Secunia Security Advisory - Some vulnerabilities have been reported in XWiki Enterprise, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
cdf67dedb37d2cc263be57fa2396f2e96004988a5c8a8954a5ff5071869752d5DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
dc08b1efa2acdffd376cece72189cb8862611ee023be690fd9a155d4b30878b6Project Jug suffers from a directory traversal vulnerability.
79006997172966b54b187c9df26903a9b90e01cf14bbbdb15c5506e62367756cMandriva Linux Security Advisory 2010-218 - Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service via a long e-mail address string. A NULL pointer dereference was discovered in ZipArchive::getArchiveComment. A possible flaw was discovered in open_basedir.
37d3774ae0de303318f0471adca3f67d29f0f7aa433586ad23ec8e9b8b0107b3The Elastix interface for Asterisk suffers from cross site scripting vulnerabilities.
3a094259a8cded44e43a66f5413a8ac6d7f4d9e204648efb752b610bda664c55The cforms WordPress plugin suffers from a cross site scripting vulnerability. Version 11.5 is affected.
1e73fd19bd42e9d6d569ea3750b2bfb41338b03125cfcacefd4f28b8adc31117Joomla! CMS version 1.5.20 suffers from remote SQL injection vulnerabilities.
c1a8027c02a7904543d3c4f495068510f261e40d351a5a4ca5cdf5ea614044bfWebDM CMS suffers from a remote SQL injection vulnerability.
21069ec0eafb5e19f8171c8a800288657d183d7c9de707d294acf9f50370a9ecMandriva Linux Security Advisory 2010-217 - Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service by simultaneously disconnecting many POP3 sessions. Various other issues have also been addressed.
595ff091e6aa58234bddf6c637804c9a21aa3bffabdfb1bf41b586ca1b7c28a7Whitepaper called SSLstrip - Hijacking SSH Sessions.
5745beeb039acdae1c1b52c5abaee2fc2df00243c3d75c72b00be26bbf9dc7ecHP Security Bulletin HPSBMA02598 SSRT100314 2 - Potential security vulnerabilities have been identified in HP Insight Control virtual machine management for Windows. The vulnerabilities could be exploited remotely resulting in cross site scripting (XSS), Denial of Service (DoS), or cross site request forgery (CSRF). Revision 2 of this advisory.
8f5634d0fde0a1ad0b01cf4f0be355b4c8a0e89cd402bbb6c45fae9ab16bfdc3Whitepaper call Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation.
731108acfa98e373bcbbecc7bde0ae45936a7487deb43212ee1c90225166071diptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
7544e437d2222078b15e6cd063b521c6f1ec4dac49e6af9ba3bfece2a6a93445Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
d90002b0e8944f4180373523d324d99075e30a5b373cf66771f1f9c1da3283c6Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
20601c0466034cc250ded1a16d737451cfbe05fbcaf4f667ff25fe004bd1340eWhitepaper called Oracle Penetration Testing Using the Metasploit Framework.
5f83e34bb9fafd4e3e942567202ceb11434ef372ffb87749583ed54f98922e90CYBSEC Security Advisory - Front Accounting version 2.3RC2 suffers from multiple cross site scripting vulnerabilities.
efa6ac5b099063be47c0cd241b664a1a44b372f719388710cb7a20410e240299Whitepaper called Weaponizing Wireless Networks: An Attack Tool For Launching Attacks Against Sensor Networks.
c859b76bf4708da35aa34cb42017fa87e93cd3b846c3c42a7bbf3454cc857b6eWhitepaper called DTrace: The Reverse Engineer's Unexpected Swiss Army Knife.
968e7ac92d1f5d154cc3f91794a6fb1b8e8e6e0ea781452fa6204c52a857407aWhitepaper called Enough With Default Allow in Web Applications.
a402c62a351e33f918d7dc2a7fee65724f61d30dba91b99ef72c34678f7e283fWhitepaper called Intelligent Debugging and In-Memory Fuzzers.
cfc1b0b99e77a91f3c6b2cd9dcbb873fb94901080b19135447424e67b0a48446Whitepaper called Software Fuzzing with Wireplay.
cb44053cdc8d9fc90df948d6e5bd037aa99b3e841a178cf7781cf006a23c4dd8XAMPP versions 1.7.3 and below suffer from cross site scripting and file disclosure vulnerabilities.
5074d9a88205305ade7bae520a91f91ef678952b22e07c1a77236a103c0faf43HP Security Bulletin HPSBMA02607 SSRT100214 - A potential security vulnerabilities has been identified in HP Insight Control for Linux. The vulnerability could be exploited remotely to allow cross site request forgery (CSRF). Revision 1 of this advisory.
33f22963c0e27499e6f436f7c38c4463582cb0cd03bbccbe536a2a3596d8de2dstrongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
0b3e461e185dea0e9e029574a0d97f44bc82fad91e8a5cfb3112cdc1879bad57
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed