Gentoo Linux Security Advisory GLSA 200503-29 - A flaw has been identified in an integrity checking mechanism of the OpenPGP protocol. Versions less than 1.4.1 are affected.
96c4242123809d1429ef462689659c010fe012116e599881e6a523f1fbc49c25Gentoo Linux Security Advisory GLSA 200503-28 - Jouko Pynnonen discovered that Java Web Start contains a vulnerability in the way it handles property tags in JNLP files. Versions less than 1.4.2.07 are affected.
8e2ab8d748ac834891f2f6e5124c3bcf51cf9ad70702c382ccb2c3b56fc5ab14Trillian versions 2.0, 3.0, and 3.1 are susceptible to a buffer overflow vulnerability. The AIM, Yahoo, MSN, RSS and other plug-ins that connect to an external web server have a buffer iteration overflow in their handling of HTTP 1.1 response headers.
45125550c02d75c94f65198c6b0b20fbcfc43d9d7cbf78c18d4086b54f4095dfThe o2 Germany cellular provide has mass messaged their customer base in a manner that might promote SMS-Phishing.
049326b92b5699195c777c5f6c4af2541bef5ca0b19e35fac6f98ef09d089afbSecunia Security Advisory - James Bercegay has reported two vulnerabilities in Double Choco Latte, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a vulnerable system.
ae446a5097f6219bbe61700074393cacb22e132ac8f514ec276038996d4bc5f5Secunia Security Advisory - Francisco Alisson has reported a vulnerability in Vortex Portal, which can be exploited by malicious people to compromise a vulnerable system.
e57f31012afdfabf94aac5cc95531b276a7eeb341159f60b0f6d821b7f03b26bThe Oracle Reports Server 10.g (9.0.4.3.3) is susceptible to cross site scripting attacks in an example jsp.
4b42999c29687556552c450533c4cd10dfda867c0918e33b2b82699661235c9eSecunia Security Advisory - mircia has reported a vulnerability in Interspire ArticleLive 2005, which can be exploited by malicious people to conduct cross-site scripting attacks.
597b389e755e50566125f63507110ede1188a042352a195f2f71ad6298eb3644Secunia Security Advisory - Two vulnerabilities have been reported in Mozilla, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
5539938eeb1303153c9aabde9711dd27216fbcbdf771fe2a68d3884f06c31cb7Secunia Security Advisory - Mark Dowd has reported a vulnerability in Thunderbird, which can be exploited by malicious people to compromise a user's system.
b9e76392507f232dfe92cf92e2a1d1b86008571aeb3d7ed59bdeb97c981a7ebdSecunia Security Advisory - Three vulnerabilities have been reported in Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
0c54496454c17b292386df7c351ffb4ecebb79389e30b9875bb9d517a221317cCacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). This tool also explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft.
2cdfe31997fff723cd665adf730411f3a7dd77e9ed01a235184add2fbf8b1795Even though Firefox 1.0.1 patched one of the key bugs behind the firescrolling exploit (the ability of plugins to load chrome files in a hidden frame) the ability to hijack a drag and drop operation and open a privileged xul file is still available.
111d602c6d49d7cf172b6d139521c1cabf83ed7201a241e1186dee257802ea76Ubuntu Security Notice USN-100-1 - Javier Fernandez-Sanguino Pena noticed that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug output file in /tmp), this could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking cdrecord.
4cf08a2a30bb3b2909745c3e9606276b191419dc4ca55f5463124c3180c7fcc9Whitepaper discussing the scope of information gathering used against web services. Second in a series of papers defining attack and defense methodologies with web services.
d845104342be64b7e0981391fa4587731812589b1eaa8df8bb900cb3c06d39ebWeb Application Defense At The Gates - Leveraging IHttpModule. Whitepaper describing how the IHttpModule that comes with the .Net framework can be used to man-in-the-middle HTTP transactions in order to help filter against input validation attacks.
6caf1ed5d6a9f25b75acf4adba7d8d25877548097bc1e32c33cbdd10fce7536cCisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the tools availalbe on the market could not meet our needs. The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed.
652f3ffd352987862023f21352d71cd9b85d877cd03282f393f3d00cedee8a5aSNMP fuzzer uses Protos test cases with an entirely new engine written in Perl. It provides efficient methods of determining which test case has caused a fault, offers more testing granularity and a friendlier user interface. Happy vulnerability searching.
6f8e40ebced231abc98ee810fa50e440085cb8daf39fb376e11fd4e3630cfc37Nessus version 2.2.4 is a free, up-to-date, and full featured remote vulnerability scanner for Linux, BSD, Solaris and other systems. It is multithreaded, plugin-based, has a nice GTK interface, and currently performs over a thousand remote security checks. It has powerful reporting capabilities (HTML, LaTeX, ASCII text) and not only points out problems, but suggests a solution for each of them. Windows version available This is the automated *nix installer.
8877db4220b9c258e9fc7326ad0f8aaec1f499ab218105a0d328b578c3e141f2ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.
176e2ad8d0251cdf2e24d55b9f290e8ac50d6fceefc0ca908fd45d06ada3bb07Codebug Labs Advisory 08 - Topic Calendar 1.0.1 for phpBB is susceptible to cross site scripting attacks.
bc64b25734b4ce0cf4bc9f5202bb8cfb37448fc4e3c557f8b9dc7905a6e9b617phpSysInfo 2.3 is susceptible to cross site scripting flaws.
997c6e061bcef28ef540a639cef2a7fa6dfc3996de479cb79ba942a528a7f54fAttacking PC based 5250 terminal emulations from an iSeries server. Paper describing how insertion of commands inside an AS/400 application allows them to be executed as a command on the connected PC.
217d0c1b9f177df1e380748a230cda90e51eeffaca5ecf0c5331199b95d7e20eThe Vortex Portal is susceptible to a remote file inclusion vulnerability.
254cd3b147b49663725f0bae937ddccf0adb7a9945c2bc82bcfb690ef8823214A vulnerability was found in SurgeMail's Webmail file attachment upload feature. This vulnerability may be exploited by a malicious Webmail user to upload files to certain locations on the server, obtain file listings of certain directories, and/or send certain files on the server to him/herself. Two XSS vulnerabilities were also found.
bc8b30081d411a63cbb46392a69ad71e4bd6cf541f5daa935b7d38c891ea4700
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed