Nth Dimension Security Advisory (NDSA20070524) - The JFFNMS application has high risk issues with its authentication mechanism. These can lead to SQL injection allowing authentication bypass and Javascript injection. There is also a potential backdoor although this is unlikely to be exploitable. The JFFNMS application has default PHP scripts which can lead to information disclosure as an unauthenticated user.
474819ff3749ac56f3c7f1d1b13919e237c6efaf980c43a4b2095a7bf984b293Debian Security Advisory 1302-1 - A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
c124f95dee3404561bbca91bcb78c6545f445033ef06d0760d1d298d1f9b0e9eDebian Security Advisory 1303-1 - Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service.
0ab7791e45f6942413adf3f101cb17db0acca6a20be5010af9fce07305d933b0Link Request Contact Form version 3.4 suffers from a remote code injection vulnerability. Full exploit provided.
0423208100e20e1bcf2100f3deddf8c13824689edc37c5cec1338f65e81ec3a2www.shopathometv.com suffers from a cross site scripting vulnerability.
f368d71d30697ffc32353629ddbf49b1c971f709052af1887b4cc802189ddeb5Debian Security Advisory 1301-1 - A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file.
581128210fcc066baf5838993a98d3ad36f84fd413e7fd7ad8e6dedfb1d42aacmyBloggie version 2.1.5 suffers from a remote file inclusion vulnerability.
07ccc6704aa43d2d3eed827d356f3028890fbb8638f13705d6e513a69a41d594vSupport Integrated Ticket System version 3.x suffers from a SQL injection vulnerability.
e0c6b4fa6c10b0e9150a0d0fbc3df86491f6957acf57e618654f9863d3254535UidBind is a simple LSM module that restricts calls to the bind() function to the UID/GID defined in a configfs tree.
e5d287f1aa4ef3760b2c7204dc3a3a5bcc53b538f48c31e8062ab09a988b8ae5Plash is a sandbox for running GNU/Linux programs with minimum privileges. It is suitable for running both command line and GUI programs. It can dynamically grant Gtk-based GUI applications access rights to individual files that you want to open or edit. This happens transparently through the Open/Save file chooser dialog box, by replacing GtkFileChooserDialog. Plash virtualizes the file namespace and provides per-process/per-sandbox namespaces. It can grant processes read-only or read-write access to specific files and directories, mapped at any point in the filesystem namespace. It does not require modifications to the Linux kernel.
fd864fe0e95c0090f68aa6796f289689e412a7d4b7753746aa3dba44dd5179b6SpyBye is a tool to help web masters determine if their web pages are hosting browser exploits that can infect visiting users with malware. It functions as an HTTP proxy server and intercepts all browser requests. A few simple rules are used to determine if embedded links on your web page are harmless, unknown, or maybe even dangerous.
00dd7df03c9a37e80854fa27e44eeaaa4a8c49fa3b0597b5e3b1b2a128669432Nuface is a Web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
686dfe5b1a37fed0cdaf11c9b06afb08eb23953aba7a8cfec4d0080267ddf904Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, and has features such as Bluetooth address spoofing.
661d257a4a532d5843be1834534633586b7ffa70a367c685c61f7218fa4702c4Ubuntu Security Notice 470-1 - Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers.
56fd8733aa53edf71d49d69b80148108e0db8297790509014a675376ae98f632Mandriva Linux Security Advisory - An integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data.
2ad12f001910f1eeed0075ed45b9dc426c4a39fc7cc48f0d6baa9c71c605e5daeEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x.
d9613dbb76bafe2f5a875521f8e0028a1306fdcd3e8bbff5b802d3921f26ac89iDefense Security Advisory 06.07.07 - Local exploitation of an information disclosure vulnerability within the Linux Kernel allows attackers to obtain sensitive information from kernel memory. This vulnerability specifically exists in the "cpuset_tasks_read" function. This function is responsible for supplying user-land processes with data when they read from the /dev/cpuset/tasks file. iDefense has confirmed the existence of this vulnerability in version 2.6.20 of the Linux Kernel as installed with Fedora CORE 6. It is suspected that previous versions, at least until 2.6.12, are also vulnerable.
1cbddf9f964522b8a1b33ad47d06eb80d8a50c65a2cc77358d4192f28d785c29Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. The vulnerability has been identified in version 7.3.0g2 and 7.5.0g1. However, other versions may be also affected.
8eb0c7a50e9fe070efa27590a9a7e409e0937a06053bf48cf3765d96c2b12418Zenturi ProgramChecker ActiveX NavigateUrl() insecure method exploit.
35254749fd28f6a2693aef0eabd0b27a6c4c1296be47d7a503da51aa47ef14b2Zenturi ProgramChecker ActiveX multiple insecure methods exploit.
3d2bb2b4608b3ea385b99b58c216d019d9a63e1c027b0182a209d23c60a204f7Microsoft Windows animated cursor stack overflow exploit with reverse shellcode.
1a4e222ee915a53deac41e525052a79fdeba491946f5b20afd80db953052b3e9MoviePlay version 4.76 .lst file local buffer overflow exploit.
073fe06de4f05a3b5ac16d628283d6ef013f7acbf5fbeefe542cef041ff98f56GeometriX Download Portal suffers from a remote SQL injection vulnerability.
9fd875076073e940e79aa72ce44e3fae81a45386d24ab15ca6ff7f448ebd8c89PHP Real Estate Classifieds remote file inclusion exploit.
d2492fd10b71b03c637156f1defc1aa00a9f5c2074c53727f4b612d68b27ee0ae-Vision CMS versions 2.02 and below SQL injection and remote code execution exploit.
44a6d74b42b1b22ed09a0e31927a7d22ebf5330e43998d4b31186a5050f7b484
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed