Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function. Secure Programming HOWTO here.
27fb48f92c40f6e25f1c853ffe53587493d87e7ee8a55a0a5870cc54e3bdc919OSC2Nuke 7x version 1 and OSCNukeLite versions 3.1 and below are susceptible to full path disclosure vulnerabilities along with the possibility of remote command execution.
5f96e7ef530a7ccbc5c2f329c11d2a5530cac404ca7454aa387363da3b4af4b1Nuke Cops betaNC PHP-Nuke Bundle with PHPNuke 6.5 and later are susceptible to multiple path disclosure vulnerabilities that can lead to SQL injection and code execution attacks.
48706c82daaac814f82be6b7d1e243e8cfa3bb44ff75a0fdd9489f22dcc35db1A vulnerability due to an unspecified authentication error in Gallery allows for a remote attacker to gain full administrative access. Affected versions are 1.2 up to 1.4.3-p12.
90b60da34fb15263462bf650dcbbaa35bbf1451079cea0bcf453ab89ad5cd23dMIT krb5 Security Advisory 2004-001 - The krb5_aname_to_localname() library function contains multiple buffer overflows which could be exploited to gain unauthorized root access. Exploitation of these flaws requires an unusual combination of factors, including successful authentication to a vulnerable service and a non-default configuration on the target service.
7cfc54ec053d139beffb7bab5ac5297855b62e23eb7d90b6c494e5f59da7df6aPHPNuke versions 7.3 and below are susceptible to full path disclosure vulnerabilities.
597be79ddadf45876cf2eb6a6e6a90282e3be96910b41cc1934a6618cb5f5c8dOSVDB has announced that they have reached 3,000 stable entries. This Go-Live update discusses new features the site has along with a request for help from the community. Please help support them in any way possible.
151f920e310158999b1f3d2573806668cc17a0d227339cf2919504286a703469A vulnerability in the Firebird Database's way of handling database names allows an unauthenticated user to cause the server to crash and overwrite a critical section of the stack used by the database. Version 1.0 is affected.
c4240f2e5fca1c1e74d84909a2142bb24a8cd2e298ffca0177b22046c5fb6e9eA security vulnerability have been discovered in the Mollensoft Lightweight FTP Server version 3.6. A buffer overflow can be committed via the CWD command allowing for a denial of service attack. Full exploitation included.
d385d01918e8b2f0b34b19abfd1352e1046ba16693a27f7ebf3d858884a130cfA vulnerability has been discovered in SquirrelMail. Due to unsanitized user input, a specially crafted e-mail being read by the victim using SquirrelMail will make injection of arbitrary tags possible. When correctly exploited, it will permit the execution of scripts (JavaScript, VBScript, etc) running in the context of victim's browser.
e69f120754f3f11bb0c26687563775dff3112e902b64d7c92bc7292644b83369Kenny is an IRC bot that executes shell commands and will report back any further information. Single host allowance for command execution is possible.
5fa6459e4d18940ee35e135f17eb7b67fb2fcaea20eee9bb047d89dc4d857ae8The LinkSys Wireless-G Broadband Router WRT54G allows world access to an administration server on ports 80 and 443 even when disabled.
ee57b0b155e39f955197cb3ee9b205eb4974742ca3f22783c65b943e54a762fcA big gaping hole has been found where users who have expired passwords can unexpectedly log on to a Microsoft Windows 2000 domain if their fully qualified domain name (FQDN) is exactly eight characters long. Platforms affected: Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional, Microsoft Windows 2000 Server.
3aca4ebe103f9f7b5919d119b7edb14836642b03dae30d84a93a874f6fc1088aPacket Storm new exploits for May, 2004.
8aa9e90a12b27246260794ffa77220a08db91dd5faf7f698b159a94ffdb39ae5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed