WordPress version 2.3.2 suffers from cross site scripting vulnerabilities.
f827868cc76261d3e945407858a7c2b3e50bdd12755103302ce169b6d4903df8Horde version 3.1.6 suffers from an arbitrary file inclusion vulnerability. Details and a patch are provided.
a842f07e46976d40c5f1e8b780daf2730e7e34448fb9ce8cb28fbab68b8603e2A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
28b7f72d48f6112d1291d0bde99e0432433d367cbdc828b68cc4140753202de2d3vscan is a network manager that is able to uniquely identify and graphically plot network and bluetooth devices to provide a higher degree of understanding of a particular network. It is also simple enough to be used by an average end user.
0cb0f038abaade6674714b1f16cde8ecba91e9165bffc2995646448c023c6a0bzKup CMS versions 2.0 through 2.3 remote upload exploit.
dcfad30ef5f9732410d4b523119265c11f5bba011963821f7ba55177e78ace15zKup CMS versions 2.0 through 2.3 remote add administrator exploit.
b77702a719e97f16193c2e54deb2b2cc0093a980da6c451c26f995c352323540Ubuntu Security Notice 582-2 - USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream fixes were incomplete, and after performing certain actions Thunderbird would crash due to memory errors. This update fixes the problem.
fab13e0223aabbf6ace0e2087124c53fee125106a1dea684d9fcfafa86b17a7eExploit for the SQL injection vulnerability that exists in the PHP-Nuke KutubiSitte module.
f57876ccaa4f33bf5172eee40133b229a5ed876aba5fb7b6c4863c51376e3297Mandriva Linux Security Advisory - Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution.
52eda058258bdcb9d43638c57fc974b386b40ef9d7b0bbeae526792bdb969b82Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.12.
9ff0744156668166c4e03c21ca64c0864dd42bc9e497d903ea8be0be2de146f0Mandriva Linux Security Advisory - Multiple cross-site scripting (XSS) vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via editing templates and the list's info attribute in the web administrator interface.
08596d178f7e9b3559baa848c658c8a5875329ac953831026e23138a0508c818Technical Cyber Security Alert TA08-066A - Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
faa861707f350d790ef1f0335ff09175a0d29e5b9193960b5cb787213b4ece36Debian Security Advisory 1513-1 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances.
f7fe985a8ab110c423e6e8877760ac37885365e91c828a99252635532d0e3978MicroWorld eScan Server versions 9.0.742.98 and below suffer from a directory traversal vulnerability.
6d95a7c9edbf7aa2a27e1272316954e97f4abcb4df685611864023bfd5734e92The PHP-Nuke KutubiSitte module suffers from a SQL injection vulnerability in the kid variable.
7af20f55a2f0de319ef9e2d6dbeb999ff9a3b8dddff0a22aff9a69b584f69c85Backdoored version of OpenSSH version 4.7 that logs user credentials to a file. includes.h holds the password and logfile location.
2b6417dc87fe20babd2dd1d7c3cdd41f32cf29c0513971cd19305e012993259eBackdoored version of OpenSSH version 4.2 that logs user credentials to a file. includes.h holds the password and logfile location.
dc3a927b9892c9202e3d2b41778e4eaf6e572e2da25ccdcb36ecd18de2829d31The Checkpoint VPN-1 UTM Edge suffers from a cross site scripting vulnerability. Details provided.
d3fc5f4d681e57956fc9dd850febad7de761b3f1d8e7dd426ea6d1a607529fb6SUSE Security Announcement - The current security update of cups fixes a double-free bug in the function process_browse_data() that can lead to a remote denial-of-service by crashing cupsd or possibly to a remote code execution. The bug can only be exploited if cupsd listens to 631/udp by crafted UDP Browse packets. Additionally two remote denial-of-service bugs were fixed. The first one can be triggered via crafted IPP packets to use a pointer after it was freed and the second issue is a memory-leak caused by a large number of requests to add and remove shared printers.
1d33e9dc71eee1a911d8e2a1a177892a773eb3fb7cf993243327770428c9fe79Ruby versions 1.8.6 and below suffer from a directory traversal vulnerability.
9f973809eb55cc820516d1393f62a862d0a8b28e34f6960c7fc79f70c8274379Debian Security Advisory 1503-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
602da77c5b44f4181dfa36960a7570c87107eb6246c70e7a244984342052d16eYap Blog version 1.1 suffers from a remote file inclusion vulnerability.
985d8d96a645bb021bc12350167f9ed3c7d9a68da17db6be831eb329f745a85aThis code demonstrates a new type of finite automation implementation that significantly reduces the memory footprint of existing transition tables allowing it to fit in shellcode and other security programs.
5ce9d6cebe824dba809bc209b6bfc8e4b253fba8f63004a201888970a387b573A couple more JPEG ICC parsing bugs were fixed in the latest JDK updates. Link to a malicious JPEG included.
7733f14ba82041871e9e880fa5b320f8d44d631e00cf2e0e340c225595e2abe3Gentoo Linux Security Advisory GLSA 200803-12 - Ulf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the Version: field) from an encrypted e-mail. Versions less than 2.12.3-r1 are affected.
33a92899b1ce0b36840cf539ae269f980d49133cc7962c917e2bc7db908681d3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed