Kurdish Security Advisory #10: MF Piadas 1.0 Remote File Include Vulnerability and cross site scripting.
f6193cc9e4bf8890ce152e0b0626ed3c3b64b17dde10719899fb2b5518b5812fSUSE Security Announcement SUSE-SA:2006:037: The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desktop system.
a65f089c3a17784822afe0eba17743d2a60be152567b2595210185499bd06b3cUbuntu Security Notice 307-1: TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user.
a433e0a7e41a1c1f2bb2a661881ce12bf916ac086a08d13a910b2126a449808fUbuntu Security Notice 306-1: MySQL did not correctly handle NULL as the second argument to the str_to_date() function. An authenticated user could exploit this to crash the server.
fc3713a621ae408e057633edcdacf72464b08a67999cdf049e4aa0250817e127Ubuntu Security Notice 305-1: When processing overly long host names in OpenLDAP's slurpd replication server, a buffer overflow caused slurpd to crash. If an attacker manages to inject a specially crafted host name into slurpd, this might also be exploited to execute arbitrary code with slurpd's privileges; however, since slurpd is usually set up to replicate only trusted machines, this should not be exploitable in normal cases.
050535df00cc3c879a950767337feb6a98901d471efb4a320dc49b7296e16738Symantec Vulnerability Research Security Advisory SYMSA-2006-006 - Lotus Domino SMTP Based Denial of Service: There exists a Denial-of-Service condition within NROUTER when parsing meeting requests. The result of which is that no external or internal mail will be delivered during the processing of the malformed message.
a07db676c737cf141f460ae87b3a7e88945979eb5d19aa822edba5e87bd0bc01The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
30d173c3ac0c5fdffc35b8ba8b0f94d4420dc0d38002684c850ab21c7af36253Jaws versions less than or equal to 0.6.2 Search gadget SQL injection and admin credentials disclosure exploit
6501b3a82ca0af55b95509761aa1f0c82b0bd821c53b1843b1f9d39c1816673dIt is possible to use the error_log function to bypass safe mode in PHP 5.1.4 and 4.4.2
69dcde6236188d1a1843507726eaab7b5d146ea0cda8bb889b32fc10c645b338Windows Live Messenger 8.0 Contact List heap overflow exploit.
746c6eebe4b80e97b9ca984db02bc07486dbd521c90c7a129a7bfa63a36deeb8exploit for all versions of yabbse that retrieves any users password hash.
cfdfdf127220b379e824bae8db741a18c7b8280f69303c3c2a9034e52bf3565cPOC code that crashes the Flock web browser using the marquee tag bug. Tested on Flock beta 1 (v0.7) and XP service pack 1.
ec0068f9fd53ef86b96bf84cca7bc571344b8efd2839c9cbca385eaa74b81aaeZ4CK is a cyber thriller which includes a gripping story line with an insight into realistic hacker tools and techniques. The main story is about a hacker who creates the ultimate security tool capable of breaching any network security. Other tools such as Nmap, Nessus, Hydra, and Netcat are also put to good use in this novel. The PDF is completely free to download.
4d20b44b8248610c702df19f32236850bb03226e31e5f24f5e70b4b65fce5512Digital Force is the follow-up to Z4CK. Again realistic hacker techniques and tools in this cyber-thiller which has several twists. Duncan Steele must work for the UK Government elite hacker unit 'cyber-secure'.
3ff27d3ac0705597ec128e42ea1694d4ad7e083f5b05a81ee1978b9e15f6de33Secunia Security Advisory - Secunia Research has discovered a weakness in Opera, which can be exploited to display the SSL certificate from a trusted site on an untrusted site.
8cc82aa44ecfc7312c40cf1105428d6bd481042beeedb7afc3c089be4541e82dSecunia Security Advisory - SUSE has issued an update for freetype2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library.
94a71fca61d0da5e09bc0aff1013a24aa3bba4a500cc9f4967e6fb0be9d232baSecunia Security Advisory - Two vulnerabilities have been reported in IBM WebSphere Application Server, where one has an unknown impact and the other can be exploited by malicious people to gain knowledge of sensitive information.
907f26ae4bbbb68122af319b11a8e7358a9d55cfefbda329deb48437db46b8b5Secunia Security Advisory - Darren Bounds has discovered a vulnerability in Trend Micro Control Manager, which can be exploited by malicious people to conduct script insertion attacks.
d5b85b9371dc275902a7b772cc8961ad90de171fd38155dcb8d3ef9920d7463dSecunia Security Advisory - Moroccan Security Team has discovered two vulnerabilities in Open Guestbook, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
9622c104f9705198ccc5d9ab8476bcfc570d83578f10bf20d1231d4e88693baaSecunia Security Advisory - r0t has reported some vulnerabilities in H-Sphere, which can be exploited by malicious people to conduct cross-site scripting attacks.
9b5a802bf7726ba03baf390630655c8639db11051f1d7f9bf40c6e8bd02d3ac3Secunia Security Advisory - A vulnerability has been reported in Hashcash, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.
6c20ad9c67ca1cc7aa8c74127e7cda7c40f35f2601bba363e6db52ae60bc9ccaSecunia Security Advisory - Ubuntu has issued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
4db01ba2c467a7a906bab10ac5f422af05fa672bd3eecbecbd1ef9366df26448Secunia Security Advisory - A vulnerability has been reported in EnergyMech, which can be exploited by malicious people to cause a DoS (Denial of Service).
6309b17c8c6eecf74788a59a41dd552c6689e6980749bab1781e225fefaf1360Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service).
3f6921f7a3d742d1c24f27f64b9b88316e3b5e5ad27fd13aecd652e7c9f7d956Secunia Security Advisory - Slackware has issued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
664ac682d2f0052b7ec9d622116c72a58a2ee6522ee7c0cee5fb21f2b88dfc1b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed