Debian Linux Security Advisory 2179-1 - Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services.
cb2a9ac58a6b2e1392a9280f47f55599a385e8fd679a98056e66cd9868fd5fc3PhotoPost PHP version 4.8c suffers from a cross site scripting vulnerability.
4b3eee89e86329852f8803e91022d4b31cf65a3973d5ef00ef6f4b50a8503cb3Debian Linux Security Advisory 2178-1 - It was discovered that pango did not check for memory allocation failures, causing a NULL pointer dereference with an adjustable offset. This can lead to application crashes and potentially arbitrary code execution.
213b3dd282ebde23412fea47ec939c0d2ab2671024435416b3f75f2ef0468a6cCubeCart version 2.0.6 appears to suffer from the same old SQL injection vulnerability that multiple prior versions also suffered from. In addition to that, it also suffers from a cross site scripting vulnerability.
7ca0c459e6ba8a986ea298b006c52fa6b09a92deee92ab5dd56105656fdb3fb0Debian Linux Security Advisory 2177-1 - It was discovered that python-webdav, a WebDAV server implementation, contains several SQL injection vulnerabilities in the processing of user credentials.
ddd84c50361e28bec8d106c67025dcf746e93c18608edeca8477b57fc2898d93Tor's Hammer is a slow post dos testing tool written in Python. It can also be run through the Tor network to be anonymized. If you are going to run it with Tor it assumes you are running Tor on 127.0.0.1:9050. Kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads.
00127b3a7c45407764e28730a9732e9e09810e26b1733841424227c6b35ae4f8Ubuntu Security Notice 1082-1 - Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap objects. If a user were tricked into displaying text with a specially- crafted font, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that Pango incorrectly handled certain memory reallocation failures. If a user were tricked into displaying text in a way that would cause a reallocation failure, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10.
55ec43235e341978a77e9e35929be0aa8b8a56a7665d47badc484fada019b94dPrestashop Cartium version 1.3.3 suffers from a cross site scripting vulnerability.
bc567158b5df2af1e619333e0b68b6c4acb926f20b25391501db0c5b2d37630bVidiScript suffers from a cross site scripting vulnerability.
68a5335459a59d5b0ae336b2b97a852ea61feab369f515e4fb01e58d1c584f83Magic Music Editor version 8.12.2.11 buffer overflow proof of concept exploit that creates a malicious .cda file.
fa03fc5e07a736b6ce4204c833690ca0102f53f572653ea7ea1a91bef14a7b67Readmore Systems Script suffers from a remote SQL injection vulnerability.
6029a101ef38a53b69dfe1e1099badc7e3a0d38b8a7d57c8349c4e31d69d3c79Bitweaver version 2.8.1 suffers from cross site scripting, path disclosure and remote SQL injection vulnerabilities.
ff2fdb37f3a57d1bc9e6f390f20bb5431ef94ee0a67a82fa9774e63a6077ed46cChatBox for vBulletin versions 3.6.8 and 3.7.x suffer from a remote SQL injection vulnerability.
721e37bfba2eca950514ff9e9b12e67f8dd087cddaea943f5d735600992a1700Whitepaper called A Penetration Testers Guide to Finger Print Authentication.
765d685444a69e09bb8e61d892694da54f50077d71ab630c5afd17ab4266c5c0Mega Menager versions 3.4.0.9 and below suffer from a DLL hijacking vulnerability.
8292e1db8dd4a8804eaca19dd072b289eeff35f4b0e0ef339ca2f2208dccb70dMandriva Linux Security Advisory 2011-039 - Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. The updated packages have been upgraded to the latest version to correct these issues.
9aa3acee10ae2e83e96128d82e5f1409071587392804e700307a97e3ba876551Quicktech suffers from a remote SQL injection vulnerability.
9b44b045d9444498ce3fc0e8dd9811147d7667c4c6505a205c92c3c7b69fbdaaDebian Linux Security Advisory 2176-1 - Several vulnerabilities have been discovered in the Common UNIX Printing System. A null pointer dereference in RSS job completion notifications could lead to denial of service. It was discovered that incorrect file descriptor handling could lead to denial of service. A cross-site request forgery vulnerability was discovered in the web interface. Incorrect memory management in the filter subsystem could lead to denial of service. Emmanuel Bouillon discovered a symlink vulnerability in handling of cache files. Various other issues were also addressed.
21901e6c776cf699416e364a1c536e8ae21ddbb297893d90aec7aef45ed8caffUbuntu Security Notice 1081-1 - The Linux 2.6 kernel had multiple vulnerabilities identified and addressed. It was discovered that KVM did not correctly initialize certain CPU registers. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. Various other issues were also addressed.
d8345350ee5fcccf7db501dc22e7fa3c03ec4d5ee8994a838c926a6f1424f8c6Ubuntu Security Notice 1080-1 - The Linux 2.6 kernel had multiple vulnerabilities identified and addressed. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. Vasiliy Kulikov discovered that the TIPC interface did not correctly initialize certain structures. Various other issues were also addressed.
c71487823755634861f489d8726738a989e9ca187336d6c2634366b8d23bd557Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference.
b495686d1ba68f7330ab2abc64ece39ce1963b370dea46da18238f51acfd8de5Secunia Security Advisory - Fedora has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
082676fc6c171d78fa7600c466ad0e66addc873dc6ef02eeea93434a1dcf1a2dSecunia Security Advisory - Debian has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, disclose sensitive information, and hijack another user's session and by malicious people to conduct cross-site scripting attacks.
c53dc345c8cf6427828070a4af4cf9ed8721cdb4731818199411eeea62babb37Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
443e6857a1db9b22042ee6d774fadb99f361dff304946c6b96e207bc322c46d6Secunia Security Advisory - A vulnerability has been reported in the Messaging module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
55dc0413a7c8afbbb745d97385fb8d5650294b97cc37fb83c64bfb739d97025c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed