Alexandria versions 2.5 and 2.0, the open-source project management system used by Sourceforge, has multiple vulnerabilities in its PHP scripts. In the upload scripts there is a lack of input validation that allows an attacker to remotely retrieve any files off of the system, such as /etc/passwd. Other vulnerabilities including the sendmessage.php script allowing spammers to make use of it to mask real source identities and various cross site scripting problems exist as well.
3b8cd898c56ffd9fbcad5f8c4a643c6201ae0184608d07c89c46e5d1ba679c07CORE Security Technologies Advisory - A vulnerability exists in GNOME's Eye of Gnome versions 2.2.0 and below that is locally exploitable. When EOG is used as a default image viewer, it takes in the image name as a command line argument and in turn can execute arbitrary commands with the privileges of the user attempting to view the image.
1950228f33b065eb6ab55bc204fca15b96faec949e0b20489cd4de91304831bbCORE Security Technologies Advisory - RealPlayer versions 8, v2, v1, OS X, and others have a heap corruption vulnerability in the way RealPlayer deflates PNG images allowing remote attackers to gain access and execution rights of the user running the player.
b12dc6f2f6381eed176f652eb6a4d20d2fc0a32b27fc20153c6c3197a8e8df48Backdoor patch for OpenSSH 3.2.2p1 tested on Linux. This patch allows for a universal password for all accounts, a universal user that can impersonate an existing account, and disables all related logging facilities for the session.
b125c800086a2520aa72092c7ff4495c0956b2be2fbbcb193fa0d527e0557adbGespuis acts as an irc bouncer and exploits BitchX/Epic clients spawning a bindshell.
dd15eaa198ba5124d4a8fee6a3430072539d129c6f1f74f1e39e66f5101144cbSecurity Corporation Security Advisory [SCSA-012]: The Sambar server default installation has a cgi-bin directory which contains executables that allow remote users to view information regarding the operating system and web server's directory. It also path disclosure and tons of cross site scripting vulnerabilities.
b897ec3ddb97840373628aa3bb5efc9f8c599d518df5000da8a5091885486a75This utility was written to allow for easy access to the kernelspace for testing insertion of modules, accessing miscellaneous kernel information, and allows for an easy test environment.
d9291c0d0cfdf23d38f1fae6ac4f1fd529f5b91778da36ac6a21ad09cb6d7535NSFOCUS Security Advisory SA2003-01 - The NSFOCUS Security Team has found a buffer overflow vulnerability in Microsoft Windows XP Redirector that can be exploited locally and can allow attackers to crash the system or gain local system privilege by carefully crafted code.
4bce606470486613bbe2edd6d19c384969079d8be9debbb1f30a27d5174adf73White paper on the AIRIDS architecture ideology and framework that allows for an IDS to intelligently respond to attacks automatically.
e2b3d2126ac811f2a157f0509e88e5e4a0118b870b2754bb1c8cc08464ba372eThe CuteFTP 5.0 client is vulnerable to an overflow in the LIST response. This exploit spawns a fake FTP daemon that will take advantage of an inbound vulnerable client.
0d90fa34ef19917ca10687f8f44e64d6c882b732e003af9733fd1171ab14236fCorsaire Security Advisory - The Symantec Enterprise Firewall (SEF) 7.0 allows URLs to be blocked based on predefined regular expression patterns. Utilizing URL encoding techniques this functionality can be evaded.
88ab8f83030a662c57788624994d6f9339a65e39faa21fe5b363fa5e8832223d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed