Debian Security Advisory - Imp, a webmail interface, did not check the $from variable which contains the sender address for shell metacharacters. This could be used to run arbitrary commands on the server running imp. To fix this horde (the library imp uses) and imp itself has been modified to sanitize user input.
97d64ae7d8dcbc7d8f70877848129bc89275bed5a3d1f84c53f57e75fc362482Debian Security Advisory - Xpdf has two security problems - Tempfiles were created insecurely, and when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL. Both problems have been fixed in version 0.90-7, and we recommend you upgrade your xpdf package immediately.
e56990f7174ae5f59fb7c1fa5969013a7c59b4c17eb4b2d38c8deea23a6726b8statdx-scan contains some bash shell scripts to make it easy to scan large numbers of hosts for the rpc.statd vulnerability.
de24b65684ce4df514b49c7404958227f210d2c8669662d1666842b48029d26bAnyportal v0.1 allows remote users to read any file on the webserver by submitting modified forms.
e1ec85ae33fed5f71b59bb5010d7c3248c2ba5c473dd1c55908c4be4e6a1ee39phpPhotoAlbum v0.99 and below for Windows and Unix allows remote users to read any file on the system with priviledges as the httpd. Fix available here.
1fd5dac557c53d92324e640ef142c13d6504f28411ca172131ea0b05a2852c6eSecure Reality Pty Ltd. Security Advisory #1 - PHP's handling of uploads permits a remote attacker to manipulate PHP applications into opening arbitrary files on the server with the permission level of the user running the server. Almost any PHP program which provides upload capability is vulnerable.
aeaf6e2aa7063b4ff85dd2c6645bd2a6aa56552e8a26b759f5817c1bbd0a2039FPipe version 2.4 is a TCP source port forwarder/redirector that can be used to force a TCP stream to always connect using a specific source port. This tool can be used to get around firewalls that only accept traffic originating from common source ports.
d0eff452959037ffd1b6d1745db0de980ab8d88b67cb2476d7e142788ad15cb4@stake Advisory A090800-1 - Application: Mobius DocumentDirect for the Internet 1.2, Platform: Windows NT 4.0, Severity: There are several buffer overflow conditions that could result in execution of arbitrary code or a denial of service.
e18e06ec635a16b0cea92f28e5a5084f01741c21323819a63b4517ac55736635The $from-bug is in the horde library file 'horde.lib', (on debian systems installed in /usr/share/horde/lib/horde.lib) in line 1108 belonging to function "mailfrom". In this file there is a call to "popen" with an unchecked "from:"-line as argument. Bug found and exploited by Jens "atomi" Steube, fixed and documentated by Christian "thepoet" Winter
26f093926bfd1dd43f634cf8d0562c202fcf591bde428c8157fc922d25f3a850WebSite Pro is a Web Server for Win95/98/NT platforms. The vulnerability (or bad server administration) allows any user to create arbitrary files with arbitrary text on the victim machine, from the Internet web browser. By a default installation, any user can create or uploads files to the victim machine running a vulnerable version of WebSite Pro. The problem is a bad "protection access" of the main directories on the machine.
bd5cdf4a6fed674aba622112ecb317033d101e50f0c57a16cba894aadc40d73eWeekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: Novell directory services problem, @Stake Advisory on DocumentDirect for the Internet, Mailman 1.1 + external archiver vulnerability, SuSE Security Announcement on Apache, buffer overflow in Net.Data DB2WWW, SuSE Apache CGI source code viewing, still image service priviledge escalation patched, and segfaulting Interbase 6 SS Linux.
1d4e15b1255386f1db5ef76fb528bce8ead790f0cd5cbd36794cf9c3f97266bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed