TrueCrypt is on-the-fly disk encryption software that can create a virtual encrypted disk within a file and mount it as a real disk. It can also encrypt an entire hard disk partition, or a storage device such as USB memory stick. It supports plausible deniability.
7d7bd8858a4eccdb2602f189106d16d6315dc069285c547adbba3b1ba4bb3a5cATutor versions less than or equal to 1.5.1pl2 SQL Injection and Remote commands execution exploit.
e2a2e37dcb0eaeb0884b07d1a427904fe82c1ec628e6e89d964624ea93406cd7Ubuntu Security Notice USN-215-1 - Thomas Wolff and Miloslav Trmac discovered a race condition in the fetchmailconf program. The output configuration file was initially created with insecure permissions, and secure permissions were applied after writing the configuration into the file. During this time, the file was world readable on a standard system (unless the user manually tightened his umask setting), which could expose email passwords to local users.
6623623dafd34401f8c96868a18ded75da8c838542b53142fe1c1ed8ae52e8feHerodot is a tool that parses the timeline of filesystem activity created by mactime and adds human readable descriptions to it. It also understands that later changes of some mac tags hide earlier changes.
e855f365e9aae9d99d0e69d5a3b263fa17380a16ce8c0182a68fdd6d4a323a9bPHPlist Version 2.10.1 and prior contain multiple Cross Site Scripting and SQL Injection vulnerabilities. Furthermore it is possible to access and read arbitrary system files through a vulnerability in PHPlist. Detailed exploitation provided.
429d5e2ed3062111670608399cbfe4c23936e0a7acc764e78fbed068284c5240Suresec Security Advisory - #00008 - The Mac OS X kernel has several information leaks.
6e5fe88ae96f0ebafc98b33ec5d5cc1032b4f8bc92afe972b5f8d717263c56beZone Alarm products with Advance Program Control or OS Firewall Technology enabled, detects and blocks almost all APIs which are commonly used by malicious programs to send data via http by piggybacking over other trusted programs. However, it is still possible for a malicious programs to make outbound connections to the evil site by piggybacking over trusted Internet browser using "HTML Modal Dialog" in conjunction with simple JavaScript. POC code provided.
6a46a2572af3dd1abd885d847dcf1d1d546bfc278f44b84cfbce2a5e7a3651ebUbuntu Security Notice USN-214-1 - Chris Evans discovered several buffer overflows in the libungif library. By tricking an user (or automated system) into processing a specially crafted GIF image, this could be exploited to execute arbitrary code with the privileges of the application using libungif.
ccbe3257524d3fdb082a6e5a23209acfa63fb1f6a865fc10270711e1b6b6c566Astalavista Security Newsletter - Issue 22 - Featured articles include - Things to consider when developing your early-stage security policy ; and Antivirus software - so what?! as well as an interview with Daniel Brandt, Google-Watch.org.
a7278b95685fd44c892a083a6c300a4c6170bdbab6fb8d585444a5fe69bb8287Astalavista Security Newsletter - Issue 21 - Featured articles include - What else should I worry about besides the encryption length of our VPN solution? ; and Tips for enhancing your online privacy as well as an interview with Johannes B. Ullrich, CTO of the Sans Internet Storm Center, and the main developer behind the Dshield.org project
8ba66c707aa903e96ddabd065c7d527d2729e1ed43e05700bab667e21d239abaDebian Security Advisory DSA 888-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.
21ed7aa055178d83db9c356c04e65b32efc4ee0f419150cc9d5019df90af7facDebian Security Advisory DSA 887-1 - Several vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning
19fe0bf5d21318b46fff2d6f1fe1ca7101310761f48077823f9f7d4dcd06f302Debian Security Advisory DSA 886-1 - Several vulnerabilities have been discovered in chmlib, a library for dealing with CHM format files.
cbf277d42ce4c03b6b50abb1868f45943ca6d3f2d2bef4a0a612bd0db6b72f43Debian Security Advisory DSA 885-1 - Several vulnerabilities have been discovered in OpenVPN, a free virtual private network daemon.
b562c478a5b671e0a40c58b8e56753c165b071cdaf6b97f869089538d5720895Debian Security Advisory DSA 809 - Kosa Attila discovered that the security update DSA 809-2 contained a regression in the packages for the old stable distribution (woody).
380746252630ea5abe71f6420c44ac59e18cb0bae062d9b32df114112f9217e2The OSTE toplist script v1.0 is vulnerable to remote code execution.
7c98c5711a922879c1be02daa2cdaf33d7adfb1dc923a86f065747dbfbbfa609Guestbook v2.2 is vulnerable to a classic SQL admin bypass vulnerability.
834d6fd178742f363d14a0ce587fa6b9fdbeb3016c3bfafa4ee1f15cde133da3Secunia Security Advisory - Some vulnerabilities have been reported in phplist, which can be exploited by malicious users to conduct SQL injection attacks and disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and disclose sensitive information.
ed12d871433128df94cbf718f13911eee1b1182b044a4ad5ffb608f4663a7f92Secunia Security Advisory - Christopher Kunz has reported some vulnerabilities in PHPKIT, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks, disclose sensitive information, and compromise a vulnerable system.
ba281bd942e163b397f7599fe4724a303cbeb3eeb0f56beaa03f819b69bfa95bSecunia Security Advisory - khc has reported a vulnerability in OSTE, which can be exploited by malicious people to compromise a vulnerable system.
b22e7ffd492781753dd3ae20b97da114c38688209d590428e0609c32b8f1130bSEC-CONSULT Security Advisory 20051107-1 - SEC Consult has found that parameters to ActionDefineFunction (ACTIONRECORD 0x9b) in the Macromedia Flash Plugin are not properly sanitized. Loading a specially crafted SWF leads to an improper memory access condition which can be used to crash flash player or may be exploited as a vector for code execution. This issue is similar to CVE-2005-2628 (as reported by eEye Digital Security on November 4, 2005) but affects a different function. Versions affected: flash.ocx 7.0.19.0 and earlier, libflashplayer.so before 7.0.25.0.
8e6fb046a48b15f155e81ed751344b5482c9f52a4be9ea7157fd0da5cedddaa6SEC-CONSULT Security Advisory 20051107-0 - toendaCMS allows for theft of CMS usernames and passwords (XML database mode), session theft (XML database mode), directory traversal attacks (XML database mode), and arbitrary file uploads. Versions below 0.6.2 are affected.
144222686022b8b1399ddb13787fcc507b4e08544d5c7ae39a117d7c50b31914Debian Security Advisory DSA 884-1 - Mike O'Connor discovered that the default installation of Horde3 on Debian includes an administrator account without a password. Already configured installations will not be altered by this update.
b558ad5e29c5e29d0339a30dd6291d69998653a4d07b93466d54d060c4e5c7ddFileZilla Server Terminal version 0.9.4d appears to suffer from a buffer overflow vulnerability when being passed 900-3000 characters to the USER directive.
334bebb9956a106eb2cd459c8d4304a22a36821a0e716ac35a08441077fc83c3names.co.uk, an English registrar and web hosting company, has an cross site scripting vulnerability allowing injection of arbitrary Javascript.
6cd18e600b100ec54795e80d0e317b9b89700aa71f5874e4be0cf2489246d22b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed