Secunia Security Advisory - A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).
51df86400ac6e4ba4cf2f0486348bb50db20f2f3bdc9cc74bdbf00349fd04e28sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.
3c24955ec014ce95d653b0dc141b0bb3bd940d7d9792bb6de87c749c6713f04cHP Security Bulletin - Potential vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to create a Denial of Service (DoS).
24e9ab21d155825746e419691638212fef904412f9ddab853bbcd9792bb4fefcelite CMS version 1.0 suffers from a remote SQL injection vulnerability in index.php.
7ca0353948d5eef1d3a0b53c23ca281ed7d3c7d9f24f29d0794b408dbb811f04Mandriva Linux Security Advisory - Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK. Please note that this issue can not be used to discover the PIN on a card. If the PIN on a card is the same that was always there, it is unlikely that this vulnerability has been exploited. As well, this issue only affects smart cards and USB crypto tokens based on Siemens CardOS M4, and then only those devices that were initialized by OpenSC. Users of other smart cards or USB crypto tokens, or cards that were not initialized by OpenSC, are not affected. After applying the update, executing 'pkcs15-tool -T' will indicate whether the card is fine or vulnerable. If the card is vulnerable, the security settings need to be updated by executing 'pkcs15-tool -T -U'. The updated packages have been patched to prevent this issue.
ba09b1a1c5d45943d35cfa80f8251de261f5dd57c0789098f49d62d5b8012873Mandriva Linux Security Advisory - Rob Holland found several programming errors in WordNet which could lead to the execution or arbitrary code when used with untrusted input. The updated packages have been patched to prevent these issues.
11ab96f9d53f08818b66ce21c11dbd8db246d6cbc6451a0422a398a005157de2CS-Cart versions 1.3.5 and below suffer from a remote SQL injection vulnerability.
c34743899f62cb832bb5555cff30c0fb0ef5563bbccf281f5f5a8afb277cecfaHP Security Bulletin - Potential security vulnerabilities have been identified in HP-UX running Netscape / Red Hat Directory Server. These vulnerabilities could be exploited remotely to allow Cross Site Scripting (XSS) or to create a Denial of Service (DoS).
bd7394d35cf0e89fe4a7e7344695f9d44a8db4a602707c66b764f0d68e64afa4The Softalk IMAP server version 8.5.1 is susceptible to a denial of service vulnerability.
5611130875b5d83f2966976bf8bc3e007c779dad975edd95df7f87e34774cabcPsbot is an IRC bot written in Python that allows for remote command execution, connectback functionality, and backdoors to be spawned.
19b5101f1c3bdf98f9f2f07a8b9f2bec6d802f32d23c11cca99b5a7b568b20c9A tutorial written for newbies who wants to explore the m4d l33t world of SQL injection and have yet to even learn basic SQL commands.
c0a7f60cb48c9552397f1e532902b4520e369df3e949149b7d57db9e5e391b32AJ HYIP ACME suffers from a SQL injection vulnerability in readarticle.php.
48ddda254e74de9fc970da1f11cd53cb12ab12d3245924810d6ae076285cc8ceAJ HYIP ACME suffers from a SQL injection vulnerability in comment.php.
3f315d9cecc325edacfbaf3581ff991d0aa1938318cd405c6b612e92aa1baabaUsing Nmap, it is quite simple to perform a FTP bounce attack to port scan using the ftpd in Kyocera's printer model FS-118MFP.
c299acd863cc8ce32930a99e8c048a8d421ffc84f47a97c58db3b8894343e64cUbuntu Security Notice 639-1 - Drew Yao discovered that the TIFF library did not correctly validate LZW compressed TIFF images. If a user or automated system were tricked into processing a malicious image, a remote attacker could execute arbitrary code or cause an application linked against libtiff to crash, leading to a denial of service.
7425ed6ce5a705daa62cf3c489f5af480a0daa6f5c020b5c007d7196b3cb683cReciprocal Link Manager version 1.1 suffers from a SQL injection vulnerability.
2bb3a40350501459ffde6c0d06558c6849dea1708e56eec4064434a7d4ffc54cCoupon Script version 4.0 suffers from a SQL injection vulnerability.
a6b324dd31358b9e948100994b00658c1ab2af2f504573d0d6ec1e54dceb3370Postfix versions 2.4 and above when used on the Linux 2.6 kernel suffer from a denial of service vulnerability.
f320271050cde8f2437f06d2143b83f4409ae88a25a2a4ad510f5208a72c5243This is the IETF Internet-Draft entitled "Security Assessment of the Internet Protocol version 4", which is heavily based on the "Security Assessment of the Internet Protocol".
0f89100a070e0ace98c2f792a2e4cd5cbb04302b6669f80341ba345815d8dcdbThis document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP.
61b14f84224795032551d1a5e2ebfe45a4f86868563581fff491e9408e636381BizDirectory versions 2.04 and below suffer from a cross site scripting vulnerability.
4aaab9425f330a9a505492e0efe74debe0361f837d4e414275b6ab76190c5af73vilsh3ll is a remote backdoor that shuffles a shell back to a remote host when hit with an ICMP packet that has special settings.
a4a668163c7e61330d54c7d954f4e67c8d4b0cf20bf7c6186e755e7be503d257Debian Security Advisory 1634-1 - Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application.
52ff5570bb0a9bdffaa2f6f311596edcf3dba0c7efbe96a3017e88abc0899e73Debian Security Advisory 1633-1 - It has been discovered that Slash, the Slashdot Like Automated Storytelling
aa596c277a1df042166288297fd5d8bd5af2fd57e32c758d656a123f62556a02MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
52b05d506f5c9470f24b899f42e7a4c98602cbe6e3a38e443fb9e1cd142e6eea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed