phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit - This exploit details a method which uses the Gif bug in IE to perform a XSS attack.
d91dff60352e732640beee7806aa41a9c45b5959d3f48c32e267e9a5b93cc466Gentoo Linux Security Advisory GLSA 200510-21 - Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grab_globals.lib.php security model and overwrite the $cfg configuration array. Systems running PHP in safe mode are not affected. Furthermore, Tobias Klein reported several cross-site-scripting issues resulting from insufficient user input sanitizing. Versions less than 2.6.4_p3 are affected.
bdc34b73151d595048e983ee59c1ac6b53aeef0310b18852111bdc00a67958ecGentoo Linux Security Advisory GLSA 200510-20 - Zope honors file inclusion directives in RestructuredText objects by default. Versions less than 2.7.8 are affected.
fa3508d05860a34beb4eaf6ad27147ade6dd88c2ba2ef0d5255a87e4300bf526Gentoo Linux Security Advisory GLSA 200510-19 - iDEFENSE reported that insufficient bounds checking on a memcpy() of the supplied NTLM username can result in a stack overflow. Versions less than 7.15.0 are affected.
b403869cb001836a2a8f8c3b58aa4ab7d808f737aa05a63af0cbcdbbd522b133BMC's Control M enterprise scheduling facility creates temporary files insecurely.
10159e46cbab518398523ed1786a87cbc0d512a8f648293114d56d7015f86202Qcrack is a program written to test the security of md5 passwords by attempting to brute force them. The user can also specify the characters to use when brute-forcing.
67aa24c0dcc7ce582aa9d7359224e4f37030cfa21591ca3eb4a793a2d8e7985d[KAPDA::#8] Domain Manager Pro Vulnerability - A remote user can conduct cross-site scripting attacks.The 'panel' script does not properly validate user-supplied input at the 'err' parameter.So remote user can inject html script to fake login form and steal admin's password.
884d2c7cab6a1fb8491aefd45b26685f951bc1ff50e09b9c0295fdebbf165705aRCHILLES Newsworld versions less than 1.5.0-rc1 suffer from multiple vulnerabilities including login bypass and information disclosure. POC and workarounds included.
9227656086e77f731c91ef4311c8666b9482d7c9442c448649307de93e6d155cMWCHAT 6.8 SQL injection and remote command execution exploit.
41110b8a0d1dc327dbda05febcf2566569f15a2637fd71c9e8c0e5d01e2bc6f7F.E.A.R. (First Encounter Assault and Recon) 1.01 is still vulnerable to a bug discovered in December 2004.
1bd561f56fa4976f859ecef647720e1eb9ae93c82482cbb22ccd4ed2d2c48187Nuked klan 1.7 suffers from multiple XSS vulnerabilities.
007b2b8e0fea92b9aae3119a716f437e8d9879ce0387de9d16846c550ce487a8Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability PoC exploit.
7feca937d675bf9811db6950dffd927ea8e117fe2e79314cfd11bb88a2b56bcbSEC-CONSULT Security Advisory 20051021-0 - Since april 2005 SEC-Consult has found 5+ serious vulnerabilities within Yahoo's webmail systems. All of them have been fixed in the production environment. Nevertheless SEC-Consult believes that input-validation thru blacklists can just be a temporary solution to problems like this. From our point of view there are many other applications vulnerable to this special type of problem where vulnerabilities of clients and servers can be combined.
7a64cb8ab3b8e5a8f4156e727abc3f37614cab2407e89b76e8fa54c19d9a2919SNS Advisory No.85 - Software XOOPS for building community websites contains multiple cross-site scripting vulnerabilities.
42ef2f7b204282e9348d3748062f73c7a8d9049e88f398ad78a5f593de24a6d8SNS Advisory 84 - Oracle Application Server has vulnerabilities of HTTP Response Splitting. This makes possible to represent an unreal content as if it is real or to cause Cross Site Scripting attacks.
d2593262db3bce5fcc290a10c71016c69956f1b4127c661c1b9c404cf7abd8d5SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Openserver backupsh. The backupsh utility is a standard binary distributed with Openserver 5.0.7 and earlier.
05597ecea3d8a0bd926b0282d3c7164ffc0d5a812b5296d3da2b44ba717b8f45SCO Security Advisory - iDEFENSE has identified a Buffer Overflow vulnerability in SCO Unixware ppp prompt. Local exploitation of a buffer overflow vulnerability in the ppp binary, allows attackers to gain root privileges.
52844b9a3101e4ce8cadab981c41468ce7e578544ae531927abae4e4d937634biDEFENSE Security Advisory 10.20.05 - Local exploitation of a design error in the DiskMountNotify component of Symantec Corp.'s Norton Antivirus 9.0 for Macintosh may allow a user to gain elevated privileges. The vulnerability specifically exists in failing to specify an explicit PATH for the "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/DiskMountNotify.app/Contents/MacOS/DiskMountNotify" binary.
ebecbb36ea10c4ab83e03fc878e06f2189ffdd7121fc3cc14da3f15fa860cb0aiDEFENSE Security Advisory 10.20.05 - Local exploitation of a design error in the LiveUpdate component of Symantec Corp.'s Norton Antivirus 9.0 for Macintosh may allow a user to gain elevated privileges.
e72e0eb45f151aca7593af2915144cd93a7044b126e87bd6a8c95dd626e2649bDevolution Security is a video surveillance system for Linux based systems. It supports up to 16 cameras and features unicast and multicast broadcasting, a Web interface, an X11 interface, themes, motion detection, record on motion, eight different camera layouts, camera cycling, fullscreen mode, and more. Devolution Security uses its own toolkit (dtk).
80c5017c93f392fba1af09589f808e54259d298f06dc202c8b5b1b5a1f3f6bcdFortress is a simple script driven framework for performing security scans. The core of the application is an application which will execute testing scripts written using the embedded LUA scripting engine. The scripts may perform almost arbitrary operations, including making HTTP requests, conducting port scanning, and taking advantage of several other provided primitives.
2e7246ed11aa5a9080d05fc1f7fb5438007f88c120542f7775cd9d75184151f7Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.
b28c6b8e925dfb99ab64d6a67e90b012c6d6eb666aaa5d6b7361a1a094c46134Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Windows setup binary installer.
5e051bc469dbd75dbfbf7ec38c9be034ef324c27e1adde87083a6467b57fd702Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
b0e311e795cc5f4df850bfe4961710d47d5f90d153baa4151c7d1ffd700ffc5eGNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
65852d74699a66ac1fceecfb9265f34a2c157cba10313698a7656567f4800191
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed