SNS Advisory 83 - A vulnerability that could result in session ID spoofing exists in miniserv.pl, which is a webserver program that is utilized by Webmin and Usermin. Webmin version 1.220 and Usermin version 1.150 are affected.
4f1c462a6d055766252844ffc3c1e34389177f4019beef3335aa8c2152e47e35httpbd.pl is a small backdoor written in perl that poses as httpd. It can spawn a shell and transfer files.
4c76e48efa8f53ecefbcc332995f3f43f9bbe6b96ae6069e91f28c6a58d040fbPerldiver versions 1.x and 2.x suffer from cross site scripting flaws.
c119c3422a6ce54a1acc8dfdade412bb0bdd52b52a6876f319a899bcea72823cHP Security Bulletin - Several potential vulnerabilities were fixed in Mozilla releases prior to V1.7.11 and have been incorporated in the Secure Web Browser for HP OpenVMS Alpha and I64. The background section lists issues fixed and their Mozilla Foundation Security Advisory reference numbers.
92728aa4fa70bef8f964a97264abb5795e360dc42b020b25fbc797fbb777286fHP Security Bulletin - A potential security Vulnerability has been identified with the HP Tru64 UNIX ftp daemon (File Transfer Protocol server daemon). Under certain circumstances, remote authorized users could cause an ftp server to become unresponsive.
9dc71e0aa5b003b1eb2292af1cc9af1d7847eba5067168f4af9e833cd90288a7Debian Security Host Bandwidth Saturation Advisory - The recently released security update of XFree86 in DSA 816 for sarge and woody has caused the host security.debian.org to saturate its 100MBit/s network connection entirely.
be7a47458551e4380838f8a203363f60a72c78ac1919bf3217e00e3d5462b15aGentoo Linux Security Advisory GLSA 200509-15 - When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem with the '-r' option, the read-only bit is set, while other bits, such as nosuid or nodev, are not set, even if they were previously. Versions less than 2.12q-r3 are affected.
599af4ee109fad03088d2205bdbf9e7a5323cb7c6e509d7915913daa0b148e2bGentoo Linux Security Advisory GLSA 200509-14 - Shiraishi.M reported that Zebedee crashes when 0 is received as the port number in the protocol option header. Versions less than 2.5.3 are affected.
272dccfc5ee5712ba79e7f2c0a5d398b2f4a7ff60ad1938a761647cd1fe477aaMercury Mail IMAP server versions 4.01a and below remote buffer overflow exploit.
6de1fce527298bff499ad54b23ba97800c58408ee63b9cf72ef653e5f389efe2bacula versions 1.36.3 and below are susceptible to a symlink attack.
0b733f367c71d2ab2a33bc47b8a5378b78ffdd5f6f2e4be7909b5df63d1beddbSecunia Research has discovered two vulnerabilities in the Opera Mail client, which can be exploited by a malicious person to conduct script insertion attacks and to spoof the name of attached files. Version 8.02 is affected.
aca5e53fd676ad9100ad9b6862edc517cceb04b62c8877cc5f3f751332155c93Ubuntu Security Notice USN-185-1 - A flaw was detected in the printer access control list checking in the CUPS server. Printer names were compared in a case sensitive manner; by modifying the capitalization of printer names, a remote attacker could circumvent ACLs and print to printers he should not have access to.
2ed97186c378b190370a76fb80f1b7e37a49be13afdcdb58a6dbc59f87abacd3Hesk versions 0.93 and prior are vulnerable to authentication bypass and path disclosure vulnerabilities caused due to improper validation of the HTTP header. This vulnerability can be exploited to bypass authentication mechanism, and also made to reveal system specific information.
2645a4a964c584ad640884d537dd3c2209e0231c8e3f12c7579589f38c74c645A vulnerability has been discovered in Sybari Antigen version 8.0 SR2 for Exchange/SMTP, which could potentially be exploited by malicious people to compromise a vulnerable system.
d54b9ca906654b699f76337d99e39dabe435ae0be6108317ea342a8a82e27db6This paper describes an attempt to write Win32 shellcode that is as small as possible, to perform a common task subject to reasonable constraints. The solution presented implements a bindshell in 191 bytes of null-free code, and outlines some general ideas for writing small shellcode.
a4631261a3729136f9d6a5d804e1c7cdf1a8baf9350860bdca03b63296b139a2Secunia Security Advisory - Debian has issued an update for python2.2. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
a4874a1522b82e9471f9a5c5621b9b042a13d9499c2663147d74d83583e364eeSecunia Security Advisory - Vasiliy Averin has reported a vulnerability in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
065cf009b6e7700aae1ab8e914299371a16a18887249f3d3dd8228e48479931fSecunia Security Advisory - A vulnerability has been reported in GeSHi, which can be exploited by malicious people to disclose sensitive information.
30474b565d1c2ca68070de289f736e2403fafa644e3d6804c1f823fbe18aa428Secunia Security Advisory - Tim Brown has reported some vulnerabilities and weaknesses in Movable Type, which can be exploited by malicious users to conduct phishing and script insertion attacks, and potentially compromise a vulnerable system, and by malicious people to disclose certain information.
72ecbbf218a06372cf2afd50862e21b4333f082255ed71717dba5249317b7420Secunia Security Advisory - A weakness has been reported in Kerio ServerFirewall, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
b5ea01cd857468869a5b1e9649f058ec017ad3f1de978dd56e28a8155cf6b927Secunia Security Advisory - A vulnerability has been discovered in Thunderbird, which can be exploited by malicious people to compromise a user's system.
9d34ee2451c05bb78d1255e7ab4525ff40ea1ebfb851dd99f75b00ae3c14ec52Secunia Security Advisory - David Sopas Ferreira has reported a vulnerability in Mall23 eCommerce, which can be exploited by malicious people to conduct SQL injection attacks.
f80f682a3e22813963a7d85d5e8ea5103252d1c15c540eb6f4d6d5971effd007Secunia Security Advisory - Debian has issued an update for xfree86. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.
9d7d56d5de847021a534e2c2b3aa1d562caaaea93d6151476b85be2dda3874b3Secunia Security Advisory - Javier Fernandez-Sanguino Pena has reported a vulnerability in HylaFAX, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.
acd215a4ae5f75da2ac9d390aba9c73ecc459378cf2ac833661f057e9399f24dSecunia Security Advisory - Two vulnerabilities have been reported in PunBB, where one has an unknown impact and the other can be exploited by malicious people to conduct cross-site scripting attacks.
88a60dda1479a6c22f56ae48810ab5698a79c4171ea02d7dbfa5e586e170bc1f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed