Secunia Security Advisory - PlaySMS SMS Gateway 0.x is susceptible to SQL and Command Injection vulnerabilities due to a lack of input validation.
1cc264e0e4b8a2944a006a41120b90825709572680c28c278ad9eba146e8bd73Sun Security Advisory - The Solaris Volume Manager (SVM) under Solaris 9 is susceptible to a local denial of service attack.
a8c6ebdaba6f938c0c8029a833bd13a7c8121c64368b4de0fc723ba27981be5aPHPBB version 2.0.x is susceptible to an HTTP response splitting vulnerability and also a cross site scripting flaw.
9bd2d0b59a945ad92ce18125125d0ac88e7d1a7638e8a47859f05b04619bb36aTinyCA is a simple GUI written in Perl-Gtk to manage a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them. It also lets you create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English and German translations are included.
01abb155db1e0a3a7a2b3a3cb9678d54dd11f5399475445f0e61e18a0cdf1a19GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
a9be25513f4bdec9d3c5e27dc95c4794f1cf93cf312a44b60c8a39dba86c2538Secunia Security Advisory - Cengiz Aykanat has reported two vulnerabilities in eTrust Common Services, allowing malicious people to cause a Denial of Service.
2894708288caaaf6e3b2120fdc52945843409c7496057f455f34da77d567a6d7The third advisory in a three part series discussing more flaws in PHP Nuke ranging from full patch disclosure and cross site scripting to SQL injection attacks.
09c091f1f233ed1902d0aa74ac5da411fb080ada57495aec27ef66ae17793c0fUtility that attempts to find whether or not users exist on an SMTP server using the EXPN command against a list of user names.
73346010d346ef624f1a57c55f0aaafd2fb9476ea1e7678b6e797981f5d167fbTool for cleaning WTMP, UTMP, and lastlog under Linux.
59aa2101b05225dd0eb7e7b456eb26357540723e3c1d8a10deca83e9715a10fbSharutils 4.2.1 local root exploit. Note: shar is NOT setuid by default, so this exploit is completely proof of concept if for some reason the binary was setuid.
edd1020fd999d8177e094173be570e3a68f63ad358f7757f48ef91abc923b842CuteNews version 1.3.x suffers from an HTML injection flaw in the commentary section.
1bed2be3a7e3553d352ea8e88aeacbb7a7dc51caa12eba604305e417a1450da1Outblaze email suffers from a cross site scripting flaw.
2e3fb75d7c154d7b6b50aaad88ab9ae8b9d1380f03794f14958361957ee8087cThis pam backdoor allows access to a machine using a backdoor password and arbitrary commands can also be executed without logging in. Logs normal users passwords to a log file. Configurable without recompilation.
7f794ba5e8bc118b85ff262f027ec88781fe67d05316514d8796bbbf098b9f09glFlow is a pcap-based traffic analysis tool intended for monitoring high speed links. The detection algorithm is based on realtime NetFlow traffic aggregation and analysis. The code is portable across platforms, it should work on every system with working md4/md5 and pcap implementations, with very little modifications.
04f57658bd93580beb4d38f158a69fd06e543e8d2d095e6403fe5360cd7d6a12Remote test code that verifies buffer overflows in the Medal of Honor games including Allied Assault version 1.11v9 and below, Breakthrough version 2.40b and below, and Spearhead version 2.15 and below.
d9dedeac1cdba39e43966b1bd9cafc503a11804078a6604f32a375fcd32513a2Medal of Honor games, such as Allied Assault version 1.11v9 and below, Breakthrough version 2.40b and below, and Spearhead version 2.15 and below, all suffer from buffer overflows server-side.
26138defb44c5ccd5bca6847f51453afed6f2ae54af0f0e5fde0b3aba6ceaf32Local elevation of privileges exploit for the Microsoft Windows 2000 Utility Manager vulnerability. Updated version that can be executed via simple cmd.exe shells using a normal user account. Gives a shell with SYSTEM privileges.
075b9e7810c1d745ad80808bae307f18bd645d2e8f49f32f7a9315895c6f6671Local elevation of privileges exploit for the Microsoft Windows 2000 Utility Manager vulnerability. Gives a shell with SYSTEM privileges.
6b4c09c3bcb0f4713a12fc777f2245169344041b7020220a150fb035f8202c0fWeb_Store.cgi allows for remote command execution due to a lack of variable sanitization.
a77628094a6127c5e36615486c6060183b4949cad68e0d36d30f9e53dae43249A format string bug exists in the code that handle the Debugger Messages for OllyDbg version 1.10.
ea3b234c64fa58685fccf9e73ab76034b66c1ae43da07c0540c4599cf53cbb37Microsoft Internet Explorer gives too much trust to the location variant when it comes to method cache.
dfcc5befe5b4cbb0775285dc6081d07b23ee805c7630f7a4a7e2a864aef1038dhsh-gen is a script used to create shell wrappers to assist in exploitation of remote execution via directory traversal attacks on cgi scripts.
90c94617f5e3747041709613c0f8ebf5b34dc46ec64896e221aa3e60980ce0f9mod_ssl 2.8.18 for Apache 1.3.31 suffers from a format string vulnerability.
6bc74708efb719f3dd166615a2295857ff80b86322f5e777eacbf97f0e3496e4Tenshi is a log monitoring program, designed to watch a log file for lines matching user defined regular expression and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports.
bc7a7e134c35bd3aea3c6fe92c3d44b6cc0d62f964345f46925b5d30825f780aPHP Nuke versions 6.x through 7.3 suffer from cross site scripting and SQL injection flaws.
70f19d1381815ef51a0a74bdb7a4451ff7d7ed90c0e356680bec2079856ee621
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed