Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
5fa5d35bb27aaf66ef397fe7c4c0b772aedd2960f8556b737f52fc21fc7e73dbA nice walk through discussing step by step how to brute force ssh logins using the recent Debian OpenSSL random number generator vulnerability.
d5e101b6e51d5c9da76662efdfedf465531d29f30a270099917a27ea930ffd24Call For Papers for EC2ND. The fourth annual EC2ND conference will take place on December 11th and 12th 2008 in the Faculty of Engineering and Computing at Dublin City University.
92891128b4a94892dbe88d1e407c7847469df6ec9edfdbaa3a5e8bc889928d09SQL Injector version 1.0 is a fuzzing utility written in Python.
540c59b543ffe0c33b344577bedcbe77ec179eb7b6441061ffb9c703c0bede59Cross site scripting fuzzing utility written in Python.
d6635e858fcf89ce62f89cf87e20a31f8c853800d25e2d5039fa428808132e90Microsoft Internet Explorer is prone to a cross-zone scripting vulnerability in its Print Table of Links feature.
ab3b393d7e4b97e90d8aa5846710e4ffa6f5a62715e2e70336e0b5c2da459d67The IDAutomation Bar Code ActiveX controller suffers from multiple vulnerabilities.
3e27399d30c89c54ea042cb6281bd2e1b44ed17ddb5ab415501a3c2ed001fab0The Microsoft Malware Protection Engine is susceptible to two denial of service vulnerabilities.
470195fff2629e9ffcacfa65a5d39dfc77abca29a4a5d14aef9889df5fcc0c1dDebian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system.
87952a1579c9134c0531f1ef3ee4f8b8489a66de0bb398e54181cd1f5842fec8Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.
5c110ac623d7c7d1b7fe0bd5c06529c3990e1bbe81f0d1236cca7116030765bcGentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.
82c6a43132ca6c9ca557f4f425c4fd77217a2daa4bbf5b388fdaff52633460b9Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected.
64a2b595747ce408c146d00554729756a998466cc25ba15b79165d5de6074019Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
7e63bbffb37c33ccf090346f058368147f3c37390c6dfde931c397adaa21bff0Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
af17f8852f565befbd145d3612df917d7a2e55e49a8e8e765156d700e9d7e1e5Ubuntu Security Notice 612-4 - USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
4bb586ac471bbf5afdd3db8aca2a10418f0d0bee2f43094e75cb546a03f8f2f6Rgboard versions 3.0.12 and below suffer from remote file inclusion and cross site scripting vulnerabilities.
6923197f6c8202217cda38b84c15b0d80939555ed4f4f5aa647f6392cedfabadHorde and Turbo Contact Manager suffers from multiple cross site scripting vulnerabilities.
78f011ceac0502412b96770071ff0ac2a795f651e6bbb6460f7e7230c4d41cfaFeedback and Rating Script version 1.0 suffers from a SQL injection vulnerability in detail.php.
302e71d9d392c63ee6cfbd222067980dcc1a55b491f5243e1f5f23da3a87e338Freelance Auction Script version 1.0 suffers from a SQL injection vulnerability in browseproject.php.
ef3eec1d95dd3f82637e4982dab05ee44f41fbda22e356847f8f7b2ed1478609Internet Photoshow Special Edition suffers from an insecure cooking handling vulnerability that allows for arbitrary administrative access.
2de0791d21a2abb235270bfd9eee8e2580c7816594cab4b507bc2746b409986aActiveKB versions 1.5 and below suffer from an insecure cooking handling vulnerability that allows for arbitrary administrative access.
1284ced2285c7080c2d3dddb6402742aa194b87daf445adc23fbf30712dde2d6AS-GasTracker version 1.0.0 suffers from an insecure cookie handling vulnerability.
7f004804598fc697d19d0a11409034d1a0bf93391941a45edc02dbf67a52ce47La-Nai CMS versions 1.2.16 and below arbitrary file upload exploit.
af05e3147a57375493b011577e65a815ef336d052c068ed6db7c0b8de19a5963Whitepaper regarding cross site request forgery attacks. Written in Spanish.
119f58f1340993ec03619137b388528f8d76bf5b4c788ff6000735d1d7345f8aA memory corruption vulnerability exists in Microsoft Office Publisher when it is parsing a PUB file. An attacker who successfully exploits this vulnerability can execute arbitrary code on the affected system.
1dea31de8469b51947a7547a1b68e247e6bf90f70e87403dcaf46d41bdcac46a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed