Gentoo Linux Security Advisory GLSA 200503-01 - Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that Qt searches for shared libraries in an untrusted, world-writable directory. Versions below 3.3.4-r2 are affected.
6f7e109bbe41856451e1aabdc38a4679b21fde1932d7e3cd4929b8cf8732bc96Secunia Security Advisory - Secunia Research has discovered a vulnerability in Mozilla and Mozilla Firefox, which can be exploited by malicious people to trick users into downloading malicious files.
1e311c63d8be4b558dd30347f2331e3e77d02fb1d7ef57d6e54d0f2bab8c61dcCutenews version 1.3.6 allows for cross site scripting and local code execution attacks. Written in Spanish. Detailed exploitation provided.
4ff35ce512b4b2ef759eb3df6051283b61c8390c04baf6a8e1f1fd0917983380paNews version 2.0b4 is susceptible to SQL injection and remote code execution attacks. Written in Spanish. Detailed exploitation provided.
51bf414fb60238775ad6c46f6de89f8a906cc9b73db66e117e000228b3b68064RaidenHTTPD server version 1.1.32 is susceptible to buffer overflow and CGI source disclosure vulnerabilities.
d2408ee1ff18446cf63b8d9a8520baa45564e5d5ef31391519cfc4f71f2eb461PostNuke 0.760-RC2 is susceptible to addtional SQL injection attacks via the download module. Full detailed exploitation provided.
ff228d5266f09d00f7ecb498ce8a743cc901a0789fac85c7059b716964116227PostNuke 0.760-RC2 is susceptible to cross site scripting attacks. Detail exploitation provided.
1d010d0a701a78dc948367e68cb3c1b2cf778f0713be7e938785c3622cd5a20ePostNuke 0.760-RC2 is susceptible to SQL injection attacks. Full detailed exploitation provided.
68f8bf2f941aa161edee0839eaf2921c3589b5d71f4d9c4347148aed2986fff7Secunia Security Advisory - Paul has reported a vulnerability in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.
dc2d552c52f07a8de6eef6e7adc5311afd9c094db615f1d492f526bddd6283f9Secunia Security Advisory - Details have been released about several vulnerabilities in Firefox, Mozilla and Thunderbird. These can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges and by malicious people to conduct spoofing attacks, disclose and manipulate sensitive information, and potentially compromise a user's system.
8df136f298af9e87497728db570a740bac2df8912e43cf3434e1b7b0901a3a79Secunia Security Advisory - Arthur Hagen has reported a security issue in various Symantec firewall devices, which may disclose sensitive information to malicious people.
546a6e52b907409b48ee4e3fd4111d0a0707eb75b071e6e0ed345e6ef3979dd8Secunia Security Advisory - A vulnerability has been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service).
a50ea6ef7f8e9815e6c545d74e220f75b9e6689bb3305ace28c6dbee7d821adbRemote proof of concept exploit Scrapland versions 1.0 and below which suffer from a flaw where the server terminates prematurely when it errors.
ad090bf36af268fe6672741205acb833fbf3a13c5c6030bbbd25858ede859708Scrapland versions 1.0 and below suffer from a flaw where the server terminates prematurely when it errors.
07d1610b895f413ac87080ba8ba543a523c1dc9dd5fa5fadef2ced8bc1f98de9Hat-Squad Advisory - The GFI L.N.S.S 5.0 vulnerability scanner suffers from an insecure credential storage flaw.
340d3d6e729d5560c9b27c622892840879330cf30909dd6ca99d5530457b9584Corsaire Security Advisory - The aim of this document is to define a vulnerability in the 3300 Integrated Communication Platform as supplied by Mitel, that allows an authenticated user to deny access to other users of the web management interface.
975e7ff38467f1f73f0361754991c5f6a3c6b8613b59d5b5570edc6342651883Corsaire Security Advisory - The aim of this document is to define a vulnerability in the 3300 Integrated Communication Platform as supplied by Mitel, that allows a remote attacker to hijack legitimate users' web management sessions.
115de7ef495ee50d9d76e6880e5af65008e64ba19a3af0d399223d9479b4c5baphpBB 2.0.x session handling administrator authentication bypass exploit.
f1ad3ef52f9c74f3f9a07f0558a9e6d8986121cc79114d6a2edb82215cddba31poink is a TCP/IP-based ping implementation that does not require special privileges and is designed for multiuser shell systems. It is intended to be a secure replacement for the standard IPv4 network monitoring tool.
a09d8be32a08f7888d85fea76552a0608886ce6b7257855443947f62ea09c142Astalavista security newsletter number 13 - Featured articles include: Biometrics and the obsolence of passwords, Will my PC ever be secured? Part 2, Basic security concepts, and an interview with SnakeByte from Snake-Basket.de.
9ffa1036f5fbcae888d455b5742b925105d8558da31efe745f8ff5f4cb90ac94Featured articles - Overview of web filtering ; Getting the best search results - Interview with Candid Wuest, Security Researcher
af1b51ccc5fbf61c395e43f07d297154cc701e532fa18271ded3d8829bd9316cFeatured articles - Managed security solutions providers overview ; Passwords the first line of defense - Interview with an anonymous Spyware coder
fda2c8e3c5a462670164087321dc0342ed5783936a871a88bcd8717065d47b25Featured articles - Hacker's attack strategies and tactics part 2 ; Web email security tips - Interview with Prozac, Astalavista.com
d339798c50f862d55b7b7c6f846929a63f1037c65bfa9a8530de33fb1e33dff0Featured articles - Hacker's attack strategies and tactics part 1 ; Protecting from spyware - Interview with Mr. Yowler, Cyberarmy.net
8ebd03cdb717995e4d941b158ee471b13bf5281607425984113bd49c05083bd0Issue 5 Astalavista Security Newsletter
c8f7527413c71738e57d40cf466843e98783fa20164cb6e3486cae99ae19f9cc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed