Proposals are solicited for workshops to be held in conjunction with ACM CCS 2009. Each workshop provides a forum to address a specific topic at the forefront of security research.
88ac32a4513f06c60189acfe263d9806f225b37575f41d3e8e55ecafb80c8498Call For Papers for Troopers 09 - This year's Troopers edition will be held in Munich, Germany from 04/22/09 through 04/23/09.
1bdae3f6c3485a03fb4d95711a4fef46a31a8eb696a54c349e4b260c4e21af78FreeBSD Security Advisory - In order to prevent environment variable based attacks, telnetd scrubs its environment; however, recent changes in FreeBSD's environment-handling code rendered telnetd's scrubbing inoperative, thereby allowing potentially harmful environment variables to be set. An attacker who can place a specially-constructed file onto a target system (either by legitimately logging into the system or by exploiting some other service on the system) can execute arbitrary code with the privileges of the user running the telnet daemon (usually root).
8fd5f35be1f357357d7faa04aaf55fefca25b625f49ea0f157d81958e7d9b0a6Ubuntu Security Notice USN-722-1 - Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.
26888ffa441a8f7d7d57f9182852691fd49fdff85cc9378a1e342fe8ef67fc38Ubuntu Security Notice USN-721-1 - Marko Lindqvist discovered that the fglrx installer created an unsafe LD_LIBRARY_PATH on 64bit systems. If a user were tricked into downloading specially crafted libraries and running commands in the same directory, a remote attacker could execute arbitrary code with user privileges.
9a3ffc11b9e5c924f6d6db339a4f5402ca2c1e29a7a4764fbb7d2eb927c355f125 bytes small Linux/x86 shellcode that performs setuid(0) & chmod("/tmp",111) & exit(0).
70012b6a9f63a1fbd31046b9774d5fa74262f66480c9c829e6a5af1480c0cd48Mandriva Linux Security Advisory 2009-041 - Security vulnerabilities have been identified and fixed in jhead. Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash). Jhead before 2.84 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename. jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. This update provides the latest Jhead to correct these issues.
ec03dde18fba49ba3c5a579afa29b6ff1c75dc1ed6f2fc7e6db863639c69172bMandriva Linux Security Advisory 2009-040 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory. This update provides fix for that vulnerability.
7e29c33e5353157868092f0dbeea2b284255d91607df1eda453c666f1ce8fa41Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
de0d28fc7164b70da593dfc37665e09f6b253e8db5fdd20f21b590ea56184ab3pHNews Alpha 1 suffers from a remote database disclosure vulnerability in genbackup.php.
a2cbfa10e68b0a9f1c49b967c1aeb01ea423ad03813f51b0da48d20fcf6e96a9pHNews Alpha 1 suffers from a remote SQL injection vulnerability in header.php.
6ec7a36bc2f0da5725d4bfa6053d567f941684bfe5f281586f21aa9317161f68S-CMS version 1.1 Stable suffers from insecure cookie handling and page deletion vulnerabilities.
a8a83dc86698b9c2a8f66081ffe259500b74125f1ed9082b3884c8f3d11564dfGrestul version 1.x suffers from a remote SQL injection vulnerability that allows for authentication bypass.
dc7ffd268101ab6a5796ae577c5f031beb6cf547b91fe53d77e86daff1d1bb2cThe SAS Hotel Management System suffers from a remote shell upload vulnerability.
adce8906e70141e31297727df259b698a4961dae44c7fb2d6a3f21a3b80f4155Secunia Security Advisory - A vulnerability has been discovered in YACS, which can be exploited by malicious people to compromise a vulnerable system.
9f6acdb5d9e6dfa664abd49f4e9a8128173c28dadee3247735acf3ba1fa815a8Secunia Security Advisory - nuclear has discovered a vulnerability in IdeaCart, which can be exploited by malicious people to disclose sensitive information.
de9512265b9acf4ad01521aa7719ea45e486912584f3163e3912e5aa6abd8b7fSecunia Security Advisory - DarkB0x has reported a vulnerability in SAS Hotel Management System, which can be exploited by malicious people to conduct SQL injection attacks.
d492424f48a65ddecb937b220e9d5ce6ffcd9ead37fa5b0ef5bb44044cb4377cSecunia Security Advisory - Osirys has discovered a vulnerability in BlogWrite, which can be exploited by malicious people to conduct SQL injection attacks.
d20af9677f6557c2fe6e84ab5851f46937f7d23998e0ffb78a640d0836201d3fSecunia Security Advisory - A security issue and a vulnerability have been discovered in Falt4 CMS, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
6478673ca1367ac2ea5985a91ce04bcabd6b7aacafc0ccdefe4f09128b2755e5Secunia Security Advisory - bd0rk has discovered a vulnerability in ea-gBook, which can be exploited by malicious people to compromise a vulnerable system.
3178392f66295f855a91da59b12c8296275fe87d4dc9f60216c1418064fd2a34Secunia Security Advisory - brain[pillow] has discovered some vulnerabilities and a security issue in NovaBoard, which can be exploited by malicious people to conduct SQL injection attacks, disclose sensitive information, and bypass certain security restrictions.
38a5aa44c6124c6e74929e0d7f5fcd403d0714b61dff1138d5c7b9881bd0f0d3Secunia Security Advisory - Some vulnerabilities have been discovered in MemHT Portal, which can be exploited by malicious users to conduct SQL injection attacks.
2f34cf6a1f0a316cbbc8a26f6f320ffda82fb077c058536889d712d705d92e7dSecunia Security Advisory - Dejan Levaja has discovered a vulnerability in Openfiler, which can be exploited by malicious people to conduct cross-site scripting attacks.
6fc70d7bbde5e28d8f8e45c42f8cd29b045e8e28a3c374a0ed32084fd2facf9cSecunia Security Advisory - A security issue has been reported in WikkaWiki, which can be exploited by malicious people to disclose potentially sensitive information.
e3fa4d0a83a2ca1100d775912536511fe8613eb636e4a54d1913974f6aa4b161Secunia Security Advisory - Sam Johnston has reported a security issue in Enomaly ECP, which can be exploited by malicious people to compromise a vulnerable system.
b6fd3dfd727d32d52794062ca63fd0f7614875ec8425ea6a05ac72738c2cf99b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed