Secunia Security Advisory - A vulnerability has been reported in Novell File Reporter, which can be exploited by malicious people to compromise a vulnerable system.
f2d96cb20ed235e1198afd2ba0a79910ec27fab4f434a161c837bd255f6deb37A SQL injection vulnerability in Graugon Forum version 1.3 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
3bcecefc8d0994b2b9a59c8df53e1886cb57d1152b8f0e4a5b5c142041702ea0A reflected cross site scripting vulnerability in eyeOS version 2.3 can be exploited to execute arbitrary JavaScript.
819bd7630294e169d5d52bacf0e632582fa148a63cfbeb6d1d2c6bfa6153092ceyeOS version 2.3 suffers from a local file inclusion vulnerability.
0427304632368ff5ec4f1b561216ab1c3e6ed8d58a7d7be7cd857ffdc05b3ce3Ubuntu Security Notice 1105-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. Dan Rosenberg discovered that the socket filters did not correctly initialize structure memory. Dan Rosenberg discovered that certain iovec operations did not calculate page counts correctly. Dan Rosenberg discovered that the SCSI subsystem did not correctly validate iov segments. Dan Rosenberg discovered multiple flaws in the X.25 facilities parsing. Alan Cox discovered that the HCI UART driver did not correctly check if a write operation was available. Nelson Elhage discovered that the kernel did not correctly handle process cleanup after triggering a recoverable kernel bug. Tavis Ormandy discovered that the install_special_mapping function could bypass the mmap_min_addr restriction.
904a543705cc638bbca74057089fec2151fbc499e81f85373bf328d0ed447cb3PHP-Nuke version 8.0 with the Surveys module suffers from a remote SQL injection vulnerability.
317c146f01fb82b7b69471faf89989470fbe8e2c070464674213164d5b50c983Mandriva Linux Security Advisory 2011-066 - rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service or possibly execute arbitrary code via malformed data.
3165d174351e14344f1321446aeaa3c291878901d3af7e9c605b732a8f6f04a1Secunia Security Advisory - AutoSec Tools has discovered two vulnerabilities in eyeOS, which can be exploited by malicious users to conduct cross-site scripting attacks and disclose sensitive information.
32854d7e9eee18aa53a3d012aa3f39644408f459fc8c832f1206b38fc29e610bGoogle Hack DB Tool is a database tool with almost 8,000 entries. It allows administrators the ability to check their site for vulnerabilities based on data stored in Google.
6e30996afdb233587e5c3eb2face3f40130ca442e0bbd0dbf5bd04b33b95dff9Secunia Security Advisory - Michael Brooks has discovered multiple vulnerabilities in yaws-wiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
40057cc5dc8dcebb5993068f826db02ab5ea854f652a85be62930873dbf3fec7Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS.
f95715ca8d6c4993b4bbdf2c5c9b730cc58da48514d0f8fc8836d1a2b8132257Mandriva Linux Security Advisory 2011-065 - Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
ddd7092fc719230ad39aafb4df1ca804827100c4f41a22bd0c33e573caa8e096TutorialMS version 1.4 suffers from a remote SQL injection vulnerability.
05dc88cc41754a5b425398dbff864e6b5d579f95a6559c9bfbdc906f75486443HP Security Bulletin HPSBMA02652 SSRT100432 2 - A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in information disclosure. Revision 2 of this advisory.
626e66ddb606a622e746f8f628f047dea9ca421a30b5dfe761f7b8a05dc1dbebWhatWeb is a next-generation web scanner. It recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, identifies version numbers, email addresses, account ID's, web framework modules, SQL errors, and more. WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability.
64994ec364de188192918e15c09cd01c62c3b8d080e9777b5d785d7f55d509dbThis Metasploit module exploits a vulnerability found in IBM Lotus Domino iCalendar. By sending a long string of data as the "ORGANIZER;mailto" header, process "nRouter.exe" crashes due to a Cstrcpy() routine in nnotes.dll, which allows remote attackers to gain arbitrary code execution. Note: In order to trigger the vulnerable code path, a valid Domino mailbox account is needed.
58a0109fc5ef5bec16039ceb68600f3e20fe6be1a9d5c1104237dc5b1f0cde5eThis Metasploit module takes advantage of a trust relationship issue within the Zend Server Java Bridge. The Java Bridge is responsible for handling interactions between PHP and Java code within Zend Server. When Java code is encountered Zend Server communicates with the Java Bridge. The Java Bridge then handles the java code and creates the objects within the Java Virtual Machine. This interaction however, does not require any sort of authentication. This leaves the JVM wide open to remote attackers. Sending specially crafted data to the Java Bridge results in the execution of arbitrary java code.
0b7ab4865dc9886b7d46ce4b5433ed01d7157a9568397fc5d7d07dd4d712244f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed