A hack of propecia.c to include class A domain scanning and banner grabbing.
ae8a423a27e728cb503ae16ca7498897d5c367359e9d1cc6bd038e6287aae1e4PHP-Nuke versions 8.0.0.3.3b and below suffer from a flaw that allows the SQL injection protection to be bypassed thus allowing for attacks. Details provided.
e8ff03b9574af29c44c7061332f9fa9f8c0b900accd47af22c307553c80e497dNetsprint Toolbar version 1.1 suffers from a buffer overrun vulnerability.
1ad5002ca5075e2b188da4d08d7c1f9be2dae58d8475eae58da031fe9b739ac6iDefense Security Advisory 04.16.07 - Remote exploitation of a buffer overflow vulnerability in Akamai Technologies, Inc's Download Manager ActiveX Control could allow an attacker to execute arbitrary code within the security context of the targeted user. iDefense has confirmed the existence of this vulnerability within version 2.2.0.5 of Akamai Technologies Inc's DownloadManagerV2.ocx. All older versions are suspected to be vulnerable.
bd7c8b62df5ed63b528af4059e2e8c5a5b7a896e5b3d9bc44b6a53e6e38cb804Mandriva Linux Security Advisory - A flaw was discovered in how CUPS handled SSL negotiation that could allow a remote attacker capable of connecting to the CUPS daemon to cause a DoS to other CUPS users.
2c75cf3ebd48ac4a57d8ee7059eb95c7119a711d5061da1f90d4fb0430cbc0f0Gentoo Linux Security Advisory GLSA 200704-12 - John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCalc parser and an input validation error when processing metacharacters in a link. Also OpenOffice.Org includes code from libwpd making it vulnerable to heap-based overflows when converting WordPerfect document tables (GLSA 200704-07). Versions less than 2.1.0-r1 are affected.
74b0fcdf442f7d50af5cc91ca0bc3cc8490733897b5f1c1544134f2e17d01f6bMandriva Linux Security Advisory - A memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
16cc2182d8b5e734c6db73d481075a284e427cf82b792b4d08a2bd8a0d356858Mandriva Linux Security Advisory - The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service (tunnel crash) via crafted DELTE and NOTIFY messages.
9884cd76064966a13c483dca185a893c7bf64f985f22ed9cd8ee8cb91ed56783Akamai Technologies Security Advisory 2007-0001 - Two security vulnerabilities have been discovered in the ActiveX version of Akamai Download Manager. For successful exploitation, both vulnerabilities require the user to visit a malicious URL, triggering a stack-based buffer overflow that allows the attacker to execute arbitrary code within the context of the victim.
dbbaf096163cf2efc8265445fa804f02abd06396737956dba892bb7bf7981d35Wabbit PHP Gallery version 0.9 suffers from a cross site scripting vulnerability.
d3dc7bc7af30921a747c4330a8a259e1058f56e33a1c029f74c72b2359125a8cGentoo Linux Security Advisory GLSA 200704-11 - During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron files, while a st_nlink check in database.c will generate a superfluous error. Versions less than 4.1-r10 are affected.
621ba41866d3c9ca4724522e77f353267d1cb019936b388520231204e7bf8070Ivan Gallery Script version 0.1 remote file inclusion exploit.
3c54e555424f64952f2651f5481d8e386826f91a03f47502ffd6aecdea9d4d29iDefense Security Advisory 04.16.07 - Remote exploitation of a buffer overflow vulnerability in Clam AntiVirus' ClamAV allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the cab_unstore() function in libclamav, the library used by clamd to scan various file types. A 32-bit signed integer is taken from the packet and compared against the sizeof() the destination buffer. However, the sizeof() return value is improperly casted to a signed integer. By supplying a negative value, an attacker can pass cause the comparison to succeed. This eventually leads to an exploitable stack-based buffer overflow. iDefense has confirmed the existence of this vulnerability in ClamAV in versions 0.90rc3 through 0.90.1.
a0e03ca2f3785c29263dffc681e45f0d4c2adfe3bada8fefa43b8334247040c6Whitepaper discussing Windows DNS cache poisoning by forwarder DNS spoofing.
a8edfacf63fc3159336647ddf759fbe145f1138297489817602d348e2b57d3a4MyBlog versions 0.9.8 and below remote command execution exploit.
4aa2dcc6cbe8dc143c4ab7969cca79681024ff371081ce9c27147058c2eef087ActionPoll PhpOpenChat version 1.1.0 suffers from a remote file inclusion vulnerability.
479a393a4dfa1447096a9de8868a998571d13f8c33f100545b02135f41bcc40coe2edit CMS suffers from cross site scripting and cookie manipulation vulnerabilities.
1d545e67b993df013f9a00de25830766a799b8b03071712d0eae874b63679455This Metasploit module exploits a stack overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name is supplied that contains escaped characters. This exploit will NOT work on Windows 2003 SP1 or SP2 if hardware DEP is enabled.
9e489d03059ad614ec6b6212926d5c4b2852414c9f8a30464d6ccd7e43d0f9caSecunia Security Advisory - Mandriva has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
f2b14903da0c9609abba4fb0cddc4215240291ed9fb309e1560bd0dc924ea1caSecunia Security Advisory - Gentoo has issued an update for inkscape. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
f835a527c40b654829f18eb638dfb9350b07f9822ff76f71a8e3a7758d3c5fd5Secunia Security Advisory - Some vulnerabilities have been reported in MailBee WebMail Pro, which can be exploited by malicious people to conduct cross-site scripting attacks.
9d2fba4ff6b421d455310f33dc0e505ca72185e6abc94f82cd86a03c0f3e664aSecunia Security Advisory - Alkomandoz Hacker has reported a vulnerability in StoreFront for Gallery, which can be exploited by malicious people to compromise a vulnerable system.
b4f9e91c97acf7ad1f10e59e2cdcd8c87f3de1416274cd8cf9b8592e4cdd2761Secunia Security Advisory - Mandriva has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
685a9c0d04028b3b1ee55379270c7e74cb56c676fb6033a93f00d24c9437fa3aSecunia Security Advisory - Two vulnerabilities have been reported in Akamai Download Manager ActiveX control, which can be exploited by malicious people to compromise a user's system.
376deccaa736ef478da06e4ce388a81bfb044c789b90c1a1c59046660f200d4fSecunia Security Advisory - rPath has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, gain escalated privileges, and by malicious people to cause a DoS.
2540b32d7a37f84188785069a78cfd53a3cabe380faf19f6da5f46cf190ab8ac
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed