Kinesphere Corporation Exchange POP3 e-mail gateway remote exploit that makes use of a buffer overflow.
aa21d34e23c056c9250ad35d4abf58eeff4391ebca64ff0ac12966a256d74237Mandrake Linux Security Update Advisory - Problems lie in the utempter program versions 10.0, 9.2, 9.1, Corporate Server 2.1, and Multi Network Firewall 8.2 that allow for arbitrary file overwrites and denial of service attacks.
d955011e39cbff52026f4c77016b564f2c9d8f72b1a57bf1a841fbbace58a5a8phpBB modified by PRzemo version 1.8 allows for arbitrary code execution due to improper filtering allowing for remote script inclusion.
8f915afa29d6d3113d81ad61be80a1976bff508961eda81a442555fabb47b0e4Patch 113579-03 that was released for Solaris 9 in mid-February introduces a security bug that affects anyone running a NIS server.
af8a27c3a62be7c3fb127a4bfe17fa95641a3d58ac90fc99d916bb9d731edc1dWell written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux.
b31fe0048b71bab934815417a3d57f26b2f50823b7d9600434d47c9c533ed212Debian Security Advisory DSA 488-1 - Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.
0847d476372853d07fab312a6d3a8a545b2f8c1634ced2c0ed2d79f678c6ea79XChat versions 2.0.8 through 1.8.0 are vulnerable to a boundary error condition in their SOCKS-5 proxy code. Successful exploitation can lead to a complete system compromise.
d5f20b76db2c8dc08bf4e18ba72b64835cbb45e7648c299108cb57c4fec1bc1eKPhone versions 4.0.1 and below are vulnerable to a denial of service attack when receiving a malformed STUN response packet.
12d4c98fd485fb0fefda4a56371fd88ee6fd8c0ce96b29a81aca47739fbb89b8A white paper from the Imperva Application Defense Center entitled 'SQL Injection Signature Evasion'. This paper discusses how protecting against SQL injection attacks using signatures is not enough.
03d6daf972705613464988cfa766093ecc5478c6bc77a3064f497d825b56093fZaep AntiSpam 2.0 is susceptible to cross site scripting vulnerabilities.
3e7e4f123c4943e9bd523542e9c492ae9d9114fb2b02ef17bbd39fbb62c40969BitDefender's online scanning service has Active-X related flaws that allow an attacker to run arbitrary code server side.
b99278bb29477cd2c8b3b823340d554551425884717cdd650dc007d6d6ad6370pam_usb is a PAM module that enables authentication using a USB storage device through DSA private/public keys. It can also work with floppy disks, CD-ROMs, or any kind of mountable device.
b338e9b1161e4b56f4e007713a4e147501ee2576bf18243f3256c28ee37f03cctumbler is a protocol that enables a client piece of software to securely tell a server process on a remote machine to execute a predetermined command. tumbler is similar to port knocking and is designed so that a remote user can securely and stealthily enable and disable server processes, or open and close firewall holes on a computer connected to the Internet.
9be51278bb9e8b11bb91de779ebb180175c8e973892af7b6bd5a4df438c8acc6knock is a server/client set of tools that implements the idea known as port-knocking. Port-knocking is a method of accessing a backdoor to your firewall through a special sequence of port hits. This can be useful for opening up temporary holes in a restrictive firewall for SSH access or similar.
74c00936c571fd618296180db3c5df9fe74da0470553de3d7284bb4538df92ddSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
aa82b94f5ba3f6d6d565f1986ead96f390cd3776552d3bdb6a2d38dd90a5bef1phpBB versions 2.0.8a and below suffer from an IP spoofing vulnerability that allows a malicious user to post messages and have them be tied to forged IP addresses.
012ac3015749c388d7244a46e4409b068cea07bc7316faa1b7af96cede0be17eRemote root proof of concept exploit for gv versions 3.5.8 and below. Binds a shell to port 65535. Makes use of an old vulnerability that does not have an exploit circulating for it.
11d8cbe05d44de0b0c307ee9081118802cb84f87aeb270e7921d6390d73955dcRemote exploit that makes use of a SQL injection vulnerability in Phorum version 3.4.7.
9f4cf79038884aae5dcd94f78963562f26d6d2bddc3d43b27874e515c90298cbA critical SQL injection bug exists in Phorum version 3.4.7 that allows a remote attacker to view sensitive data. The problem code lies in userlogin.php.
9a6afe98513c69946e7f30f31b5b192c8e6123e0b8371ba1df208f890ff5610dFormat string bugs exist in neon versions 0.19.0 and below when ne_set_error is changed from taking a single char to taking printf-style varargs. Release 0.24.5 fixes this problem.
493de778dca786fb58573a1e349e7d80a8466d1d46c151285d7ceeb5d82f3d28Local root exploit for Squirrelmail's chpasswd utility. Original bug found by Matias Neiff.
3c36b2150910beb2509306f98b2cb97e6805d8171120ac5902aad390be155c8dGemitel versions 3.5 and below allow for malicious file inclusion in its affich.php script. This vulnerability allows an attacker to forcibly execute arbitrary scripts from remote resources on the server.
483f0f3f00299f5b8710d0ee6366376e76b18b0d54ae99b5df2b8b47f8dac39dNorton Antivirus is susceptible to a nested file manual scan bypass attack.
ca93438b7c9ea3dc6ec50a2867da283a445c246f3149cf5a65d2c644ba088113Secunia Security Advisory SA11394 - A vulnerability in WIKINDX allows remote attackers the ability to read the configuration file.
ee342545e2df7fd12434bdc4d699fb5898e616061e3500f5199f9bdce38ebf41Secunia Security Advisory SA11367 - Subversion versions 0.x to 1.x are reportedly affected by some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
b54ff37cbaf0637ed2490a2f37b5ef05279d4058f159713993eb18cb5a926975
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed