The ZyXEL ZyWALL Quagga/Zebra appliance suffers from a remote root vulnerability due to a hardcoded password.
458f1490c1223e17e1b5f2b689e5271ec14b51082c8b67ff99f09cd73d837a17Ubuntu Security Notice 587-1 - It was discovered that krb5 did not correctly handle certain krb4 requests. An unauthenticated remote attacker could exploit this flaw by sending a specially crafted traffic, which could expose sensitive information, cause a crash, or execute arbitrary code. A flaw was discovered in the kadmind service's handling of file descriptors. An unauthenticated remote attacker could send specially crafted requests that would cause a crash, resulting in a denial of service. Only systems with configurations allowing large numbers of open file descriptors were vulnerable.
f581e0285978dd62620e1c1de9af49877199e38b031752dc37bb3caa92216ba6The Joomla com_intellect component suffers from a local file inclusion vulnerability.
536cb0f9025e4c3333a961427497902666d20393615ceb92647bf3152eb80a85phpBB version 2.0.23 suffers from a session hijacking vulnerability.
e99b39436d8aa90a6da2b75c0bac563df89d1839df032b78d292acf0477602f8Secunia Security Advisory - n3w7u has discovered a vulnerability in Easy-Clanpage, which can be exploited by malicious people to conduct SQL injection attacks.
b46b678df8fe69e0d29438506a26476f69786256be1c5eabd111fd2eb4bf044bSecunia Security Advisory - Will Dormann has reported a vulnerability in BusinessObjects, which can be exploited by malicious people to compromise a user's system.
6cd8bd09006cf3e7e8e35b9d5cd89f8fa2a1477d01f9802ecee99297839bf966Secunia Security Advisory - Yogesh Kulkarni has reported a vulnerability in ManageEngine SupportCenter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.
7b490f67c3757d36e5605ccf0543416ab7d9a9175c9dd5292ea92216bdfbdabbSecunia Security Advisory - SUSE has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
106223273d195431ccf833c9cb2fd128525179ccee5bc6b548bb356bb7fc439cSecunia Security Advisory - Dino A. Dai Zovi has reported a weakness in Asterisk, which can be exploited by malicious people to hijack a user session.
2d97846d3a1450c8286b274c563d73f11f729f77225c7a9bdee86830e611d0d6Secunia Security Advisory - Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
0765bb4a1637c6078bd6fd84984955d98b380bf70bfe6cc4d8e5aecdd6908936Mandriva Linux Security Advisory - Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip.
6241bf31366b86f9214c0b04b8389979ede508c055d9251b1a4119710eb80cccMandriva Linux Security Advisory - A number of vulnerabilities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update. These vulnerabilities are buffer overflows and cross site scripting flaws.
2f4d9c1c499d12bd735b9a54fb90639a6cd4fbc44aa5941702b3ee06c2c99113Gentoo Linux Security Advisory GLSA 200803-27 - Several vulnerabilities have been reported in MoinMoin Wiki Engine. Versions less than 1.6.1 are affected.
9453d7acf5c26cc64e7754aa0b33c5aae07f86205b95ff5c2a66d0c2d27d97aaiDefense Security Advisory 03.18.08 - Remote exploitation of a heap based buffer overflow vulnerability in CUPS, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.5. Previous versions may also be affected.
e4d46a9684678e8df75b6c25e33e27ad6c93aaad48aaa56e0bb3ec5a591a62b0Asterisk Project Security Advisory - The HTTP Manager ID used by Asterisk is predictable, allowing an attack the ability to hijack a manager session.
e90eed81de68cae4a78e30426eb398aa04085bb0a5aaa7b2d116817219f91abeAsterisk Project Security Advisory - A format string vulnerability exists in the Logger and Manager of Asterisk.
d3c4daeab6197a01a301019b8aa89ad828883465386ae04592c4c0d6a701e033Asterisk Project Security Advisory - Unauthenticated calls can be made via the SIP channel driver using an invalid From header. This acts similarly to the SIP configuration option 'allowguest=yes', in that calls with a specially crafted From header would be sent to the PBX in the context specified in the general section of sip.conf.
81843cf8445447d86cc4da5431fb5f1967c5dbd9adf9c537d45cdf64851f983bAsterisk Project Security Advisory - Two buffer overflows exist in the RTP payload handling code of Asterisk. Both overflows can be caused by an INVITE or any other SIP packet with SDP. The request may need to be authenticated depending on configuration of the Asterisk installation.
7af0f5f8834e1ec6cfc12a2131ca26a0a7c955b7d3cc5c93dab300406251ab4bKAPhotoservice remote SQL injection exploit that makes use of album.asp.
0643496d453fa9f22174d217201584f7c5b02522fccba291927674b10ce23d56The Joomla Acajoom component version 1.1.5 suffers from a remote SQL injection vulnerability.
d96210eb3181c9a8cf33d3ae1a1c0d6a2a0d7aeb72344146f7f19139eb4a83a7Core Security Technologies Advisory - MacOS X Server 10.5, also known as Leopard Server, features a Wiki Server, which is a multiuser web application written in Python. The Wiki Server is vulnerable to a path traversal attack, which can be exploited by non-privileged system users via a forged file upload to write arbitrary files on locations in the server filesystem, restricted only by privileges of the Wiki Server application.
c67ec7aad2757e9458328c5a8740092dd9f2f141c751d7cdcaf51eb246f95da2Debian Security Advisory 1524-1 - Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network.
2089da61308ecd2ec71dd5f2215b34867dcf996866146c13d6afde09cafa6931Classic backdoor bindshell that is password protected, hides activity, forks, and does all the expected functions of an evil backdoor.
344dd067c46597172bc90327ee89b098c5816e46349abe086be4e827d488c46cMIT krb5 Security Advisory 2008-002 - Two bugs in the RPC library server code, used in the kadmin server, causes an array overrun if too many file descriptors are opened. Memory corruption can result.
babea146a2709b824d53e705a51818ddc0eafaabe79184f098c7bcaae51bc824cPanel version 11.x suffers from a vulnerability that allows the viewing of directories and folders.
cfb253097b56d5128a8b680019c8adb03ff0983a2b104dbc3b26aef8f78255ec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed