Debian Security Advisory DSA 873-1 - A security vulnerability has been found in Net-SNMP releases that could allow a denial of service attack against Net-SNMP agent's that have opened a stream based protocol (eg TCP but not UDP). By default, Net-SNMP does not open a TCP port.
9aa6dbf080cb28f2fee621dcc02f30c19d7558c9d96fa1185808d8c65a397b54Various Techno Dreams scripts are susceptible to sql injection flaws. Proof of concept examples provided.
366fb83d32315f71627422a527b6480b8afc654f0ebe44f9173576308a730e15Secunia Research has discovered a vulnerability in Mantis, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the t_core_path parameter in bug_sponsorship_list_view_inc.php is not properly verified before it used to include files. This can be exploited to include arbitrary files from external and local resources. Affected versions: Mantis 0.19.2 and 1.0.0rc2. Other versions may also be affected.
9bffa4eac73d1c9558283150c0455ab3a80cf530a7ad18fdfa75a7a20f03f5d7Woltlab Burning Board info_db.php is susceptible to multiple sql injection flaws. Versions 2.7 and below are affected.
56555ebbf2731c32a918087c5f649bb3bf7d5b0cf6337ae6f829abf8cf554618MyBB Preview Release 2 sql injection proof of concept exploit.
803c051a1a45e4ab44b58c7c24729ab0b562c9cc412b25125e210bed72c2dc19PHP-Nuke is susceptible to cross site scripting attacks.
7d26a61ef6f2ad7823422e467d0666ed5a5618f7a4980bb9f719510f18948a95A vulnerability in CHM Lib (chmlib) can be exploited to compromise a user's system. Versions 0.36 and below are affected.
49d8a7ab0c84e8e1cde8454aee0dfc62cce1221e25adec5296d00e2a3dfcce84Flyspray versions 0.9.7, 0.9.8, and 0.9.8-devel are susceptible to cross site scripting. Exploitation details included.
0bab5f01b7c758426334bbe468c48da3450971005b0015fe8140d3acfbc45c89StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
fbc421f4251b05aecaeb01f939302594c2a7090f9d731b7f6872c015173cd659rum version 0.9 - A one process tcp redirector with sockfile support, the ability to listen on multiple ports, and to offer statistics. Written for 2.6 kernels because it uses the epoll syscall.
32c3edde06a293057867fdded3e39d730690c46d67a13e13574511b156a6f776SEC-CONSULT Security Advisory 20051025-1 - RSA Authentication Agent for Web 5.1 is prone to a cross site scripting vulnerability. Please note that this is issue is different from CVE-2003-0389. Affected versions: This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents greater than 5.1 may also be vulnerable.
2d40e47e26366a81608e58eb701e131d921abb75ec18f1bc0763fd4b69a57ad9SEC-CONSULT Security Advisory 20051025-0 - The Snoop PHP web client is susceptible to a remote command execution vulnerability when a specially crafted URL is supplied. Versions 1.2 and earlier are affected.
3d4b8192b526f1b4f047163bef662b30bca31b99670048e5fedfcec7d1e728d6The EADS/CRC security team discovered a flaw in Skype client. An attacker can send a specially crafted packet that will trigger a heap overflow condition and execute arbitrary code on the target. Hence, an attacker can gain full control of the target. Conversely to what is written in Skype's advisory, remote code execution IS possible. Affected Versions: Skype for Windows - All releases prior to and including 1.4.*.83, Skype for Mac OS X - All releases prior to and including 1.3.*.16, Skype for Linux - All releases prior to and including 1.2.*.17, Skype for Pocket PC - All releases prior to and including 1.1.*.6.
e93d8fd75218f31f2483406d0a40ae79acef27d04dad057c3765abe31596a130SparkleBlog is susceptible to HTML injection flaws that allow for cross site scripting attacks.
e14a0296a68e3f24127264f8acf3106e7ac65ab6441d61321f68ebed0a7a2e86PHP iCalendar versions 2.0a2, 2.0b, 2.0c, and 2.0.1 are susceptible to a cross site scripting vulnerability. Exploitation details provided.
9f0ca61b9a7c8067bc32bf77050ea673995d4a2229d755fff83257c3138fc38eMozilla Thunderbird SMTP down-negotiation behavior allows a man-in-the-middle (MITM) attack to bypass TLS initialization and/or downgrade CRAM-MD5 to PLAIN authentication, leading to exposure of authentication information. Failure in CRAM-MD5 authentication also leads to exposure of authentication information to a passive eavesdropper. Affected versions: Mozilla Thunderbird 1.0.7 (20050923), Mozilla Thunderbird 1.5 Beta 2 (20051006), possibly other programs using the Mozilla mail component.
d7c2c62f53981de1b1e61fbb11de9278cff73769ab86c648b175814f320ba698Unauthenticated iSCSI Initiators can bypass iSCSI authentication on NetApp Filers by manipulating the iSCSI Login Negotiation protocol. The impact of this vulnerability is the negation of iSCSI security on affected NetApp filers.
cbda7558ac20a9e5ae1ab0fe5849ed2b682c6fc6ec99c1de2f5873cfdcc2906aTHCsnortbo 0.3 - Remote Snort ping exploit that makes use of a stack-based overflow vulnerability in Snort's Back Orifice preprocessor.
96da659e32e952a39dbc28838a12b7285552be9c4258061478af4f0511d2ed06
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed