Secunia Security Advisory - xl4nothing has reported a vulnerability in the Personal Sticky Threads add-on for vBulletin, which can be exploited by malicious users to bypass certain security restrictions.
b7a3bdaa16a75b1cfc487425e0fa5600611a6e9a794f9d2f033b4d3207b7c06eSecunia Security Advisory - Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to compromise a user's system.
2607b59f1ceee4fd6934e60e66dc9a2a33d0a5ecb959f3697207cbdf71c94a5eSecunia Security Advisory - ahmadbady has discovered a security issue in PollHelper, which can be exploited by malicious people to disclose sensitive information.
fa9dd48d7322e9a3c0a68434c8aad7d82b4b009f2983f33f9a64287182c33f65Secunia Security Advisory - Red Hat has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
747dee0b12f3b05f98f52658eb3833042289a048ba53821d4df65cf078788a1cSecunia Security Advisory - ahmadbady has discovered a security issue in BlogHelper, which can be exploited by malicious people to disclose sensitive information.
82b9de51f795bd1ab4d3315829091223c484bc60793a77717d598f78089347fdSecunia Security Advisory - A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to conduct spoofing attacks.
d7970ace50544d5a0df0d64631aa1b12a93e3de04b1a9d8c06cff1ebed891e2fSecunia Security Advisory - irk4z has discovered a vulnerability in Joomla!, which can be exploited by malicious people to disclose sensitive information.
ec31297ec28fc70f250870508a37bb802a91737709b1bdf2ff6497cb2df4ee25Secunia Security Advisory - Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
7687a20a85b68faf290b671ee2948b52686d818c083ed2b25c8f08f1fcf20e6aSecunia Security Advisory - Red Hat has issued an update for xterm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
5b0eef7151baf89e39e4f2b032b95ec73d4ee9efdebbf2fd7b11bf36875b2242Joomla versions 1.5.8 and below local directory traversal exploit.
b373415c4b5b8f47227a38c016f5a75742c255f163420ceba814d87f65e6db17Cain and Abel version 4.9.25 that outputs a file that must be imported as a configuration file under Cracker -> Cisco IOS-MD5 Hashes. Spawns calc.exe.
dfdf780499b9dafc44404d53c771a9894f588991d4e7ab8053396d28b706cfa8PollHelper suffers from a remote configuration file disclosure vulnerability.
6773d5edbe7cf8cb506fb664714c0bf356f5423ea81348886da6dec1b066a3e4BlogHelper suffers from a remote configuration file disclosure vulnerability.
e2915fe34f15fe9495dae55ae6194910ea77c2594a1c900d7ac5397df6c83c17Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences.
bd28e9c06f2e2a1a0f5ffca0f09dbbcde34b410e66ca333d4ea91a8dccfbae12Ubuntu Security Notice USN-701-2 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine.
b6cca8b4a0ada9843a17cd60ca12f09f4ce7f003175d38b562b60e18b3b1077dUbuntu Security Notice USN-701-1 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine.
bde8c1eb9e592f8207701c4d7555f829f5c7f296cc697e00576cf9a67ec6ba8cIP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.
2df257f16e934c0b0ebdd808b921e1439e1440cb8955bf5fae611757f531c71cDebian GNU/Linux suffers from a XTERM DECRQSS weakness that allows for remote code execution as the user id viewing the content.
2cf126cfa15a92ef06cfb3ec5e1789cbdc1db4514c80b724ea3ff5178539d03dThe Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
3ddfd63687c1c9b617f2d29e57e312f5f8a39b9163539a30fe13d12a8bac172bplaySMS version 0.9.3 suffers from multiple remote and local file inclusion vulnerabilities.
642b8b764429de1bb2fe7e7cb94f5789dd39e15504435dc2f915b0b7d5711f82Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL injection exploit that grants DBA access and creates a new user.
7b1b3f8b6e6da4321cb611707efc11a5823a38e94127e1305f135839082efcb6Oracle 10g SYS.LT.MERGEWORKSPACE SQL injection exploit that grants DBA access and creates a new user.
b65150ef13b30d9109725e159bd6bdfdf6423220d0ca97792f5eb9706fc36b23Oracle 10g SYS.LT.REMOVEWORKSPACE SQL injection exploit that grants DBA access and creates a new user using the advanced extproc method.
ea61089df359285afd1a484fd49e098b65fabb8415b8d5b2b17a538099bdb2abSeaMonkey versions 1.1.14 and below denial of service exploit that leverages a vulnerability found in September of 2008 for version 1.1.11.
145924eb21eb6a75847285f17724c7bbf7cd1e95415ecebf4e4bface10e60fb1IT!CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.
92ea90cc0beae1cb44193d88f1242ac0c172d1c6254e69e9b157a29e6bb3b590
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed