This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
e119eb9b09c13ddd945a0105f19b05983e62de0bac167264f055f93115048090PHP-Fusion version 4.00 has a full path disclosure vulnerability and a flaw that allows an attacker to download the database backup file that can be used to gain administrative access.
fd86bda119a57bd26be037bf969a91bac23833996dd042ce8a6c44eff41ef812Cisco Security Advisory: A device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default. The vulnerability is only present in Cisco IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines, and all Cisco IOS images prior to 12.0 are not affected.
568979e1c71157314ffb20b9d5fa0db45d174f2a149e7a9a9c148d2a611e8530Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
ebe4d15fbb7e16bd088dbffdd949b7ae10f0315d5518d1822f90a62b76c6293cPHP based exploit for YaPiG 0.x that allows for an attacker to create arbitrary files on a vulnerable server.
d84ef4efc63ad0141d177a09b8ac9eb78fe82f50b463c66537c20e53232f892aNetBSD Security Advisory 2004-009 - A set of flaws in the ftpd source code can be used together to achieve root access within an ftp session. With root file manipulation ability, mechanisms to gain a shell are numerous, so this issue should be considered a remote root situation.
19988f37ee9bac237bfdb409657a8f72e0dc9b3791fb9c48b914cfac30ce0bddDebian Security Advisory DSA 540-1 - A The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
4a26956ef58acb72359831f331a9afbf8b463266470faa893647557c3c3722d6Gentoo Linux Security Advisory GLSA 200408-18 - xine-lib contains a bug where it is possible to overflow the vcd:// input source identifier management buffer through carefully crafted playlists. Versions 1_rc5-r2 and below are affected.
f3e2d4f842afd2f19f3f102effaa01516c7ee2b3965a03ca27c52d6cf6af38adMerak Webmail server version 5.2.7 has cross site scripting, full path disclosure, exposure of PHP files, and SQL injection vulnerabilities.
089caf859e10b39bd0ac02efa7546f2409a15eceb1de9ca5a88018b1f271135dGentoo Linux Security Advisory GLSA 200408-16 - glibc contains an information leak vulnerability allowing the debugging of SUID binaries. Versions 2.3.2 and below are affected.
6d3a5de31a54a4551b867471c5569c8bb8f3f2783a41ac572e82eca0028bf877GreyMagic Security Advisory GM#009-OP - Opera versions 7.53 and below on Windows, Linux and Macintosh have a flaw that allows an attacker the ability to figure out whether or not a file or directory exists.
c1016c549082c639a7eb373daec02795b9f4f03545ad69076289d49c20930b4eDump2code is an ELF file section reader that allows you to dump any executable section, such as .interp, .dtors, .text, etc, from binary code to hex code.
39362ddad8bd8846dd8817b5c82a7118967f16a748a9bb579152867c976eb7bfSecunia Security Advisory - Christoph Jeschke has reported a vulnerability in PForum, allowing malicious users to conduct script insertion attacks. Input passed to the IRC Server and AIM ID fields is not sanitised before being stored in the user profile. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected website when a malicious profile is viewed. The vulnerability has been reported in versions prior to 1.26.
fd6e0e12c53992fcba1cd35801d8925ccfa22288fadc046780bbd1b9fd138dc0Pads version 1.1 is susceptible to a stack overflow. This tool is not setuid by default so the risk is minimal. Version 1.1.1 fixes this.
8eb01b9fa435907293c656e16bd644ed33b266d2e35011469b5609b3d83acfabPads is a signature based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.
7627636e1f7ec5aa501678022b393c727a8d6800144a5fd4efd7cdee495eaa19
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed