Secunia Security Advisory - A vulnerability has been reported in feynmf, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
9a336d995af6ee59fcdb00497d17b9fb2bf0e7bddd916ab01fdd32c3cd5202dcSecunia Security Advisory - Tim Brown has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
30454bbb7a5cb6044804aefcd1eeb3ff8762d12e8b0cf0f561d0d60d1e60d195Secunia Security Advisory - A security issue has been reported in Invensys Wonderware InTouch, which potentially can be exploited by malicious users to compromise a vulnerable system.
d863e1700e4cce1e17662b881e23d8fbedbbb1c0ff6a2a82e3ffa38c96323a93MyTV/x versions 3.6.6 and 4.0.8 appears to drop an end user into the Apple menu with root privileges when hitting the power button during the login sequence.
b7817855a6ba52d4b4ba4fc915572af792b6c1edd52a48ec308332831a21ffe6Aanval is a web based Snort intrusion detection console. Currently supporting Snort and syslog, Aanval provides dynamic monitoring, comprehensive reporting and powerful alerting capabilities. Several primary features are account hierarchy, data-archiving, real-time data displays, auto signature updating, sensor management tools, easy upgrading, advanced searching, artificial intelligence, timezone control, charts/graphs, query saving and more.
fbfbd672e14779d980ba250a3dd0d9556788ecf477afb3622d1f994ef99a597aDebian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
d70a3a64fa245941097ed490e8c67aafe93f38b1d67eee03a77465a45d074491Bytehoard version 2.1 suffers from multiple privilege escalation vulnerabilities.
76ec22bd5cba14906cedfcdbf388d38bfdaccf95fa9ba129b10f97538e13e7e5HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
d835f86ef14e74728a943d02048b0b554bbdb72dc63348e0cbe2616f89718f20A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
dffb03dd9181a15df67067f309c62e9515445ba6b21dab2a0a783789bdd11745GWExtranet version 3.0 suffers from privilege escalation, cross site scripting, and remote file inclusion vulnerabilities.
e4e6f04686018bd807f8a44fdd931ee88df6f4750e03343d250fcc3694893cd7Citrix NetScaler version 8.0 suffers from a weakly encrypted cookie vulnerability in the web management interface.
d8a56f4916a2c3e12e3b2734f56249642178a6c288d3db176f89945ce6179991Yahoo! suffered from a cross site scripting vulnerability using UTF-7. This has been fixed already.
2e06f080021ff60bcf8b9cb7489435c704164dac4045d1cfd13d9742c972bf6bGentoo Linux Security Advisory GLSA 200711-34 - Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 2.0.2-r2 are affected.
7b67b1016489ce2dc2c4b4acef3dea3f9d5c71b680d05fc40370606884914e36Multiple stack overflows exist in the RichFX nprfxins.dll ActiveX control.
7293c8e710192d767af558070b26ba8ca41ebcd71e9167814f04c7c31b237c42It appears that RealNetworks RealPlayer suffers from more stack overflow vulnerabilities in ierpplug.dll.
b3454ab95ff30b7f8777d5ed1fd582faa01978dbcdd22bde69db3e013481f88eGouae DWD Realty suffers from a SQL injection vulnerability.
59a595ba72893c69adca0d626e20eed63094237b87e568c1e8c07e1d551e8b7cSoftbiz Freelancers script version 1 suffers from cross site scripting and SQL injection vulnerabilities.
af22f828b4b730813e8b5f90c91c8b4f66ec2d5305b50880b819ae73ae8e6a8aGentoo Linux Security Advisory GLSA 200711-33 - Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process. Versions less than 258 are affected.
9a9655e788342eb536edcb56980ac13a9d36bf70e3ec7a75becab68b2b67b33cPHP versions 5.2.4 and below suffer from a htaccess safemode and open_basedir bypass vulnerability via mail.force_extra_parameters.
5cb1872002031e72e4addf8a9712d045e489374143dd9a086c89e49cc9fa814aDebian Security Advisory 1412-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
ed2f83414ff3e14f7e07289bdb5c782888e2376074d021bac979dca15c1c977fDebian Security Advisory 1411-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
84a2a39811848c21a5aae5f866f5aa0f30a44e456a13a848ee406e79cc4ef16fDebian Security Advisory 1410-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
497756665c6f5c4cf52f9041b07c5a41ff282dfdfee0e1ec5700bd636e0ba660Simple exploit that demonstrates a script insertion vulnerability in wwwstats.
29014ac2d821ffd45216932fc69be04913f562187be248a4fb5138e2905af733eNYeMon is a Microsoft Windows packet sniffer. It captures all kind of packets and it is possible to use filters by IP, port and data. It also exports into plain text and html format. Binary executable and source code included.
15ee31aa1eedd1434ada6df0f731571b3231905f3af6d3b6a6d6b819d330f31eDora Emlak script version 2.0 suffers from a remote SQL injection vulnerability.
0b5ff226a3fd166d9261956191fecd18c0f673fdd45546fdb27ec4d5e30d466f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed