Call For Papers for the 5th International Conference on Autonomic and Trusted Computing to be held in Oslo, Norway from June 23 through June 25, 2008.
b04db4e4a096be5d2e0ff8b3867568bc305ec8561e582059427777c57d172911VTLS Inc.'s vtls.web.gateway CGI is susceptible to a cross site scripting vulnerability. Versions up to 48.1.0 are affected.
8dd7b975689fca20a6db74f32829fae10d09f886aa6152e808a33d4e79c5e9bfA cross site scripting vulnerability exists in F5 Networks FirePass versions 5.4 through 5.5.2 and versions 6.0 through 6.0.1.
51540fba61ee07c114e319066190f0cda6e0b78c22a023ed48a9ce08149e0dd6Mandriva Linux Security Advisory - Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags. Due to incorrect build requirements/conflicts, the cups-config in Mandriva Linux 2008.0 was displaying the full CFLAGS and libs instead of just the libraries when 'cups-config --libs' was invoked. This update corrects the cups-config behaviour.
e63a5975b26008d3f2d655865c92025b4b909a23c8c3453d086e36cbadb70d04Gentoo Linux Security Advisory GLSA 200711-16 - Alin Rad Pop (Secunia Research) discovered an off-by-one error in the ippReadIO() function when handling Internet Printing Protocol (IPP) tags that might allow to overwrite one byte on the stack. Versions less than 1.2.12-r2 are affected.
becabfb339309fe0b78942a9e923c0ea32dc813e18ceb3f6f1518ab8b53fbe9eGentoo Linux Security Advisory GLSA 200711-15 - Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows. Versions less than 1.2.1-r1 are affected.
06abf3fb4c0497db66087add4a3481c52966c43b7afe840d3eae58b17b2eefd0Gentoo Linux Security Advisory GLSA 200711-14 - Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to cause a memory corruption. Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitized. The titlebar can be hidden by a XUL markup language document. Additionally, an error exists in the handling of smb: and sftp: URI schemes on systems with gnome-vfs support. An unspecified error in the handling of XPCNativeWrappers and not properly implementing JavaScript onUnload() handlers may allow the execution of arbitrary Javascript code. Another error is triggered by using the addMicrosummaryGenerator sidebar method to access file: URIs. Versions less than 2.0.0.9 are affected.
9406d653f481b768d289697671963843abc5749121b2f6c0fbe1ff5ea8d7b3e1AutoIndex versions 2.2.2 and below suffer from cross site scripting and denial of service vulnerabilities.
34f083f495c6b073bb0cab0b5c0cf6e6b0fafd60887513a83c781a072a288396X7 Chat version 2.0.4 is susceptible to cross site scripting vulnerabilities.
a0ca12b0a2389ec279ddab91b583c6334056fc19fb37e28affce8a95f4e138a3RFID: Security Briefings. A set of slides from a talk that discusses how RFID works and security menaces related to RFID.
07412007c5d562cfc46e5c3f10554ca1402ee1f8f1a9c0675dc2d12fe5752881HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to gain extended privileges.
81d835ad497f2eb1a68ba60bc8d9e611155607b707a8ea4a82d3cada3909e855The Microsoft Remote Help safrcdlg.dll appears to suffer from a buffer overflow vulnerability.
71d4938bb6302ee62a8b14c16dcadbe694f250a46f0bc7d9ace59ae272d3c17diDefense Security Advisory 11.12.07 - Local exploitation of an invalid array indexing vulnerability in the NPF.SYS device driver of WinPcap allows attackers to execute arbitrary code in kernel context. The problem specifically exists within the bpf_filter_init function. In several places throughout this function, values supplied from a potential attacker are used as array indexes without proper bounds checking. By making IOCTL requests with specially chosen values, attackers are able to corrupt the stack, or pool memory, within the kernel. iDefense has confirmed the existence of this vulnerability in version 4.0.1 of WinPcap as included in Wireshark 0.99.6a. The version of NPF.SYS tested was 4.0.0.901. iDefense suspects older versions to also be vulnerable.
510bb102e1e8e6cfc87dc73494eafc248e9211b6b3fe266221765f537a2cf67cTanel Poder has found a way to get SYSDBA access to the Oracle database by utilizing a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION.
5e1b4edfe37135b33516348ba90362ecdd76608bd6edb343794c43e552bfcfdaBroadcast Machine is susceptible a cross site scripting vulnerability in the login form.
8241a33bb964ea259feca73c69ede830f25a8e4f545f97d6c5d5c9b1031f89c1Debian Security Advisory 1405-2 - The zope-cmfplone update in DSA 1405 introduced a regression. This update corrects this flaw.
ddc8f5f88eaa01e22eab6126f2db39030335bd7cbeb0ff18da4430ea7846a392Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
09a006760a5458748e42112a8b4b99c9ffc58c6842bd99fa22aca545cda43a75This code creates standard dns A queries with a spoofed sender ip address. In particular conditions, this can lead to a denial of service (answers weighs more than queries). Based on snoof.c.
4f3cf1a815cd50f51ad172741ec825abc82c283f6dc30dbe24f0d171dbb50cdfEggblog version 3.1.0 is susceptible to cross site scripting vulnerabilities.
b0ad0fa2892ffa6c90277931bf860dadba6a06a310f67b381c02a6a0b2ada0d6Basic ASP.NET shell that, once uploaded to a server, can be used to execute shell commands and upload, download, and delete files.
abb3ddc945d147a4ed435b71490764bc4a2860f4ad264052f407357911bd6746Pwning the BT Home Hub details have been published. Various cross site scripting and cross site request forgery issues still exist.
ab1677aacfc1c74bee9c7cfe35b991c63e556b2ab40df41d807b2900002f9b3bPHP-Nuke Module Advertising blind SQL injection exploit.
ce80ab052050c5309dad3a8871ae360a22b4e6bc4171150abc9cd77b0155b178An unhandled memory access violation in the OWC11.DataSourceControl in Internet Explorer may cause a denial of service condition.
36f5932d4194007c7f52bde0c9a20b93bcae88680da0647d29c698b8be41075bPhpSiteManager Beta2 suffers from remote file inclusion vulnerabilities.
bdbe4a0975b0c35925386fd9af5ee9ae760f6a457db5ca5a553558c578e5f161Chems version 0.2 suffers from remote file inclusion vulnerabilities.
65fe2ae9522fcac22c5cd110531dfa678cc08c9c4f39e0c27ed1b3a4800f1a90
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed