europ INNET Web Studio Administration Program version 2.0 suffers from cross site request forgery, cross site scripting, local file inclusion, path disclosure, and remote SQL injection vulnerabilities.
ed6d22f82eaa6e297f3ac0913bd7660183 bytes small Linux/x86 ASLR deactivation shellcode.
a99ce52f1b6aa826c15e317fca3b9bcbMini-Stream RM-MP3 Converter version 3.1.2.1.2010.03.30 buffer overflow exploit with ASLR and DEP bypass.
ee610fc0a06a608bc350e0655b56e609PHP UnZIP version 0.1 suffers from a remote disclosure vulnerability. Note that this finding houses site-specific data.
d553dc83434e11a14d60b1f1200ed271This Metasploit module exploits a stack-based buffer overflow in Photodex ProShow Producer version 5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time ProShow is opened. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
2564eff9044f229cc53b605dd7e8892eSecunia Security Advisory - muts has reported a vulnerability in Dell SonicWALL Scrutinizer, which can be exploited by malicious people to conduct SQL injection attacks.
47953672b2c2e2bae9f03d446d401a49Secunia Security Advisory - NetBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
1627fe916d3df6392ff0aae096a360abSecunia Security Advisory - A security issue has been reported in the Location module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
c21c026f1d04b405ae69efccb6bdf5b4Secunia Security Advisory - HTTPCS has discovered two vulnerabilities in Thelia, which can be exploited by malicious people to conduct cross-site scripting attacks.
f6a2a4975e8384a70e3a34d64f59618bSecunia Security Advisory - Multiple vulnerabilities have been reported in Adaptive Server Enterprise, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and compromise a vulnerable system.
be69dfbd2ac8db81c8d1903c2c7b4d2aSecunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions in an application using the library.
05661cfb72c7043b3da27cd3c2c6fc5eSecunia Security Advisory - A weakness has been reported in the Secure Login module for Drupal, which can be exploited by malicious people to conduct spoofing attacks.
52bee8201c4d0a178db406a53542211bSecunia Security Advisory - A vulnerability with an unknown impact has been reported in multiple Sybase products.
0606c5efd489bda0dc166ad4084ec7e7Secunia Security Advisory - A vulnerability has been reported in the Authen::ExternalAuth extension for RT, which can be exploited by malicious people to bypass certain security restrictions.
4207966b2c5fd006574dc0d78b1e71f1Secunia Security Advisory - Some Vulnerabilities have been reported in the RTFM extension for RT, which can be exploited by malicious people to conduct cross-site scripting attacks.
59bb5b02b1305273c70c113be60bffbdSecunia Security Advisory - Some vulnerabilities have been reported in the Extension::MobileUI for RT, which can be exploited by malicious people to conduct cross-site scripting attacks.
67f0d9a33f868042054d451de85296abEntropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.
4dfdae989a638eb5ab63b860fa5f8d07The libcap-ng library is intended to make programming with POSIX capabilities much easier than the traditional libcap library. It includes utilities that can analyze all currently running applications to locate applications that may have too many privileges.
85c14a2442a3721383a1e2284e254846Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
1b5fcbc5795f615219277efc5059c886afick is another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms. It works by first creating a database that represents a snapshot of the most essential parts of your computer system. Then a user can run the script to discover all modifications made since the snapshot was taken (i.e. files added, changed, or removed). The configuration syntax is very close to that of aide or tripwire, and a graphical interface is provided.
0549d9754b9f0eb22887e4586d07267cRed Hat Security Advisory 2012-1114-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
3f9b1d5d367511dbb4ca34cbc049f78fUbuntu Security Notice 1517-1 - It was discovered that the Mono System.Web library incorrectly filtered certain error messages related to forbidden files. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. It was discovered that the Mono System.Web library incorrectly handled the EnableViewStateMac property. If a user were tricked into opening a specially crafted URL, an attacker could possibly exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
cdf396e3e4997b1813dadf6d0779101aRed Hat Security Advisory 2012-1116-01 - Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect.
afa9c610ce344121f6ff1965f1170be3Ubuntu Security Notice 1516-1 - It was discovered that OpenSSL incorrectly handled the SSL_OP_ALL setting. This resulted in TLS 1.1 and TLS 1.2 being inadvertently disabled for certain server and client applications.
3168552e4301c288674822f1eea2de17
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed