what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files Date: 2006-01-22 to 2006-01-23

usn-244-1.txt
Posted Jan 22, 2006
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-244-1 - Multiple Linux kernel vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
SHA-256 | e96f47154ea507f1faed9c56fa4cfe5cbd84ece1d44d6f96c2a1e958a73e01a1
Debian Linux Security Advisory 949-1
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 949-1 - Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges.

tags | advisory, local
systems | linux, debian
SHA-256 | 510d4223fef155e40c0316c471d8602c11fdde70b839b2067af5dd35581a4241
Debian Linux Security Advisory 948-1
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 948-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.

tags | advisory, overflow, javascript
systems | linux, debian
SHA-256 | 0781f0a400bb0e5aeefb472bce0a90842a82fff9a9b06bf448e712f6c98cc614
usn-245-1.txt
Posted Jan 22, 2006
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.

tags | advisory, overflow, javascript
systems | linux, ubuntu
SHA-256 | 137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1
Debian Linux Security Advisory 947-1
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 947-1 - A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.

tags | advisory, overflow, arbitrary, virus
systems | linux, debian
SHA-256 | e22ac3f03e6328b997b41877c3a7eb27858c39dee947856d7920d7a4de7cf95c
Debian Linux Security Advisory 946-1
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 946-1 - It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case of include paths (e.g. for Perl, Python, Ruby or other scripting languages) this can cause arbitrary code to be executed as privileged user if the attacker points to a manipulated version of a system library.

tags | advisory, arbitrary, perl, python, ruby
systems | linux, debian
SHA-256 | 67a2e7dc49c1050a5f4f53d052ba3fbd55a600c3025d34cf31e15cb549e262af
OracleDBMS-TNS.txt
Posted Jan 22, 2006
Authored by Amichai Shulman | Site imperva.com

During the login process an Oracle user with no more than "create session" privileges can execute commands in the context of the special database user SYS. This of course grants any user the highest administrative privileges possible.

tags | advisory
SHA-256 | 5654f5ca442c76e942e2de9a76a7f061f6bb9e8ac7882e58e3aaf46e84d49f71
Flog-infoz.txt
Posted Jan 22, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

Flog version 1.0.1 doesn't protect directory information by default leading to disclosure of sensitive data.

tags | advisory
SHA-256 | df540f145aedd39394c6f08a8715de41c5ea0e0be8cda96c700901b651998a77
aoblogger-vuln.txt
Posted Jan 22, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

aoblogger version 2.3 suffers from multiple vulnerabilities including script and SQL injection.

tags | advisory, vulnerability, sql injection
SHA-256 | 5bd7d06d02379af3bab9e6e5a0039b7e531b94799dfba2dd799472799238656d
Debian Linux Security Advisory 945-1
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 945-1 - Javier Fern

tags | advisory
systems | linux, debian
SHA-256 | e42cbaba897b37f6e630e20d5bbc6240a95cfe316256d2933cf59e6ad3e899d2
DSA944-1.txt
Posted Jan 22, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 944-1 - Several security related problems have been discovered in Mantis, a web-based bug tracking system.

tags | advisory, web
systems | linux, debian
advisories | CVE-2005-4238, CVE-2005-4518, CVE-2005-4519, CVE-2005-4520, CVE-2005-4521, CVE-2005-4522, CVE-2005-4523, CVE-2005-4524
SHA-256 | 26f33617037cb5451fc05cd774cd6fcc7eca8495af55fe9a8a93cc71bebb769f
WBNews-XSS.txt
Posted Jan 22, 2006
Authored by DragoN

WBNews versions less than v1.1.0 suffer from XSS in the "Name" field.

tags | advisory, xss
SHA-256 | a7d634df5d3ff9ee3fdb71d0c60caf740f9c3f1c27fc816bd857c6811b9fed55
PowerPortal-XSS.txt
Posted Jan 22, 2006
Authored by Night_Warrior

PowerPortal suffers from multiple XSS problems. POC included.

tags | advisory, xss
SHA-256 | 16ef0302be79b2230845564b48335345cdeb112bac2f9cba0f87c8b6bd295f4a
Secunia-tbird.txt
Posted Jan 22, 2006
Authored by Secunia Research | Site secunia.com

Secunia Research 17/01/2006 - Secunia Research has discovered a vulnerability in Thunderbird, which can be exploited by malicious people to trick users into executing arbitrary programs.

tags | advisory, arbitrary
SHA-256 | 3a68f9dd70465c25eb8e928688ffc045f8dd3474c75161d15f88b7b965515fe6
microBlog-script.txt
Posted Jan 22, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

microBlog version 2.0 RC-10 does not sanitize the URL BBcode tag leading to possible arbitrary script code insertion.

tags | advisory, arbitrary
SHA-256 | 7c8e1be5cf9f9d3aa8c3ca551509ea74c1d2933cc44a21589226d2cca7352f25
microBlog-sql.txt
Posted Jan 22, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

microBlog version 2.0 RC-10 does not properly sanitize the $month and $year variables which can lead to SQL injection.

tags | advisory, sql injection
SHA-256 | 65733177ff683056d87b26cdbc721cee6bcff520586310c25307d7d1328a6e7e
BlogPHP-auth.txt
Posted Jan 22, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

It is possible to bypass authentication on BlogPHP v1.0 due to an unsanitized POST variable.

tags | advisory
SHA-256 | 9098510bb817be692193af23386e767871e58091a7356dc2ec8fd4f2114cb0ee
PHPFusebox4.0.6.txt
Posted Jan 22, 2006
Authored by king_purba

PHP Fusebox 4.0.6 suffers from an HTML injection vulnerability. POC included.

tags | advisory, php
SHA-256 | 176668a01f272fa55a71734c82d3fd6acdf35a12c0a1cc6e77ece62cbe4e1281
wccd-vuln.txt
Posted Jan 22, 2006
Authored by ThinkSECURE | Site securitystartshere.net

ThinkSECURE has discovered that certain well-known wireless chipsets, using vulnerable drivers under the Windows XP operating system and when configured to use WEP with Open Authentication, can be tricked by a 802.11-based wireless client adapter operating in master mode ("the attacker") to discard the WEP settings and negotiate a post- association connection with the attacker in the clear.

tags | advisory
systems | windows
SHA-256 | 6c98b0922e6b92590bcee819bd58ace5c7cce4a613795ad151cc8e0eb9ccc707
ZyXelP2000W.txt
Posted Jan 22, 2006
Authored by Shawn Merdinger

The Zyxel P2000W (Version 2) VoIP wireless phone has an undocumented port, UDP/9090, that provides an unauthenticated attacker information about the phone, specifically the phone's MAC address and software version.

tags | advisory, udp
SHA-256 | c50f8663edc4a02df9008ab612700d7a5c0fdcf5a5d361aa36e8361634330c4c
MPMHP-180W.txt
Posted Jan 22, 2006
Authored by Shawn Merdinger

MPM HP-180W VoIP Wireless Desktop Phone has an undocumented port and service, UDP/9090, that provides an unauthenticated attacker information about the phone, specifically the phone's MAC address and software version.

tags | advisory, udp
SHA-256 | 0211e6e0f97b0e14f164acea36bab94ec3086713d09600c52bc265e7c43ba030
ClipcommCPW-100E.txt
Posted Jan 22, 2006
Authored by Shawn Merdinger

An undocumented port and debug service on TCP/60023 enables an attacker to access without authentication the phone's configuration/debug shell via telnet.

tags | advisory, shell, tcp
SHA-256 | 9228eadd67b000c9fae1b9d23aa784b049f43a4226944d2e24483debe1d1e7b1
SenaoSI-7800H.txt
Posted Jan 22, 2006
Authored by Shawn Merdinger

An undocumented open port, UDP/17185, VxWorks WDB remote debugging (wdbrpc) is left in from development. This open port may allow an attacker unauthenticated access to the phone's OS, yield sensitive information, create opportunities for DoS, etc.

tags | advisory, remote, udp
SHA-256 | f0c681c759a740503dcc49935f5161af894ee2b98a02c3beb3f7a89ce502a87d
ACTP202S.txt
Posted Jan 22, 2006
Authored by Shawn Merdinger

The ACT P202S VoIP 802.11b wireless phone, version 1.01.21 on VxWorks has three undocumented ports and extraneous services that can be exploited by attackers.

tags | advisory
SHA-256 | 28e12fa77f072ac465af59cfbc50eec5f1fd9be2c41d2a49a554957098d31663
cubecartXSS.txt
Posted Jan 22, 2006
Authored by Lostmon | Site lostmon.blogspot.com

CubeCart version 3.0.7-p11 is susceptible to multiple cross site scripting flaws.

tags | exploit, xss
SHA-256 | be85d0b836d9400f1e9c7f64f1dc26e0cd12128f5a1aeaf27239cd70d4ef9f3d
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close