ProtoVer LDAP testsuite v1.5 uncovered a critical Denial of Service vulnerability in the LDAP component of CommuniGate Pro Server 5.0.7
72f0dc93924f0caf6e6caff4898b2315178b8cc674f4b9b2f52392827b82bd6dIP-Array is a Linux iptables Firewall script written in bash. It allows the creation of precise, stateful rules, while remaining easy to configure. IP-Array supports VPN, Traffic Shaping (creation of custom HTB and SFQ qdiscs, Classes, and Filters), multiple external interfaces, multiple LANs, multiple DMZs, NAT, logging, MAC address matching, packet marking, syslog logging, and various sysctl settings. It also includes some presets and autoconfig options for common needs like DNS, FTP, SMTP.
713db688d253bbda6a417237fc45c7c6f5bbe5b81580d434b62acf7a3a7bb7f6MyTopix 1.2.3 suffers from Sql Injection and Path Disclosure vulnerabilities.
a772ea59a55e150094b7dbca68e1c734f350f51502373aafa128eb66bd55218fkpatch.sh is a shell script illustrating runtime kernel memory patching. For demonstration purposes it shows how to break the kguard module. kpatch does not create any files on the system it runs on. So it is even possible to patch the kernel memory without creating any file on the target machine. It only requires basic shell utilities to work.
77e4718157cc4f9e826de98706d17c057cab2c807f183a07e878800815c4d68eGentoo Linux Security Advisory GLSA 200602-01 - The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap overflow in the avcodec_default_get_buffer() function discovered by Simon Kilvington (see GLSA 200601-06). Versions less than 0.8.7-r1 are affected.
ae25d31c3a5d56b0fa80c5b9c3e559cddf1df0ec8c50f170ef7360c61244c298Clever Copy versions less than or equal to 3.0 SQL injection / Admin authentication details disclosure exploit.
d413d4a8a54470e841b15a36cc2538ed1dd29001cabb8677a674a9369dd69f3dPluggedOut Blog Version: 1.9.9c suffers from SQL injection and XSS.
25937ae86e7d7e80c538b620b736df77860827f1e3cbf06832246e21b9c62edfLoudBlog 0.4 remote command execution exploit.
8b9696ab7c6cf18c7bd2e258fb70e51b747391c401acb57855f39af36c20e1c6On December 1st, while conducting a penetration test of a TAM enabled web application, VSR identified a vulnerability in Tivoli Web Server Plug-in which is a component of Tivoli Access Manager (TAM). This flaw allows an authenticated attacker to retrieve files (which reside outside of the web root) from the web server on which the plug-in resides. It is possible to retrieve any file or list any directory which is readable by the web server software.
5bf9173ab65ad5f6967a1793231be47d55d6c5c7741502aba8dea192175331c5MyQuiz 1.01 suffers from a command execution vulnerability.
b8b3bbbaddb35c7de88c7574cf2ea963168eb1b0a333dd49e1994366cc783e42QBrute 1.2 - QBrute is a MD5 Calculator and Brute Force engine written in Perl.
172f51dd6f1ded0430f66e74d26e395b6601ca827dd1f6db8e3eb00efaafb99fThe Outblaze Email system suffers from XSS.
66ecb829477fcb7e729ee1311825593466307afe12e8425b74c11da9e5ef239fphpBB 2.0.19 suffers from several Cross Site Request Forgeries and XSS vulnerabilities. Detailed exploitation provided.
36244d0f29ea85a82eb2aee292986ca0e89de4e9442204575d28b918fa6e808aIf IronMail-5.0.1 is configured with "Denial of Service Protection" enabled, then a remote user can generate a TCP SYN flood, sending malformed packets via multiple connections to cause the server to become busy resulting in DOS.
120c146955918d7fdcd88bc8f6b3764dbffad44a4160ac82040a3a38c7940369mwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment like Linux. The mwcollect daemon mwcollectd opens ports that are known to be commonly exploited by Malware and simulates certain known vulnerabilities on them.
49e91fe8561176558e0859842c936b17143ccab750e3e30c8e2b3d391cb394b3There were multiple vulnerabilities with orbicule.com revealing sensitive data and being vulnerable to SQL injection. These issues have probably been fixed.
65e7aae241109bdacc0c50729501cfa3bd2b86dc20510e33b8a0ae7e9c93194eMost of user defined data in Vanilla Guestbook 1.0 beta is not properly sanitized leading to SQL injection and XSS problems.
ebf5dc4cb7f66a07b2521bb9346842c98d6c31ae3008ab83e9c667c6af871f6aDebian Security Advisory DSA 964-1 - A problem has been discovered in gnocatan, the computer version of the settlers of Catan boardgame, that can lead the server an other clients to exit via an assert, and hence does not permit the execution of arbitrary code. The game has been renamed into Pioneers after the release of Debian sarge.
3b0ddf8026634dc26a2a4007645002cfeac2ada95ee27aae0bb23aa18c9c003b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed