what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2009-10-06 to 2009-10-07

Mandriva Linux Security Advisory 2009-257
Posted Oct 6, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-257 - Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. The updated packages have been patched to prevent this.

tags | advisory, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-0928
SHA-256 | be48ee1c71c8dd6c4fb363c3fa58f5695a47fce884c18f36e0bc083481cc2dc9
Mandriva Linux Security Advisory 2009-256
Posted Oct 6, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-256 - The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834. This update provides a fix for this vulnerability.

tags | advisory, remote, spoof
systems | linux, mandriva
advisories | CVE-2009-1189
SHA-256 | be11fbcb9ef4def25583c0f75c0c88ef8b0beb6701fbb030662859d60a81491c
Ozirion Tunneling Web Browser Alpha 0.0.1
Posted Oct 6, 2009
Site ozirion.net

Ozirion is an experimental Web browser allowing people and groups to improve their privacy on the Internet by hiding their IP address through a network of virtual tunnels. The current release of Ozirion relies on the Tor technology. It includes a built-in Tor server and provides the ability to choose or ban countries in order to use an IP address from a specific country. The Privoxy local proxy is used for better privacy. Ozirion is totally independent from the Tor and Privoxy projects.

Changes: This is the first release under the Ozirion identity. This was priorly known as TorNavigator. It includes an Italian translation and some minor cosmetic changes.
tags | tool, web, local, peer2peer
SHA-256 | 1f25becce230f847e0bfac60b1f2f794c59cec27fa30b39d4433e6800f8648fc
Core Security Technologies Advisory 2009.0922
Posted Oct 6, 2009
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - Jetty includes several sample web applications for the developer to learn from. One of them sets cookies with user supplied data, and then dumps them as html. This application does not filter the user supplied data when outputting it to the visitor. This constitutes a persistent XSS vulnerability.

tags | advisory, web
SHA-256 | 1d3bae9ebf67441bb0401c9b336fb07ca5494eb9dfaf93b0173ebe8ac5891188
Dopewars 1.5.12 Denial Of Service
Posted Oct 6, 2009
Authored by dougtko

Dopewars version 1.5.12 is susceptible to a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | aab85c14b9d4e987d213433c3c431ba26abe2139f6eadf90354976381447703f
Geany 0.18 Local File Overwrite
Posted Oct 6, 2009
Authored by Jeremy Brown | Site jbrownsec.blogspot.com

Geany version 0.18 local file overwrite exploit.

tags | exploit, local
SHA-256 | a7a3082a458cb9a5407ee29030388b9fd81db7ce126fa8d2139b4e3d1b97f6f9
Ubuntu Security Notice 843-1
Posted Oct 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 843-1 - It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2009-3369
SHA-256 | c2c0ceac2bfaa730751d6070ef9062181988c7dfb0462ca5d4e446751a8b3888
Ubuntu Security Notice 842-1
Posted Oct 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 842-1 - It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2009-3490
SHA-256 | b9dec6517e790c9e09c7a94658d37d6b784a845a1b7ece20faae1c0bbc910b8d
PBBoard 2.0.2 Cross Site Scripting
Posted Oct 6, 2009
Authored by rUnViRuS | Site sec-area.com

PBBoard versions 2.0.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 95c37c9fb4e0b9c7045f88829faf82f2ec57cb56e5a9409608bef24cac0ea1c7
AlleyCode 2.21 SEH Overflow
Posted Oct 6, 2009
Authored by Rafael Sousa

AlleyCode version 2.21 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | ca6f6d211672dd97fad025c3e48f49ed2ac449e87a152508882788426f78f448
AdSuck DNS Server 1.7
Posted Oct 6, 2009
Authored by Marco Peereboom | Site peereboom.us

adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.

Changes: There is a reliability fix in the reaping code. The Linux build has been improved.
tags | tool, local, spoof
systems | unix
SHA-256 | 3a37358daeab1a76bec9bd382412c27c4a58a9178bb29625a0d36e0af929bf68
AfterLogic WebMail Pro 4.7.10 Cross Site Scripting
Posted Oct 6, 2009
Authored by Gardien Virtuel, Sebastien Duquette | Site gardienvirtuel.com

AfterLogic WebMail Pro versions 4.7.10 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5b1994da53626d4e2a6b91384df1675a20689db24f411e5514abf0bca364f3d3
Secunia Security Advisory 36965
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in multiple Stonesoft Products, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 8ad1ee3b71d5340c2c9c6c7841fde146c00323b0981d6acb4ac6801275c60d93
Secunia Security Advisory 36966
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - McAfee has acknowledged some vulnerabilities in McAfee Email and Web Security Appliance, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, web, denial of service, vulnerability
SHA-256 | d6c65a8d5aa42aa37e58a22d3ef3f1d52e72dff32f45f835c79fd1066183308a
Secunia Security Advisory 36921
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - VenturoLab Team has reported a vulnerability in Linksys WRT54GC, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 4560ea20fceead7b187e4aff695db388ffdc04fbf40786eabc4892cd174c729d
Secunia Security Advisory 36959
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for glib. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data.

tags | advisory, local
systems | linux, ubuntu
SHA-256 | adcbb54373c894c87be21ab15952eae08ae82c815dc7737f82bd64c6dc9762f2
Secunia Security Advisory 36958
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in GNOME GLib, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data.

tags | advisory, local
SHA-256 | 2729fd9be44b7dbf5ae69e20b44e497b8cd68d67720c36f5751a656633767591
Secunia Security Advisory 36935
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Hyperic HQ, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 11a5bbad1fb6fe5cdd344f8c5f7345df7f3e4d4e2bb2c01d33b626e6e312aa0a
Secunia Security Advisory 36933
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for elinks. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 92b6a149db8d6d43e2b3705b5d7ccdbf281b68be51a206cefea1814c781ca677
Secunia Security Advisory 36900
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in FrontRange HEAT, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | fa31823a83025312de0027040bb977ab02207507e4cc94695d720ca97177dd92
Secunia Security Advisory 36898
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - pyrokinesis has discovered a vulnerability in HP LoadRunner, which can be exploited by malicious people to compromise a user's system.

tags | advisory
SHA-256 | 2e91b096dc6ae243f3bf45c55b9c8198abb2e803df4cb072ddc3480dd26c508e
Secunia Security Advisory 36954
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - kaMtiEz has reported a vulnerability in the CB Resume Builder component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | b9f8be73b0935663c1a1a8c8554cd0e41de2ff42bd0f03541e010b06e449f705
Secunia Security Advisory 36932
Posted Oct 6, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Kolab Server, which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system.

tags | advisory, denial of service
SHA-256 | 43cfe5e4a53a78e7a6520065323413c4f2f7148961b290dd76686826c1687e65
Joomla CBResumeBuilder SQL Injection
Posted Oct 6, 2009
Authored by kaMtiEz | Site indonesiancoder.com

The Joomla CB Resume Builder component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 10d64c57cc0f40b3527ebe7d040725a1a25f43da7f771b9f750c62d3657e7e2f
Ubuntu Security Notice 841-1
Posted Oct 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 841-1 - Arand Nash discovered that applications linked to GLib (e.g. Nautilus) did not correctly copy symlinks. If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2009-3289
SHA-256 | b17c57b39322b0668a28dff188e0f833a265e02c9fd772d12a1277c61008ab72
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close