PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
5ab7c8a89971f3533b88a1096532699b56204b1af02a0a0952d84c61e533492aLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
47ec0734e5807709802da023edf6ec49be71018d5f9ccec8e1b2a6553baaa0fcAlefMentor versions 2.0 through 5.0 suffer from a remote SQL injection vulnerability.
4260a5682041ba15a4984e4993d29d0347d25ccc93fa2dbbc436f0ec17e695e6Alqatari Group versions 1.0 through 5.0 suffer from a remote SQL injection vulnerability.
6a60cac4a2f458e3fc1f39d943813f036cc9512d50fec52a9056dfb5e64cfa0fThe Joomla Job component suffers from a remote SQL injection vulnerability.
aa8122e516df36ced0b61a584363e89c2a59045af1058c78e37e1c0a7578162eViscacha version 0.8 Gold suffers from a persistent cross site scripting vulnerability.
03bb11d65a8a24425b409d9d9099b20403b914635ce908457056d8c128c566e6IRAN N.E.T E-Commerce Group suffers from a remote SQL injection vulnerability.
97a9441dfcba33bede23d7c78a77f9b48e2b55d1ab261b40d93515ee27bfd25aThis Metasploit module exploits a stack overflow in gAlan 0.2.1 By creating a specially crafted galan file, an an attacker may be able to execute arbitrary code.
84833b79cf2cab4f019e6973600309cc45a88235936500d449effe956f3c1c72Zero Day Initiative Advisory 09-087 - This vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a race condition while repetitively clicking between two elements at a fast rate. When clicking back and forth between these two elements a corruption occurs resulting in a call to a dangling pointer which can be further leveraged into code execution via a heap spray. Exploitation of this vulnerability will lead to remote system compromise under the credentials of the currently logged in user.
8fce7201a97abca9cb343cc4e1842fe06f4050188e87642ecad9f4f820b01a7cZero Day Initiative Advisory 09-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a user must visit a malicious web page. The specific flaw exists in the manipulation and parsing of certain HTML tags. The ordering of various objects in a malformed way results in memory corruption resulting in a call to a dangling pointer which can be further leveraged via a heap spray. Exploitation of this vulnerability will lead to remote system compromise under the credentials of the currently logged in user.
585479ae41a7e284b1be3b9d4a1ed03e7367580352cc62979ee7dc01133c9ea0Nucleus CMS version 3.51 suffers from a remote file inclusion vulnerability.
140cec787546dd7725d5e9cab612a39c4e038fd5f240410479c953545250b8e1Mandriva Linux Security Advisory 2009-091 - Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI. The updated packages have been patched to correct these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
66ebb0d48e62bbc620b9e16e79df89466ce8c83489acf7f3aa2519461014c8fbMandriva Linux Security Advisory 2009-093 - Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute some of these details are obtained from third party information. The updated packages have been patched to correct this issue. Packages for 2008.0 are being provided due to extended support for Corporate products.
31a46dcecb651a6ed36d487dbd71d6222ae4aaefe02f739802faca7771525520Mandriva Linux Security Advisory 2009-098 - Multiple vulnerabilities has been found and corrected in krb5. The updated packages have been patched to correct these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
2bb2bf931d6ac2e4ccaf6f044d6d84fb55c9289bdf7e1e03c8e0a43d4dd4c549Mandriva Linux Security Advisory 2009-099 - The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays. The updated packages have been patched to correct these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.
c30548b7bc0fa8ba870b95cdc42b8eff41200e88943fe0c170401ff661cf3e77Mandriva Linux Security Advisory 2009-126 - mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. Packages for 2008.0 are being provided due to extended support for Corporate products.
e868c7db6d47116058c889fdb43e8d6442d8c79a565583f2b5b2eff75d5b4adfMandriva Linux Security Advisory 2009-133 - Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow. This update provides fixes for this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
260ade4b567edf2ab74a2941c39e7aa56a35d10f904cbe75b95d95642663b776Mandriva Linux Security Advisory 2009-191 - Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information. The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. Buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. This update provides fixes for these vulnerabilities. Packages for 2008.0 are being provided due to extended support for Corporate products.
8bd9c547ec68c9067ce11ccc70c019f18cddc6e63042422b0e70b4e9d076a1b8GeN3 Forum version 1.3 suffers from a remote SQL injection vulnerability.
1d6da5111f159c124318a79391a20eec8513b1be4964d7f02308046c99b50aafMandriva Linux Security Advisory 2009-327 - Multiple vulnerabilities has been found and corrected in clamav. This update provides clamav 0.95.2, which is not vulnerable to these issues. Additionally klamav-0.46 is being provided that has support for clamav-0.95+.
d8bd1881304d942ab0d21b2fb5627cfcd8f4277c9cf398ae88c979bcf6c23da5Mandriva Linux Security Advisory 2009-251 - The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by re-LOAD-ing libraries from a certain plugins directory. The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, this is due to an incomplete fix for CVE-2007-6600. The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. This update provides a fix for this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.
a45ef8112169e7fb31a87a4ebc4edd094bd03e9093cb00211a57a047c6f18154Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the parsing of certain time information and can be exploited to cause a stack-based buffer overflow via overly long strings passed to certain parameters and methods. Successful exploitation allows execution of arbitrary code when a user e.g. views a malicious web page.
eda12f9edd3a280e8c371650a98aa6cb2763e17eee0ae0743c3b314aac748bbfSecunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in ienipp.ocx when parsing the "target-frame" parameter and can be exploited to cause a stack-based buffer overflow via an overly long parameter value. Successful exploitation allows execution of arbitrary code when a user e.g. views a malicious web page.
b4604ef429d5e02dec7ad4fc93d21a10093ecd4a51bd0650e12b69bef2b19eb3HP Security Bulletin - A potential security vulnerability has been identified with OpenView Data Protector Application Recovery Manager version 5.5 and 6.0. The vulnerability could be exploited remotely to create a denial of service (DoS).
650f198c7b6029babfaadd97157fd8150b7be565b6436b84c888e6f6757ff5bfSecunia Security Advisory - A security issue and some vulnerabilities have been reported in Moodle, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, and conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks and bypass certain security restrictions.
9e2955927f32759efe42cbf59287b5038a88e1d9e461f3d96dee261f341d4d81
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed