (CVE-2009-2660).
ba7b34b0bb05be6dd15df8083c54a4d732ff7cd274c08c9d1f9b0cbd29a04c52Mandriva Linux Security Advisory 2009-288 - The mod_tls module in proftpd < 1.3.2b is vulnerable to a similar security issue as CVE-2009-2408. This update fixes these vulnerability.
0e8d72525416ecf43373f296880c86846c238d5af213c156135bba25e17696f4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed