The mambatstaff Mambo component is susceptible to a remote file inclusion flaw.
fa7b9aaa25bac2fdfebbe0f529ca7304edb279aaa506c90a60448255b99bda6ePHP versions 5.0.2 and 4.3.3 suffer from a bypass flaw in ip2long().
077c509657db441601b3a7b0b8b67d798b80cbfbe715a8351e25417221ed27e9Colophon versions 1.2 and below suffer from a remote file inclusion vulnerability.
870c50c1955358cd09c6815fc5ed147288272f145dce06f2bf4a80dbcac1b21fCoppermine Photo Gallery version 1.2.2b-Nuke suffers from remote file inclusion vulnerabilities.
841a02d8c14bf56f354bf35cf941793561f0cfa85e8f48d3c46ae11eaf798f7dMambo Gallery Manager version 095.r3 suffers from remote file inclusion vulnerabilities.
2e97397e359cd7cdb11dc44b91eade8442528731a5d3ac075dc9669073fe1fb7Mandriva Linux Security Advisory MDKSA-2006-134 - A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions.
6fd312b98f4ecc1065358bb1f845e446f01ac335c208ce0b7bf10c6b1dd51344Gentoo Linux Security Advisory GLSA 200607-12 - Internal security audits by OpenOffice.org have discovered three security vulnerabilities related to Java applets, macros and the XML file format parser. Versions less than 2.0.3 are affected.
1018090495894745d9422e2235f92f74dc23fd99b8c5156f255ee25c032fc052Gentoo Linux Security Advisory GLSA 200607-11 - Kevin Kofler has reported a vulnerability where three stack variables are allocated with 255, 255 and 100 bytes respectively, yet 256 bytes are read into each. This could lead to buffer overflows. Versions less than or equal to 0.4.2 are affected.
96217443b5f969cdbfdba05c790ed8712e927c32aeb1e498b227128cf755635bGidplus.dll division by 0 proof of concept exploit.
e34790ee7ca7e923136b18150c98e6b36106bb11d8baf1c3bfbef95889ee672cExploit for Mozilla Firefox versions 1.5.0.4 and below. The demonstration exploit below will attempt to launch "calc.exe" on Windows systems, execute "touch /tmp/METASPLOIT" on Linux systems, and bind a command shell to port 4444 for Mac OS X Intel and PowerPC systems. An anonymous researcher for TippingPoint and the Zero Day Initiative showed that when used in a web page Java would reference properties of the window.navigator object as it started up. If the page replaced the navigator object before starting Java then the browser would crash in a way that could be exploited to run native code supplied by the attacker.
9e096b35f0514a051a6f1a202b7742ec4b356a48415a7e37748c715e85cf7500iodine is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be useful in situations where Internet access is firewalled, but DNS queries are allowed. It needs a TUN/TAP device to operate. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.
ca611ba1da2df2c1b536b8029429a67f256e813f7eb9ce21589516f7964e320dMandriva Linux Security Advisory MDKSA-2006-133 - Mark Dowd, of McAffee Avert Labs, discovered a potential remotely exploitable off-by-one flaw in Apache's mod_rewrite ldap scheme handling.
7ea66a0d8db3370ee3860ea07f13cce12dd24caa9d29d2fbd5508a949cf83469rhj will let you exploit the ptrace() syscall to monitor and hijack some syscalls run-time. At the moment few syscalls are supported (i.e. send(), recv(), read(), write()) since the program is still a proof of concept.
78500617a093757ebda076945a9af0c3247aa61eb535d942a83eb186890be48aMandriva Linux Security Advisory MDKSA-2006-132 - Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including wv, abiword, freetype, gimp, libgsf, and imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.
b58dbdb89764f92136ac374c126ea6ab7a62bdb2e179a7cd7c5dc16c266bb99eSUSE Security Announcement SUSE-SA:2006:043 - The mod_rewrite vulnerability in Apache has been patched.
612fec7dc616174adaec186e91536b7c148d1af486ee736e1e7a7ee25ff29e29Debian Security Advisory 1129-1 - Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project have found several format string security bugs in osiris, a network-wide system integrity monitor control interface. A remote attacker could exploit them and cause a denial of service or execute arbitrary code.
97d86829d7a5f3b002cb07fd3e08b3cdd08071514cad0dfdd7c6b0e4ef9bffdcMod_rewrite is an Apache module that can be used to remap requests based on regular expression matches of the requested URI. A buffer overflow vulnerability exists when dealing with rewritten URI's that are prefixed with the LDAP protocol scheme.
89573f59a369c297fe3a2e50bec303dac0dec1ddee0ba1457f1cfd898bbab15dAn off-by-one flaw exists in the Rewrite module, mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since 2.0.46, and 2.2 since 2.2.0.
f3876d1169158fc551c64958b5e9f885de8ab0264310126aaeecc3277fc486cfDr.Jr7 Gallery version 3.2 RC1 suffers from a remote file inclusion flaw.
61bf03c5bc2bfedaeb1de0d3b9814420169cfda1b3eff3e4a7e2735abe4568adYahoo Instant Messenger suffers from a remote flaw that allows a browser to be launched.
3664cbddcc34785d915a40ed0743f9f1bca1614515aebb46884146fb317f77a9OpenPKG Security Advisory OpenPKG-SA-2006.017 - Multiple security issues exist in the FreeType font rendering library before version 2.2.
2b21a35344d0b2e3246e685dfc6f3441f75ea7e8c4cb18207ba4ee3935413369OpenPKG Security Advisory OpenPKG-SA-2006.016 - Multiple unspecified vulnerabilities in the Ruby programming language allow remote attackers to bypass "safe level" checks via unspecified vectors involving the "alias" function, directory operations and regular expressions.
8f897b645d525dd78eeb3792352c96d7f00b3d90a9db7a9350489cbd372b5f18Portail PHP version 1.7 suffers from a remote file inclusion vulnerability.
075f391c35623dda2d5d48a6eee2eb5e8ce6569dd08523a1428252eacf2a2210Debian Security Advisory 1128-1 - Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service.
1d78acd2fe62cd0f92062ec191b6bb1d1a16f8ea18c828b15e5f99c8c212378fOpenPKG Security Advisory OpenPKG-SA-2006.015 - According to a vendor announcement, a vulnerability exists in the mod_rewrite module of the Apache HTTP Server. Depending on the manner in which the Apache HTTP Server was compiled, the software defect may result in a vulnerability which, in combination with certain types of "RewriteRule" directives in the server configuration files, could be triggered remotely.
0c9d96b0aaa38abdb7aa0010ad4314a2444cfef7fe76891a209c6eafd629eb77
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed