New Packet Storm exploits for November, 2005.
a07924e3741cb3d7a0ddc9b2ba7672776c9401ad9e34214d734f4ea9ae3d186eUbuntu Security Notice USN-221-1 - The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon daemon.
8d22da04170e1300f68a9059d380adf085d2893b0073c93ea3ac139a4e36847cHP Security Bulletin - A potential security vulnerability has been identified with HP Systems Insight Manger (SIM) for HP-UX. This potential vulnerability may prevent users from logging into HP SIM using Microsoft Internet Explorer after the Microsoft security update MS04-025 for Internet Explorer is installed.
448fc55103c8c7f74b74662fd884491e6f061f0dd478053a06c026a82fd51d87WebCalendar version 0.1.0 is susceptible to SQL injection attacks via activity_log.php and edit_report_handler.php. layers_toggle.php is susceptible to CRLF injection. Exploitation details provided.
a301911fe8f5e2b56d3446fb741963f4c821df654703f5e31403ffbb7cebdaefMicrosoft Windows CreateRemoteThread denial of service exploit.
387b50fc23c90ae7481a53e79a694e2b9cd93c2ab1d04ea80904e885dd7f2a54Debian Security Advisory DSA 914-1 - A vulnerability has been discovered in horde2, a web application suite, that allows attackers to insert arbitary script code into the error web page.
7650826594b66b2def649f58970ce01e614ab9f60945167830d57555540c1585Perl suffers from an integer wrap overflow inside the explicit parameter format string functionality. Perl 5.9.2 and perl 5.8.6 have been tested and found to be vulnerable on linux, freebsd, dragonflybsd on the ia32 platform. It is assumed that a much larger range of software and platforms are also affected, as the sv.c seems to remain seemingly static over time, however this is not confirmed.
98a5e4cc8d4e001a73593d476e2797bd0bb7e8f6e5f99d6bb0d89698243d92eeDebian Security Advisory DSA 913-1 - Several vulnerabilities have been found in gdk-pixbuf, the Gtk+ GdkPixBuf XPM image rendering library.
15a7f442ec51e6597fd3c6397be3213259fb00e5091b022674a1aaad24255c5cSecunia Security Advisory - Ubuntu has issued an update for perl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4672d43e88bd2f23de9e8526a3393fa004f5b6f53eb156dd7d884781ad36eceaSecunia Security Advisory - A vulnerability has been reported in MailEnable, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
44296c939eeb598a2a5046283c8b3d8ff9c8aa6755599aac466a6f4b01d4a6a8dotclear version 1.2.2 and below suffer from a remote SQL injection flaw.
420ac553343837f9e66b25995423fc34b88ba28115063849dfae6069552f4f03PhpX versions 3.5.9 and below are susceptible to SQL injection, login bypass, and remote code execution attacks. Exploit provided.
e3e0206fe6bd630a03c89eeccad2963f16998061ce8e422d58fa49e7c257ffd9Debian Security Advisory DSA 912-1 - Wernfried Haas discovered that centericq, a text-mode multi-protocol instant messenger client, can crash when it receives certain zero length packets and is directly connected to the Internet.
34bde91ed18d0ad5496b08c686733064e1b3adea3ce86a9b8c3c508d0ba33b81Gallery versions below 2.0.2 are susceptible to cross site scripting, arbitrary file viewing, and more.
2c5393607259ccfb2aa2a700aa8d219403e22be70086c84c95060151911f5edbApple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.
e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984aOpera 8.50 is susceptible to a denial of service condition via an applet.
935a51472ab3bd6c59b138c3c68c739c9d4623061a00d164c3b0f659f1aea147PHP Upload Center is susceptible to directory traversal attacks via the filename parameter in index.php.
b0c58e722732597e6a71434966b4d4d5e25157a6f853ef7c8c347fdebf9f598eThe Panda Antivirus Library is vulnerable to a heap overflow during decompression of ZOO files.
ea22e4e269fb66345e42e902825a2d91721aad2de4c5e442047261800048dc5fCisco Security Advisory - A vulnerability exists in CSA agents that can allow a privilege escalation through locally executed software, providing a normal user or attacker with local system level privileges on a Windows workstation or server running managed or standalone CSA 4.5.0 or 4.5.1 agents.
febe0c6b9274bd114b3212a125344054bb05edeadfb6cd8c69a40ebc7a6fcf7bDebian Security Advisory DSA 911-1 - Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library.
0d5ed830406babebe25083fcc93d593770fdad8eeeb5fd4497183b0f633f5597N-13 News remote SQL injection exploit that performs a PHP shell injection.
a3f4c73c38a1644429c5bff832149cfee9d0326230528a3ecb052e5ecddf52e9Xaraya versions 1.0.0. RC4 and below suffer from denial of service and file corruption flaws. Exploitation details provided.
390be9f2e8b90da0f96431615e5d6cf3e947051728bfe42fad1bf35bd626befcASP-Rider version 1.6 is susceptible to SQL injection attacks via the REFERER.
00108f6af124296b9e8af6d348a8919a77e66e8f5417a34d0573a906655eb7a3Secunia Security Advisory - r0t has reported a vulnerability in Atlassian Confluence, which can be exploited by malicious people to conduct cross-site scripting attacks.
1f3f44192b81513af035f006348737b62f925e0e5e0548208fe0d603feac9e8bSecunia Security Advisory - r0t has reported a vulnerability in Java Search Engine, which can be exploited by malicious people to conduct cross-site scripting attacks.
36810aacbfaa7345365ffab5cb1fa1a58785c12eb74edac81320af4201c20b55
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed