Remote root exploit for Linux that makes use of a format string vulnerability in OpenFTPD versions up to 0.30.2.
992a2b4620c6e6d42ef0f142fa085a0d0be5f101fff990c01f51345f0c3d2e6aAny oracle, ias, iasr2, or iasdb users with local access to an Oracle database can gain root privileges through the Oracle installation. Versions affected include, but are not limited to: Oracle 8i Linux Platform, Oracle 9i Linux Platform, Oracle 8i HP-UX Platform, Oracle 9i Solaris Platform, Oracle IAS 9.0.2.0.1 with patchset v9.0.2.3.
374ead87c238f3fb52d963a015b0dde48d33ed997d595aa399dd82eaeb345c63A denial of service vulnerability exists in GnuTLS versions prior to 1.0.17. The flaw lies in a failure to handle overly long RSA keys.
ba19a812a7cc901aba7111f7eaffd6b809286bc9e0333cbf2a17e986bcd6ceecComersus Cart versions 5.098 and below suffer from cross site scripting flaws.
805dc71f2be3617ce9161b07c0c48f00ecaf3120eb8ea23cdcd4d3dfe3624b21Denial of service exploit that makes use of a buffer overflow in an overly long Content-Length: setting for MailEnable Professional HTTPMail version 1.19 on Windows.
44f1af32a75af37294809c7bd8390c0271bf083f43fe1bf0783dc5028e8fef27USRobotics Access Point version 1.21h embeds an HTTP server that is susceptible to a buffer overflow when an overly long GET request is supplied.
b434953d8942354d83a26837b7e99f689a36d1eec28aa4201db36617063223e7Remote root exploit for Linux that makes use of a format string vulnerability in OpenFTPD versions up to 0.30.2.
4a813dbfde0c43338733a0d71011da4dee731192168cf758ffb58a3d80969bacSCO Security Advisory - A buffer overflow in ReadFontAlias from dirfile.c of Xsco may allow local users and remote attackers to execute arbitrary code via a font alias file with a long token. Another buffer overflow in the ReadFontAlias function in Xsco, when using the CopyISOLatin1Lowered function, may allow local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias file.
4ee7da723ca7e03578f3c56edfc012de2a498633281d713c9c76de8fb7961a4eVuurmuur is a middle-end and front-end for netfilter and iptables that is aimed at system administrators who need a decent firewall, but do not have netfilter specific knowledge. It converts human-readable rules into an iptables ruleset (or optional a bash script), makes netfilter logs readable, and includes an ncurses GUI.
7f1618f5045e1471384270f4d2b8c1d4ecc3e2b59aabb4c54b4ca1439a4a6d2bwpquiz versions 2.60b8 and below have some administrative scripts unprotected and accessible by the world on a default install. Due to this, anyone can easily obtain administrative rights.
7a9f10b22bb93616256191e25fe31336d16398fb756dbe729b5c205f298708bcFusion News versions 3.6.1 and below suffer from a flaw that allows for unauthorized account additions.
43dbb6da6a2f6ef71ce64f62c587f19b755719a3511bc2540b5fafdfe6a3bd0eA vulnerability exists in jaws 0.4 that allows anyone to get in the control panel with administrator rights without a password due to a SQL injection flaw.
f767cd0ba50b63cc8d865b39c5d5f421f780b5dee8819bb12d1afce9c206f918Cryptknock is an encrypted port knocking tool. Unlike other port knockers which use TCP ports or other protocol information to signal the knock, an encrypted string sent via UDP is used as the trigger, so sniffing cannot be used to recover the knock.
e70189e40ba1350e0ab3fe8dc9195b1857688a4941708ffb3019e30ea2028fdfMicrosoft Windows XP Task Scheduler (.job) universal exploit with portbind and connectback shellcode. Tested against Internet Explorer 6.0 (SP1), Explorer, and Windows XP SP0, SP1.
c0ad2fbcb9aafe3a76b903dc7caa191f29e0d66022d31612c07ee0125af77dc4Technical Cyber Security Alert TA04-212A - Microsoft Internet Explorer contains three vulnerabilities that may allow arbitrary code to be executed. The privileges gained by a remote attacker depend on the software component being attacked. For example, a user browsing to an unsafe web page using Internet Explorer could have code executed with the same privilege as the user. These vulnerabilities have been reported to be relatively straightforward to exploit; even vigilant users visiting a malicious website, viewing a malformed image, or reading an HTML-rendered email message may be affected.
11bbd11b6668d31a09d5452be961d49d76b1777b98b435cadb5c70d79eaeacf0Local exploit that makes use of the WAV header handling vulnerability in SoX versions 12.17.4-r1 and below. Tested under Slackware 9.1.
d82a19e5f51a9ba4c8460f5ece32002038c8d46ebcf499d30b11e369b76326c7Keen Veracity Issue 13 - This issue covers blind scanning using ARP, playing redir games with ARP and ICMP, and various other topics.
c8bb3bd02229534d2c9008b9f39e9e9454955523158a2077af31ad42efc07ce9Secunia Security Advisory - Microsoft has issued an update for Internet Explorer. This fixes three vulnerabilities, allowing malicious websites to cause a DoS or compromise a system.
f92f9894a7c9177137c8b43475aaae95ad0b1bd82bd43d3a34a38789e29f7583LCDNetstat is a program that displays the TCP/IP connections of a computer on an external or internal LCD display.
b1d274a671ae41f50eb09ead91296cab40f622164f87ad08e7fe2b009414bcc5Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
a4a1f74bb049219f89232a941844d13e311d08bcdc144c050e3b346ae353e922Traceproto is a traceroute replacement that allows the user to specify the protocol and port to trace to. It currently supports TCP, UDP, and ICMP traces.
e410ff2dee3fe0f69f846dcb6db214d8bdf4fa5efcfb36a35b3a11662724213dMD5 Brute Force Tool is a program written to test the security of MD5 passwords by attempting to brute force them. The user can also specify the characters to use when brute-forcing.
1a7711a84c5d9788ed69fe759a50a484a015a92ad968d0d3b17cc1a9ae759d9fDansGuardian versions 2.8 and below may allow malicious users to bypass the extension filter rules when processing URLs which contain a hex encoded filename.
3ddda2a7e2b72e403ad6f313fa884c9599c8109a42e3c31307666420162cab4fLinPHA versions 0.9.4 suffers from SQL injection attacks due to an input validation error in the session.php script.
4f72ecc61296807b320ab5924efe1a1baf305919b45a9d9e935c73b1beae152aA format string vulnerability exists in OpenFTPD versions up to 0.30.2.
3d14f8de65a15da5e2a16400f1ad225b52f93ab1e94fb25bdb07df8230707879
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed