what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 45 RSS Feed

Files Date: 2008-05-06

Mandriva Linux Security Advisory 2008-096
Posted May 6, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-1694
SHA-256 | 3437abeb6b6fde1fb63ca51b51f5400bd54c2f785d2ca09ca693f6d40dc3855d
mvnforum-jsxss.txt
Posted May 6, 2008
Authored by Christian Holler | Site users.own-hero.net

mvnForum version 1.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dcb8679078bf72bcb063361f8dc3c9099139fcbc28d0ad926e33563c0da074be
sphider134-xss.txt
Posted May 6, 2008
Authored by Christian Holler | Site users.own-hero.net

The Sphider search engine version 1.3.4 suffers from a cross site scripting vulnerability in search.php.

tags | exploit, php, xss
SHA-256 | 7006a0516cf27ded9fbfddbf366c5c6d5679d9f762a8cf65aa86ad0094160125
Ubuntu Security Notice 605-1
Posted May 6, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 605-1 - Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges.

tags | advisory, arbitrary, javascript, xss
systems | linux, ubuntu
advisories | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237
SHA-256 | b9c42ae554ce07a1d196256555df7f1305a5753dae6ea156362310e38f7087b4
Ubuntu Security Notice 608-1
Posted May 6, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 608-1 - It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2008-1671
SHA-256 | 1019497a78fcf0ef12c22f2ac9cfbaffb18b373c464aa09239612487bb00ca6b
Ubuntu Security Notice 607-1
Posted May 6, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 607-1 - It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2008-1694, CVE-2007-6109
SHA-256 | b1a143cfe46623a250bf87dac1a2b5dd06fcd07b59c77dfbdc86e49fe5a2b5bc
AD20080506EN.txt
Posted May 6, 2008
Authored by Sowhat | Site nevisnetworks.com

The Yahoo! Assistant (3721) ActiveX control is susceptible to a remote code execution vulnerability. Versions 3.6 and below are affected.

tags | advisory, remote, code execution, activex
SHA-256 | 8039debd2fc4ad573e54771c91907d5dd43665633cecefbad5b990965e1a3b4e
SE-2008-03.txt
Posted May 6, 2008
Authored by Stefan Esser | Site sektioneins.de

PHP versions 5.2.5 and below and 4.4.8 and below suffer from a multibyte shell command escaping bypass vulnerability.

tags | advisory, shell, php, bypass
SHA-256 | 193d2a7f3caa1f5c99beec37bed621ce36b1e889636d309ac31f2444d0ac76a6
SE-2008-02.txt
Posted May 6, 2008
Authored by Stefan Esser | Site sektioneins.de

PHP versions 5.2.5 and below and 4.4.8 and below suffer from a weak random number seed vulnerability in GENERATE_SEED().

tags | advisory, php
SHA-256 | e595aa1de24282de7e212092e11553cf0994f87464e902dad2915e80f4e51e96
Secunia Security Advisory 30034
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious users to disclose sensitive information.

tags | advisory
systems | linux, gentoo
SHA-256 | 32bccdd452da6647d6f9b04c657ba22970340dadf2fd5f7cf966b6a24e15228f
Secunia Security Advisory 30047
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for horde. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, and by malicious users to disclose sensitive information and potentially compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | feadcb39e02185b5489d49273d6fb04c99cbf5a6a5d41d92d84f1412ff159274
Secunia Security Advisory 30053
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Common Data Format, which potentially can be exploited by malicious people to compromise an application using the library.

tags | advisory
SHA-256 | 2eaeeeeb9ffe857df53d93ec0aaa783da27deed8397bdc0b9a7599d3f2846be3
Secunia Security Advisory 30063
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Core Security Technologies has reported a vulnerability in Invensys Wonderware InTouch, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 832cfbeb9cf13a4a3600ca33cd8d072d328b9c356dc060a8974a31430b9ac072
Secunia Security Advisory 30078
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for cups. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, ubuntu
SHA-256 | 43ce2dceae734959ed583884b853410e465810dcc9c004b496c6bcada737a236
Secunia Security Advisory 30084
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - EgiX has discovered two vulnerabilities in DeluxeBB, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | e10c0724931575a02e9459c7038b2494a9085f19248dcf5735ec8d3728b1dfe6
Secunia Security Advisory 30085
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HaCkeR-EgY has reported a vulnerability in Miniweb, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | 5bb203901ef8294c5dd4d61421a370e2e5292ba47ea84832d07693ec7a576ffb
Secunia Security Advisory 30089
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - M.Hasran Addahroni has reported a vulnerability in Auction XL, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | d2ce905100f59fc7a8693481fae823a37eaaaad93309d830f8bcfa6f6b7be955
Secunia Security Advisory 30093
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for b2evolution. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, debian
SHA-256 | d31130fbf833f8a58536c8282accadd85c926b96d62c1e49d6f81bbd7cff27e7
Secunia Security Advisory 30097
Posted May 6, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for blender. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
systems | linux, debian
SHA-256 | 667ec36a11e4d6d5193ab114bc2f9a83e1c42068f35deb42fa30558bfab33291
qto-upload.txt
Posted May 6, 2008
Authored by CrAzY CrAcKeR

QTOFileManager version 1.0 suffers from a remote file upload vulnerability.

tags | exploit, remote, file upload
SHA-256 | 8db5c300d200d2a01eb70805902e1ba98d60cf8a8f5505d208cdbafd0f82b9a5
bugzilla-multi.txt
Posted May 6, 2008
Authored by Frederic Buclin, Max Kanat-Alexander, Bradley Baetz, Loren Butler, Marc Schumann | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.

tags | advisory, xss
SHA-256 | 05d5fac375a53e9e58bff5c4ff71d4dff9c0110dcca4550545e13c7ce7fe71d7
phpeasydata-sql.txt
Posted May 6, 2008
Authored by InjEctOrS

PHPEasyData version 1.5.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4a9eb9403ea68f60ccc97624ac6a11b3e492615be01f3f09abd1254b10038748
preshopping-sql.txt
Posted May 6, 2008
Authored by t0pp8uzz

Pre Shopping Mall version 1.1 suffers from a SQL injection vulnerability in search.php.

tags | exploit, php, sql injection
SHA-256 | a59264d575b73d1388ee6877db8abdeff27cea3bca2a84c201376238fe0d17cd
Debian Linux Security Advisory 1570-1
Posted May 6, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1570-1 - Andrews Salomon reported that kazehakase, a GTK+-base web browser that allows pluggable rendering engines, contained an embedded copy of the PCRE library in its source tree which was compiled in and used in preference to the system-wide version of this library. The PCRE library has been updated to fix the security issues reported against it in previous Debian Security Advisories. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version.

tags | advisory, web
systems | linux, debian
advisories | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768
SHA-256 | fa6aec9ce94db20975693f5f321e7d96c3c11fc033799147ddb53375db168dc4
HP Security Bulletin 2008-00.56
Posted May 6, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain extended privileges.

tags | advisory, denial of service, php, vulnerability
systems | hpux
advisories | CVE-2007-2872, CVE-2007-3378, CVE-2007-4783, CVE-2007-4840, CVE-2007-4887, CVE-2007-5898, CVE-2007-5899, CVE-2007-5900
SHA-256 | a25c67eb88bb44bc6b3fd07f12470e6be94fbd42adcea195f7399637529b6bf2
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close