Ubuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.
3fb2cb00293b9433bb7a314ad1133ece46c6ffedfee76a4d5aa89f878f586f2aMandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.
c32d185de2531fd55fb4bb35f45a43423744d5fefac8aee1b0ed53a5b35d92e6Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
4270f8e9ae4654fadf832c0bd519c5b09117a7ca233ee391480dd1eaf3de91aaphpPgAdmin version 4.1.1 suffers from a cross site scripting vulnerability.
334636e8778c537c3d118de55e527517fd58cbc68e558f0146f81176e313ef1eUbuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.
ca0598a357569fce6ff669d7a3d77867c42650072d28dcc5457252e477124a60GMTT Music Distro version 1.2 suffers from a cross site scripting vulnerability.
1a0899d47b570e020d1cb2e46605734664563b5be76559eac2a7d188516cc3fcHP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.
27057cb2fd99d8068558967fbe04a29bf3a5da8e7670c9421cc5131fc4465279The SRI (Romanian Secret Service) web site suffers from a cross site scripting vulnerability.
e06346ba4ed87594a59beb8b723f5609c1fc58ce693c886b0ebcfddcfea8348fClonusWiki version 0.5 suffers from a cross site scripting vulnerability.
289d9544c7f43f9c4c6fa455f0685062750af0d98e316537030a2a0c7b60ad38Seccheck is a feature rich, modular, host-level security checker for Solaris 10. Easily expandable with customised modules, Seccheck produces highly detailed reports based around known and published security best-practices and guidelines. It also produces recommendations on how to fix flagged security issues.
9d9784d9c3be953f976d0f5821ed15d163b127f5a474f9fcc3200fe1df98c103FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
2c6e709073a7cdb9c73863b3f5bdc77d7cf526162cb4ffd1a1e89e56a7b4fb49Cisco Security Advisory - Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
a0746637f5138fab1d05f36d2739eaa287d102dd2b3c9adec47d675395dde8d1Cisco Security Advisory - A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
6e95cac97dd31c0672d924b0560b7cefdfee1c459633660ce49287159ace5b7fMicrosoft IIS5 suffers from NTLM and basic authentication bypass vulnerabilities.
62deb75d4279d8e14703bd0f0c22f77345ca3d79b23d558d052acdb9ec13c878SniffJoke implements sniffer/IDS evasion techniques. SniffJoke runs on a network connected box by selectively applying evasion techniques to sessions involving it. Evasion application is governed by user rules and implemented with a netfilter/ulogd module.
fa26b5c1f7404da6b5ac31e14a7fe20607c48b583e5075bb8539ff76fdf04493BoastMachine version 3.0 Platinum suffers from a session hacking vulnerability.
b9939faf019e51e377ba9bd0a15a4a5d3e290a41e5be8ae123e3b113ca794505Jetbox CMS is susceptible to a cross site scripting vulnerability.
6ac317ad7caee78d4ad3a8792a585c3248aa1aa76ceadc5f4d61776064d276eaKSign KSignSWAT versions 2.0.3.3 and below ActiveX control remote buffer overflow exploit.
0ee06f032736271c342e2c2a674df363a34ac8993d352428245e5eff1373bd54BtiTracker versions 1.4.1 and below remote SQL injection exploit.
25d51ef96105b0b9824aabaef062ce8ee191cb87ffc869d45031c70c82767175LeadTools ISIS Control ltisi4E.ocx version 14.5.0.44 remote denial of service exploit.
398581861fbeff645070f4e5e70df84705cc34d9eabfa876d19b8c4a80cfc0e3CubeCart version 3.0.16 suffers from a SQL injection vulnerability.
b67323882e8c104f606a9d286fda07f3a0630e85ae7c8a3881213f91648023f5Debian Security Advisory 1281-2 - On 25 April, the Debian Security Team released clamav 0.90.1-3etch1, an update to the Clam anti-virus toolkit, to address several vulnerabilities. Unfortunately, there was an error in the updated packages and CVE-2007-2029, a file descriptor leak in the PDF document handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing distribution (lenny).
9393c77b1dcc3fe237206a87cf6b51dda9f2e8d6082900ff12269b91061ea3e4NOD32 Antivirus is susceptible to two stack overflows. Version 2.7 is affected.
dbb0aeff340395bc32d18c9354742594778d84825a8fabe58ba2fe7a979a814aABC Excel Parser Pro version 4.0 suffers from a remote file inclusion vulnerability.
5d04cb3372e62e1de166becffa3be149bb55a3cbe0e812a7bb4009a56f03c0adSAXON, or Simple Accessible XHTML Online News version 4.6 suffers from a remote file inclusion vulnerability.
e62d2baf60cef60affec670faeff47d10eb5e00cd57c4143d06b0d1c344e112b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed