Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.4.
2ae6428185a83a199fc21f5a307823d348f3b7c79bcacfa5610dac600f89cfcfMandriva Linux Security Advisory - The Auth API in ProFTPD, when multiple simultaneous authentication modules are configured, did not require that the module that checks authentication is the same module that retrieves authentication data, which could possibly be used to allow remote attackers to bypass authentication. The updated packages have been patched to prevent this issue. As well, this update provides proper PAM configuration files for ProFTPD on Corporate Server 4 that had prevented any mod_auth_pam-based connections from succeeding authentication.
ad147280c64e52fd7ef4848541a3149f3cee31c56e0ab7c29920dbc42e6e83be51 byte Linux/x86 execve shellcode.
7148261b65d2c2d2dc75054e64cd5b5ab73e3dacbed95ec8d4ca1e2f765a06c9Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
2d0bfd6b12713502b9793d4c806fc5fe7acbe51d1b0c2df739190196f6509c16BitchX version 1.1-final remote command execution exploit.
39236b6f34aa43098be96a197d2a1fd67f7dbe49a90ce86bfe5f6d6b4bd2d92bSerWeb version 0.9.4 remote file inclusion exploit that takes advantage of load_lang.php.
df1e5f62e3ca9f4ed6f6538244f593f78f88d1582d5f3abdbc6b71ae3e9f54b7HP Security Bulletin - A potential security vulnerability has been identified in HP Help and Support Center running on HP Notebook Computers running with Windows XP. The vulnerability could be remotely exploited to allow unauthorized access to the system.
001e54c3893cfcbb0cfa635bfa9495de4a83561d0fc79701389790541b29437bHTTP SERVER (httpsv) version 1.6.2 remote denial of service exploit that makes use of a 404 error.
3d9cd2b6641a08df05e9e48119a0785c46ea878a27644269770669010d904411sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
d018a3c450f2814616d6e10df371981fd19d86b0ea6ec4a05bb5734096679281The CISSP web site is susceptible to a SQL injection vulnerability.
c0ba7d4f6b0c35ccde41a80a894e52f88473c0f530a29d4f1446f7c27eec8fc1vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability related to new topics.
e3fe34aa550e0f2f7d8c107bcf0b54ab463ac041adcd27f50911f56cd41efbd1vBulletin version 3.x suffers from a persistent cross site scripting bug due to a file inclusion vulnerability.
124cb4ff6f114f48f07ed87a69cd0995d57142a60c8e9fdc60831d2609800e0dFusetalk suffers from cross site scripting vulnerabilities in comfinish.cfm.
7cb8de6071c6b054856a55e4c81df2dfec3872f414bf4833c0610fe5074f3ff3Pixy is an open source vulnerability scanner that audits PHP applications for SQL injection and cross site scripting vulnerabilities. It is written in Java and also performs automatic resolution of file inclusions.
50824432cbbb0d2d08b83b3f850b36829dbcd2cb0e67f5b30bea566423e3c709Comersus Shop Cart version 7.07 suffers from SQL injection and cross site scripting vulnerabilities.
58ba2fa8052fb0819670006c7bdfa1d55906e1a7c84ecc9a82070d3947e29cc5Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.
49e35eea195f9ef8ba10b6f706e71bf6d035c1334146bf2abb1b501007b5e26fMandriva Linux Security Advisory - Another integer overflow was found in the way libexif parses EXIF image tags. An individual who opened a carefully-crafted EXIF image file could cause the application linked against libexif to crash or possibly execute arbitrary code.
1356f53c0be093f1e0bd3b4ef2b058cda07f258e1718e73fc47d12c584b5cfacApache suffers from some prefork MPM vulnerabilities.
4d61c28e91dc8056ee3f72cb7c70d86c713c92a2e12bcc5cb0afada3a83c3933Mandriva Linux Security Advisory - The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users.
2c58e81c7fdbf47fc1aff0fb58209c44403b34e89fa427097bb7f681267e7a30Gentoo Linux Security Advisory GLSA 200706-07 - Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code using an unrestricted file upload (CVE-2007-1639), cross-site request forgeries using different modules (CVE-2007-1638), and a cross-site scripting attack using unknown vectors (CVE-2007-1576). Versions less than 5.2.1 are affected.
32e1a1bd5e7b7ce827d5f2dee5bdea8dd5fa451b945e4c3a0c11088f11815542Gentoo Linux Security Advisory GLSA 200706-06 - Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Versions less than 2.0.0.4 are affected.
a7d915b8dee1a1dbf0130d00d257b5daf6d8bdba894d7bee66a3e62a661019beDebian Security Advisory 1315-1 - Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validation if configured to use Sendmail. This allows the execution of arbitrary shell commands.
f255210e60be7f0487fa144f186a573db8354ad9901767162942729c5c012e8aW1L3D4 WEBmarket version 0.1 suffers from a SQL injection vulnerability.
433606e9bfbc7fcdd3b374f544107fce3348a6ab959812ba710b2d401261ceef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed