Synnergy Laboratories Advisory SLA-2000-16 - Synnergy Labs has found a flaw within Master Index for Linux/UNIX that allows a user to successfully traverse the filesystem on a remote host, allowing arbitary files/folders to be read. Exploit URL included. Fix available here.
a23909da35478f6a2095d6d342fb63d5f4accfbcc2879f4add37f28616e828c397 bytes small Linux/x86 reverse tcp shell shellcode with no NULLs.
6801867647c5ecbb5ecf15fe7b1a8a49fcccea11b3d22d816db0d2b742be766c21 bytes small chmod 777 / shellcode.
f084a88e9abaa409f286d6479e022b0cdd812c3a196ea7f9be00c6b654820eb5Slang Media Group suffers from a remote shell upload vulnerability.
61c1d727c518f81b93a815a9c97f5692be7d46ebae32f7f1f5ce839f9a7092aaSlaed CMS suffers from remote code execution vulnerabilities. OpenSlaed version 1.2 and Slaed CMS versions 4.x and below are affected.
60fed3b05ec97637ccc2352accc1d71142b4a7d67845e30cdb90cdd1fc5dd758SLADS CMS suffers from a remote blind SQL injection vulnerability.
1181a6378cdbd8c699f00da9336a6ab7e0f7615782e38c9172c9bed29e568158InfoSec Institute security researcher Alec Waters has just released a new article on SLAAC Attacks. The basic premise is to use the default network configuration found on all Windows 7 (as well as Server 2008, Vista) installations to intercept and hijack all network traffic without any user knowledge or interaction.
e1c03a921b59cbcd99bb1635a0ef48f9cb08480612e4b545e77fedf777b7cdabSlaed CMS version 4 suffers from remote file inclusion, shell upload, and other vulnerabilities.
b03842dce48333f95f84a3e7c4c7b03388ea883b39749a1a5fa6bf4a7193bfbaThe Arabic version of SLAED CMS version 2.0 suffers from cross site scripting and backup related vulnerabilities.
1b5f266412210a6fc519b330f13ee674bea02e443a4009a2cd0dd7a50e2cf3ffSlayer version 2.4 skin related universal buffer overflow exploit.
92e18cc23172a6658e6dd445b347a9a5b8f3bb6c5b839e03fcded7e09781b775SlackFire is an firewall script implemented with iptables. It is completely configurable via a CLI, as all configuration is performed via configuration files. It supports all kinds of packet forwarding, including NAT, NAT with port redirection, and forwarding to machines with routable IP addresses. The configuration files are heavily commented, and messages in the log file are as informative as possible.
def2a24655e984a0d8d8a6ef179909ed8a952ecef095fa1f7042b15b22f55facSLAED CMS version 2.5 Lite suffers from a local file inclusion vulnerability.
af400b87370b956274750ff712748b1b64e9a1745e6ac4676cce456d143ac66aSLAED_CMS_2 suffers from a remote file inclusion vulnerability.
8bdf179637bfe3e3e2e646fecba4d7f699db347129c7603f7692d635f1d98211Due to insufficient sanity checking, SLAB500 suffers from arbitrary file read and full path disclosure vulnerabilities.
c8283285aefa40bf1a23e474f42d3e425a89f332c06952c023e0683e1409899dSystem Local Audit Daemon can run standalone or managed by systems like IBM-Tivoli, HP-OpenView, or Nessus to perform local security checks. It runs on the target hosts and enables them to call security tools like John the Ripper, Tiger, Tripwire, or a virus scanner via a unified XML interface. It is part of the BOSS Project.
49144aaa097f8d0f0c2697e4989e92d751c5a10db6c89eff5cf883382c58ab22Slammer binary for SunOS. If rpcinfo says they
d909a3b96414ea3e1013739c0c1be9d8717edc805a06aff0e3e518cbbc5ac09cBBS Slang
0116ece81e0ccddf09b966f728482c729498f303a94c5f32195f2fec777ccb38Slackware 8.0 local root exploit - Creates a suid shell when "modprobe lp" is run from the startup scripts.
b8b095012e691aba701cd6577f74f4427437ebc53c5be9b4cc9758dc3d3cfeebSlackware 8.0 and below ships with /var/man/cat* chmodded 1777, making it vulnerable to symlink attacks. This exploit creates a suid shell with the UID of the user running man.
0fb25cf68a4fba71eceef2ca23db4efbe592af7e1416b2d13051e5e4b6990a46Slackware Security Advisory - Pine 4.21 and below contains remote vulnerabilities. Upgrade to at least Pine 4.30.
9b969c6ac82ffea290161611e9b42207e6f66a62f417de73c296ad690c63b908Synnergy Laboratories Advisory SLA-2000-17 - A flaw in Linux/UNIX Anaconda Foundation Directory, a yahoo style search engine based on the Open Directory Project allows remote users to traverse the webservers filesystem, allowing arbitary files to be read by appending a trailing NULL byte in URL encoded format. Exploit URL included.
114471e6a48ade395cf5dd9910cfbb9ebc5b97960e372c164656001a5ddd2840PHPix, a Web-based photo album viewer written in PHP has a vulnerability which allows remote users to traverse directories and read any file on the server. Exploit URL included. Fix available here.
e4419820f11faed3b78317f5462ba2159447f498e8b203f34e98a29ecac583bcSlackware Security Advisory - Wu-ftpd version 2.6.0 has a remote root hole in it. Upgrade to version 2.6.1.
f4c05db6315d143fbaaf2f0b26c1d45ca2251c59d6c6289431c39597f229591cSynnergy Laboratories Advisory SLA-2000-14 - The BSD/Linux telnet client has a stack overflow which is not usually a security problem, except in the case of a restricted shell environment which allows users to set environment variables and run telnet. Perl proof of concept exploit included.
edc44b44131a6f19bee4f950cce7723477469f167ee3406d25923487214db406Slackware Security Advisory - Xchat has an input validation bug which allows remote command execution.
30dc8aac1f0ccab4ffb1e0ba8491d2439abe3a70956951c5f2cf47f52ecaed0eslackUp is a Slackware auto-upgrade utility. It will download upgrades to the programs you currently have installed on your system from the slackware-current tree. No user interaction required. Just type the command, go for a coffee break, and after a reboot, your system should be upgraded. Until the Slackware team comes up with an official auto-upgrade utility, slackUp will hopefully help fill in for it. This will make your slackware system much more secure.
3f286e777b0746bd01c925bbb30f98d7dd8404f6427d0f54a2afb4d7fa31bba1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed