The Call for Papers for the MEITSEC 2008 to be held in Dubai is now open. MEITSEC 2008 will be held at the Etisalat Academy from November 16th through November 20th, 2008.
e7848355e6c1cd27190a24189823e56bbce55eb405c68a410b72037f604f9660Technical Cyber Security Alert TA08-189A - Microsoft has released Security Advisory (955179) to describe attacks on a vulnerability in the Microsoft Office Snapshot Viewer ActiveX control. Because no fix is currently available for this vulnerability, please see the Security Advisory and US-CERT Vulnerability Note VU#837785 for workarounds.
3397ca6655493aef10aa96c5c3922c0c896f9e2385119040cd8fcdfbcc7ae6e1The Poppler PDF rendering library versions 0.8.4 and below suffers from a memory management bug which can allows for arbitrary code execution.
0f357fc416cd3be3d0207302a38ee42eb9121ef982844b3425f2e54b4376193cNeutrino version 0.8.4 Atomic Edition remote code execution exploit that uploads a basic shell.
8418d30f8b589648903e8fbfc03787e9a75225e5cf119843f2415600cbf5dc00Artur Erceg suffers from a SQL injection vulnerability.
ae29e9f3608662745f2ebaa816f809614d6a6a01448897fb3b73bb5835af5850Gentoo Linux Security Advisory GLSA 200807-03 - Tavis Ormandy of the Google Security team reported a heap-based buffer overflow when compiling regular expression patterns containing Internal Option Settings such as (?i). Versions less than 7.7-r1 are affected.
90bc807b7b7aa390aeb1924d5012ed79223d057910f8883feb451614ef283d31Triton CMS Pro remote blind SQL injection exploit that discloses the username and password hash.
bedded7ab98cad477c122d721b7603ac37e07990ef112d17fbba371523a220ccClam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
7aa98796671dfe3db5a20e25669404c4e4461d2a6c77de352edf99f2c989e500V-Webmail version 1.6.4 suffers from a remote file inclusion vulnerability.
30dc271e0bfaccdbf92d3d7767417cc117cba17fad430525490f8e3cb2caf6fc1024 CMS versions 1.4.3 and 1.4.4 RFC suffer from multiple local and remote file inclusion vulnerabilities.
377dd8b29f5fdc247e564b2308941f865d5a19b5c30977fc88c9e0dd97318354Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
95bf85f54b41a50308767171e078bf378360f1209faaa56ebca454574246b7d7Dnmalloc is an allocator that keeps heap management data separate from the heap itself. As a result, dnmalloc is not vulnerable to corruption of the heap management information by heap buffer overflows or double free errors.
6cd120675a488eb23c50989ebf56f50cba42ab50539daebfc4b8d50a3cb287aaWebXell Editor version 0.1.3 suffers from an arbitrary file upload vulnerability.
1204747a11d5e1c88f11f97dd996add502a8c2695bc165aad78dd19be60ffbccFuzzylime CMS version 3.01a local file inclusion exploit.
e2aad372ae77170ff2524f0a6b551cc685ee9b4c2175cebba687dd1306366be3SmartPPC Pay Per Click script suffers from a blind SQL injection vulnerability.
4d14b9e4581c3111ff75e2c186a1f74cc971fb52f4dde5326a09f687c61ab413ContentNow version 1.4.1 suffers from upload and cross site scripting vulnerabilities.
8e6c880052ac80e0ec1eb9b2a4dc678694643d95d6b9e621d60c4581f151d155XPOZE Pro version 3.06 suffers from a remote SQL injection vulnerability.
dbb1501c1f1b97e191e8e5c20fb043c8428a6f001f142ca10cd9e247b10fdf06Debian Security Advisory 1602-1 - Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution.
d81e46e2f256747f79a7c880be762f69cc8cd3ff336ed8da330037303001f5d4mboard suffers from a remote file inclusion vulnerability in mboard.php.
6560d4d22f4a8da5dfe2af355768f3a295d142088c92cc2b4f3af49765395371Fuzzylime CMS version 3.01 remote command execution exploit.
3d85b9984f51dfcd3a674f8743266fd329fbe6b9d80f2f453a38897c114c4c99ImperialBB versions 2.3.5 and below remote file upload exploit.
46ad3d03c9061ea9cd646c8b0d29927907db9203a1f7ccd5cfdbbf0216e86949The PHP-Nuke module 4ndvddb version 0.91 suffers from a SQL injection vulnerability.
b0c06604812c33ab0b2f2bdcfb94dd9f4aec1528e8a1f63e1336932d5dcc608fDirect Web Rendering (DWR) version 2.0.1 suffers from a cross site scripting vulnerability.
f28ec0ceb8f160cab1326b00711ead1f5eeaf1365e622032d55cf49a026321edWhitepaper discussing site wide cross site scripting which is a technique to make injected code stay resident in the user's browser even after he leaves the vulnerable URL.
6258e00949f5b6cb8f9e23f69428ac64474db6d9a58918e12106fc921cb6ab39The wireless client, WeFi version 3.2.1.4.1, is susceptible to local vulnerabilities due to improper coding.
7759b06a4ec6983779892e8034d7f29a2c577015988adae26db5588a88d67f14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed