CERT Advisory CA-2002-14 - A remotely exploitable buffer overflow in Macromedia JRun v3.0 and 3.1 when running with IIS 4 or 5 allows remote attackers to execute code with SYSTEM privileges. According to Macromedia, JRun is deployed at over 10,000 organizations worldwide.
cee2fc10d87afb680259c6f67e016f6345d10f40911ebac451a3ef50ee172dd7
Syscall Tracker is a very powerful tool for Linux 2.2 and 2.4 which allows you to write rules to track system calls. It includes a kernel module plus a userspace applications. Currently only logging the invocation is supported, but in the future, you will be able to fail the system call (i.e. force it to return some error code), or suspend the process executing it. Allows you find out info that is hard to find, for instance to determine which process touched a certain file.
3c662bd4b93a91c6be40a21fe63190ffe5e64e9a9a64d6002b2c872c579a39b1
A directory traversal vulnerability found in Shambala v4.5 can lead to the disclosure of files that are stored outside the served directories. More info on this bug available here.
792ce8a4307b49251659094a08eb30bb916bc5d232a44e48c27fb7fa5360260f
Mandrake Linux security advisory MDKSA-2002:037-1 - ISC DHCPD in its version 3 introduced new dns-update features. ISC DHCPD v3.0 to 3.0.1rc8 is vulnerable to a remote root format string bug attack, while reporting the result of a dns-update request.
42232836f0d3fb1ef90a2677417ea2433081cd0f3beee7cf19875a6a8511d9c2
Caldera Security Advisory CSSA-2002-SCO.23 - A vulnerability found in the Open UNIX and UnixWare FTP daemon can allow remote attackers to hijack passive FTP data connections.
2ba86861d069c9bc17521caaefcb7ca1c5ad9ae7377ab0c78f4293019c0c4363
Mandrake Linux security advisory MDKSA-2002:034 - A remote overflow found in the WU-IMAP daemon v2001a and below affects Mandrake 7.1, 7.2, 8.1, 8.2 and Corporate Server 1.0.1.
ccb9e4f0cf15f78cf499d5204b26c83fea31cfd471f6bf7d99bdaded7df24b9e
Conectiva Security Advisory CLA-2002:490 - Several vulnerabilities were found in the Mozilla package v1.0rc1 which allows hostile web sites to read and list local files. The vulnerability was related to the XMLHTTP, a component that is primarily used for retrieving XML documents from a web server. Fixed packages have now been released for Conectiva Linux 6.0, 7.0, and 8.
c7bcc06f713f54cc826c79b1c5b09093f8a35b0ee1fae86fccaad9566107e1f1
Safemode Security Advisory SRT2002-04-31-1159 - Several local and remote overflows have been found in the Mnews package v1.22 and below.
34e50c77bf1364ae80884b5a9c0e02f0f32770926beb9492611db880bf70ab98
Red Hat Security Advisory RHSA-2002:084-17 - A format string vulnerability found in the pam_ldap module affected Red Hat versions 6.2, 7.0, 7.1,7.2, and 7.3. Red Hat released fixed packages that can be used to counter this vulnerability.
fc2c689b4513509af1f8a5e7f2046d6dea50643ccac8e23b7cebe0b1fd61ab30
A vulnerability in the Xandros Linux autorun utility can be used to disclose parts of protected files such as /etc/shadow.
82784ea64ae0545645c2ce9fc64d6aed90906eec891e5e934434f6621cad4670
Packet Storm new exploits for May, 2002.
8650725205a461908be4ba21749215d0a22d1bab51a9b3c9b8df1f4bada63029
Xinetd backdoor.
dee84d089e45597a9c2a27792c04cb8fa64bf053b8299baa9691b1eaf689e153