Web File Browser version 0.4b14 suffers from a remote file download vulnerability.
3e75ca8b7fffb9b48934c6982bf3ff9d07051553cee3c82ccd5de47fff421856CaupoShop Pro versions 2.x and 3.70 and CaupoShop Classic version 3.01 suffer from a local file inclusion vulnerability.
7c298e40fae2e5c555e4936179477f03952efff10ddd7937677dc7e05292c8d9Calibre E-Book Reader local root race condition exploit that subverts recent changes preventing symlinks and checking path prefixes.
a8d8f271f9bcea57da5e8e80f09acc4ebc27b5f8820e5bdda23f748aa4eb75efCalibre E-Book Reader local root exploit that uses the mount helper to mount a vfat filesystem over /etc and then tinkers with /etc/passwd to make the root password toor temporarily.
803cea9af662f56f8c5d24c4e88e0d59ba6548ac865fb65d1a853fca08aef00cRed Hat Security Advisory 2011-1424-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.
51a5726d1929c069fd08213b009036083f5767916bc1517d0e1b34d44276d662Mandriva Linux Security Advisory 2011-166 - A vulnerability has been identified and fixed in php. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory and is now being provided, the php-timezonedb package was upgraded to the latest version for 2011. The updated packages have been patched to correct this issue.
c82b9c418c80f0f149ed58d135c718ec945f901a518961f084309b77bc46bd53DreamBox DM800 versions 1.5rc1 and below remote file disclosure exploit.
8fee3da667376ed45ce7f37d430981833a80f00a5a6fc6e5635f8b8511dad4dfRSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.
b3b3018dfe32899d541965ac824cd23af6a61e18beae800a1a6ae93c827686e0This is an advance notification of 4 security bulletins that Microsoft is intending to release on November 8th, 2011.
5e41d6b958ee3c2306f96ed3381db1fbd246eb174ccf3ec8f64184950f3478d3Mandriva Linux Security Advisory 2011-165 - Multiple vulnerabilities have been identified and fixed in php. Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by using the same variable for multiple arguments. The ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service via certain flags arguments, as demonstrated by GLOB_APPEND. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. Various other issues were also addressed.
e4e0c6e0f280e265039c8e4deb8ffadb2f148b8795224a02c5d8c8d7007704c1Ilyas.info Design suffers from a cross site scripting vulnerability.
6c1b436f8f3e706fc3861efd3ec043268b658d8f493b7230bdb0c381d05df0abHP Security Bulletin HPSBMU02704 SSRT100619 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
7999f71fbcd8709c32f927c331d72a48a33196832c69bf214321a6a0024ddec9CmyDocument Content Management suffers from multiple cross site scripting vulnerabilities.
fbd18ab5a15445be1304549c1d12c945436c12dca254627f5eabe69fd9e97325A file-blocking feature introduced in EMC Documentum eRoom version 7.3 allows site administrators to employ a security control to block certain file types from being uploaded or opened in eRoom on a site-wide basis. A flaw in validation may allow an authenticated user to bypass this security control and upload arbitrary files to eRoom.
d954efcdca333f262b5b6caa9f5bbb4209304e9d881a28e25f7fce93a16e493fSerendipity version 1.5.5 with Karma Ranking Plugin version 1.1 suffers from multiple cross site scripting vulnerabilities.
86a6d12f2cff57ae842260fd4e59240bd7a88f0a76077b72f5e70aba01bc7b1bSerendipity version 1.5.5 suffers from a cross site scripting vulnerability in the serendipity[filter][bp.ALT] parameter.
45f32066502c9bb18521917e3d6dbb6312ea08f33fea30e27e8c073153bb44e1Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
a027a535b35e5f9ca7091e4c83a06b4be48f0f95d6906bdd467ccc0659e7e798Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.
568e19f2bee2f40b7aebc94201e6e7c0530c0bd21dc063fc84fb7086b0936c20Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.
9f48d660d26082a6c4a6578c1d352d077f8b51add9b99f5492d02edb6099243eTor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.
673b5bc02fbe9d2b593026ad503b8f7a1cbd34953021173247f95ffb1bceb976Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.
9894f6c0e2fdb3b67eeaea494961dacdfac8d7872d371ab453608b2c9d5afcf1Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.
385e1137aca7e64a21434b3467ac61b60de918f2c5abde3150b94a252c15598dSecunia Security Advisory - A vulnerability has been reported in DotNetNuke, which can be exploited by malicious users to conduct script insertion attacks.
bae4a49fc819e127647fb5468c7b180175bdb456b2a27a5c1cd25cc49c3b9f9cSecunia Security Advisory - 80sec has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information.
5ba8070b5a78633e69ea1e4fd61914b8c9bef91d17729471d71c0f7efe00f639Secunia Security Advisory - SUSE has issued an update for SUSE Manager. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks.
e00a57a10311af29cd622bbe7b73738179bf84c3f6ea714a6257b479cb0babd7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed