Almond Classifieds has a validation flaw that allows remote attacks to edit classifieds of other users.
c2ea57c499f9b5d4f1dfc11fed136b3d188aacf69abec3c897afadb9253456baExoPHPDesk version 1.2 is susceptible to remote code execution attacks. Exploitation details provided.
0fe620751940edd520eb7465d4674eb9fc92ce0c1f7953ab546c197a9ae44898DigSig kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verifies this signature before loading the binary. It is based on the Linux Security Module hooks (standard in main stream Linux kernel 2.5.66 and higher). Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Trojan programs, and backdoors from running on the system.
71a9882698f37ed54e72a04fb21ecad41b68f381a335ddc601301d49c752b135ZDI-05-003: Novell Netmail IMAPD suffers from buffer overflows. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. Authentication is required to exploit this vulnerability. Affected Products: Novell Netmail 3.5.2.
a6c8579fcaac421e0684e535024d5416f00bfb87093bdcb05e5735e03d9dc6c9setreuid shellcode for Sparc.
42591800e90683eb955c1c9063bf0c81608a3300cbb47bf07e83c59b0d6c3e75Portbinding shellcode for Sparc.
82f4f156896f731a0acc2503673d75aa915445af4d59607f8244d69eb87717a9A Mambo 0-day exploit is rumored to be circulating in the wild.
cddd67bbfed322c41fef067924a91b2f6ce69a0d53da19518439872f487591d5"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privileges on the network and suggests a change in security policy to mitigate the risk. As a side note, this affects all network servers that offer OS based authentication - not just database servers.
ddf0367b0ae123b501921160d18f52c089a3c85c8d21251937bf98c7eee6c567Gentoo Linux Security Advisory GLSA 200511-15 - A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as Smb4k does not check for the existence of these files before writing to them. Versions less than 0.6.4 are affected.
641275e390b4dd2721852271e0bd97168fb9641590f315376eaf4e1a2e253cabe-Quick Cart is susceptible to multiple cross site scripting and SQL injection flaws. Exploitation details provided.
c0917d9be89c6bc5d4582e3cd2501515dc90fef1c4bbd7dc0cd3d650bec70897PHP-Fusion versions 6.00.206 and below suffer from SQL injection attacks.
5c759a854ef640ac086d20a4e6915f62b1f78fc833f667effd143990303e0ff0Secunia Research has discovered some vulnerabilities in Mail Enable Professional/Enterprise, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system. Affected Software: MailEnable Professional version 1.6 with Hotfix MEIMAPS-UPD0511010000.zip applied. MailEnable Enterprise version 1.1 with Hotfix MEIMAPS-UPD0511010000.zip applied. Prior versions may also be affected.
a41e13f40a8136993edd20a8f6b3d9a6e59403bff26a194c137c66898da4cf47Secunia Research has discovered some vulnerabilities in Winmail Server, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks, and overwrite arbitrary files. Affected Software: Winmail Server 4.2 (build 0824). Other versions may also be affected.
483903aafaf97c68ef194aea91ed9e74286d55d7bb3ddf39ea0d000823b9aeb5Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
144abbc7055b4f059404ac3e9a380f83138ffb714ba24dec2e674c9adf980287RFC (Remote Filesystem Checker) is a set of scripts that aims to help system administrators run a filesystem checker (like tripwire, aide, etc.) from a master-node to several slave-nodes using ssh, scp, sudo, and few other common shell commands.
dbabd1edfd938cd01ffaa094c7698d70d516922009dc18072bbb7990956da8d8Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.
e7c030ea1072f4f0f3960a7cb5495355fa653243b392ee43aea388fac5bd7b0dDebian Security Advisory DSA 900-1 - Thomas Wolff discovered that the fetchmailconfig program which is provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, creates the new configuration in an insecure fashion that can lead to leaking passwords for mail accounts to local users.
1fab93074bcf0d6c1ff84696b4f9e765f5d00b58003a806527e17411b3e97f72iDEFENSE Security Advisory 11.17.05 - Remote exploitation of a directory transversal vulnerability in Qualcomm WorldMail IMAP Server allows attackers to read any email stored on the system. Exploitation details provided. Tested against Qualcomm Worldmail server version 3.0. Other versions may be vulnerable.
01a2547672aa0a6bf533fe4063a9e2b47e5039c817eda96685045473de319554Debian Security Advisory DSA 899-1 - Several vulnerabilities have been discovered in egroupware, a web-based groupware suite.
ce5dc61b6ab7f174ffd0578f4d7b299207ee622bfdae9b8fd35c151559cf6fcaA vulnerability leading to unauthorized cancellation requests in WHM AutoPilot versions 2.5.20 and below has been discovered.
2ad2b040e6222ebcf0eab5e45ad775907734a840167b49cdfdcc6a95a13c1585This Metasploit module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
7094ed083e302ef685862bc36e8a4e257722a626bc842428e2cb88d10634019dThis Metasploit module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance must be able to connect back to your machine for this exploit to work.
82f85d75854b75afe8ab87082e0ea3e4d896a30bc0feaa556d1fd14f8dfcfc5eProof of concept exploit that generates a flash file able to produce a denial of service condition. Relates to Flash.ocx.
01789d31ef803e09d39f628f47de0dae1c6fc6b70fc2a37c64a85527961cbe23FreeFTPd remote USER buffer overflow exploit for versions 1.0.8 and below.
8da2a5f3da96fa0cafbeead497312b5e06fcdbd17ce4badd50add24f1c732a7cEKINboard version 1.0.3 suffers from SQL injection and remote command execution flaws. Exploit provided.
37aa21917625c66e3b965ff58b2a35944062c2cd2172cb40043662cf6e8ec5ae
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed