Cisco Security Advisory - Cisco RVS4000 4-port Gigabit Security Routers and Cisco WRVS4400N Wireless-N Gigabit Security Routers have several web interface vulnerabilities that can be exploited by a remote, unauthenticated user. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
6b4b4001597fa9f57b57ab89c6a63a8d46be1b90e97b71fe1bd90c4cf53e75c6Cisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System (Cisco CDS), contains a vulnerability in its web server component that could cause the web server engine to crash when processing specially crafted URLs. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
6cb9ce2c097b9a758a4ae01c01194219e532506c121678b7559349ee9c251344Debian Linux Security Advisory 2242-1 - It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in place.
f37324dcc067286882e574ec8915f95149ac06b8464188d28a9c6684f2be52e4Ubuntu Security Notice 1136-1 - It was discovered that rdesktop incorrectly handled specially crafted paths when using disk redirection. If a user were tricked into connecting to a malicious server, an attacker could access arbitrary files on the user's filesystem.
ebce6c817bd2bcfae813dc2229b4d0307bf51191961d75e66134340473967ee4Ubuntu Security Notice 1135-1 - It was discovered that the Exim daemon did not correctly handle certain DKIM identities. A remote attacker could send specially crafted email to run arbitrary code as the Exim user.
53826affe70ab5b8f32b22d9e0b121325db32ab7b83f1513cc66b90200261ecdThis Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more.
9aaa651e706fe0c4c2cff95879d614cdcb9791e5120cccc527fcb82922d76fc8strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
88eeebfe9df6d18f320f396c7236f907e7a34c27f8382c7ce6e4239a7ecce31bThe OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
d9d6180b7b22fe7cf624753c4bf2dc400da1e1aa6ef30d21358e3a3e2a5c9c14Debian Linux Security Advisory 2240-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
e80a5985f8ab30d0e1b27069f1a8ac244b9edc0a3bb35aa75124e26c94b75e19This whitepaper describes a timing attack vulnerability in OpenSSL's ladder implementation for curves over binary fields. They use this vulnerability to steal the private key of a TLS server where the server authenticates with ECDSA signatures. Using the timing of the exchanged messages, the messages themselves, and the signatures, they mount a lattice attack that recovers the private key. Finally, they describe and implement an effective countermeasure.
a639445448cf4d50a71d847a0554fa7ab0640e8c63cc63998bd97f803f5b3b40Secunia Security Advisory - A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service).
fa22346a655a7c732c704bed8ec712950d8e1e333a0cea4995a2a1081504da85A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.
6f0d10f78695697be08aaad71f69ebf5932985db42e1fc464f2a06ce15f1d538A local file inclusion vulnerability in eGroupware version 1.8.001.20110421 can be exploited to include arbitrary files.
07ccc0d9a68de349319a1eceb37a6094b2810ad1e924bc4870669646a7b55753An open redirect in eGroupware version 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL.
b4a29e3964e1d7bd72995d10043cf6c74cf999a044fb3fe26884221a0473da93DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.
0dab2e10f9c2cb2d1363b51284e9616725f85e84aea58719848f41626fa894d1Ubuntu Security Notice 1134-1 - Maksymilian Arciemowicz reported that a flaw in the fnmatch() implementation in the Apache Portable Runtime (APR) library could allow an attacker to cause a denial of service. This can be demonstrated in a remote denial of service attack against mod_autoindex in the Apache web server. Is was discovered that the fix for CVE-2011-0419 introduced a different flaw in the fnmatch() implementation that could also result in a denial of service.
33d0bcbf01e80fbf4f6e0b746d2ea03df29467c9bd9d72f3c02f2b79dfede4f4Debian Linux Security Advisory 2239-1 - Several vulnerabilities have been discovered Mojolicious, a Perl Web Application Framework. The link_to helper was affected by cross-site scripting and implementation errors in the MD5 HMAC and CGI environment handling have been corrected.
32a0b722e699971999dfac760e81d5ed750b47e2f3773d75c1d7af752653e626PHP socket connect() stack buffer overflow proof of concept code.
6abcba91bf7177e20f4ef770653563e589f25adaafe8dc216b107fff5b5e35b9Secunia Security Advisory - A vulnerability has been reported in Vordel Gateway, which can be exploited by malicious people to disclose sensitive information.
bbf9b946747ff2c4e74f8a13893f385cf6eb0fb986191a2e6465daa120d21b7bSecunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
3c5fde1929cc78f8310fb171a37fcc12487b03321c43fb7e87ce6832e46a725bSecunia Security Advisory - Fedora has issued an update for libmodplug. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
677187a5445b106b2b63f434fc97365e36f004623734924802e9cd15e17cfc36Secunia Security Advisory - SUSE has issued an update for rdesktop. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
be76f702ecd7cf0a6e8467e79b6646856fd8a202cadbfdac466fc8d10e5e2eb4Secunia Security Advisory - Ubuntu has issued an update for apr. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
34f14a6b411912a4db5433626bb325d85924a0628c1f0c64b8e24ec2995ebef6Secunia Security Advisory - Debian has issued an update for qemu-kvm. This fixes a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
fbd93a9507a162808eda982ef8c09f455d8e8c7a4e0408322fd4d2c0383ffffd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed