Packet Storm new exploits for June, 2006.
ef986d31111ecd89b355da1eebe9b88999a1cff75cf296157040977217cc3794Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
26104bca0780ed8eb99f5a08259bf09d55a374572ba1af28e661cae64da5fb84ttyrpld is a kernel-based TTY shell, screen, and key logger for Linux, FreeBSD/PCBSD, and OpenBSD. It has a real-time log analyzer. It supports any TTY type (vc (console), BSD/Unix98 pty (xterm/SSH), serial, ISDN, USB, etc.).
6bd1149148ead2a60e8e4240f0e21a2b37902de7897f914e1c6150d44ba17e3fTinyCA is a simple GUI written in Perl-Gtk to manage a small certification authority. It works as a frontend to OpenSSL. TinyCA lets you manage x509 certificates. It is possible to export data in PEM or DER format for use with servers, as PKCS#12 for use with clients, or as S/MIME certificates for use with email programs. It is also possible to import your own PKCS#10 requests and generate certificates from them. It also lets you create and manage SubCAs for more complex setups. The most important certificate extensions can be configured with the graphical frontend. English and German translations are included.
ab6af750b0f9bed8beda103cdfb25bebf841c504cb77c40d5f66548a4eb58a3fNmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Full changelog available here.
9fe98d5d8c8867c44a307c21277043b2f93d50f1d753e0d23133507a6d1599a7Nuhe is a rule based log monitoring system which is capable of taking action when rules are matched against log activity. By default, Nuhe runs in the background (as a daemon), but it can also be used in the foreground in a log analyzer mode.
edcc580b161a01f1914a0fc8937717390707daa6ea9844b2b3de2730cfc16ceeSturGeoN Upload version 1 remote command execution exploit.
0c230bcfa7a02cd96b039e4c1222ce46590e4a5fd4064dbe1ae21768cf7abebdDiesel Joke Site is susceptible to SQL injection attacks.
5cc1340b9849376f32eec0a440b8ca4f06ac18ca579f05df6c929043c82ab637SmS is susceptible to a SQL injection flaw.
1a15a6cde51433c9df9b0252ca2f4b100c92b2fae9b0fcb0b6b1cea78e0d7264Internet Crna Gora is susceptible to a SQL injection flaw.
d12f2e8aac4a4120ea4140d4dbe62de26f69c68e9a14559d7c6c124eeafbd574Opera 9 denial of service exploit that makes use of an iframe tag combined with javascript.
3a72851408478693c2eb244116cf8756c354328e97d661538d17a699a0fc0362Randshop versions 1.1.1 and below are susceptible to a remote file inclusion vulnerability.
13fe55d24d7aea5b1f7040c9422f39a0f8ed7e51784bd0b41b118e0f38ed181ephpMyAdmin version 2.8.1 is susceptible to a cross site scripting vulnerability.
440fe7901b4d78c5456f7f2ed67eddf86e2894bac4491200852b12c63b44d4cdmAds version 1.0 is susceptible to a cross site scripting attack.
fc36227ee12cb3147237e4c8cb08537035307d7ab7d06158b192b2cc3a8b9e7dBuddy Zone version 1.0.1 suffers from a multitude of cross site scripting flaws.
8ec209529f92d5dc49d00f7252757c9264294887c656dd817d26b0fb77012679EXPL-A-2006-004 exploitlabs.com Advisory 049 - phpFormGenerator forces insecure usage of permissions for the application to work.
7409cc0d2a8c442311df468f57b9b2f314bdcfcc3caa612cba3fa534895c9ee8HP Security Bulletin - A potential security vulnerability has been identified with HP-UX mkdir(1). The vulnerability could be exploited by a local user to gain unauthorized access.
57e9c4b390b967fa083ef946b86858693eae423f55868f2ae8d46ec2ee333746This is an article discussing some dangers of Myspace bulletins. It includes proof of concept code that can be used to download hundreds of thousands of bulletins that most users assume to be only accessible by friends.
95a60ae09887fead4b742c1cd15fd4683edcbd124708fcb44cf1bd8bf88d4f41All versions under the 4.2 release of Hobbit prior to 2006-Jun-30 suffer from a flaw where the logfetch utility can be used to read any file on the filesystem.
337360288f55afa7c676f60c1cb2467173030b6f20a3ccbf046e251a50a5a76fMy Smiles is susceptible to SQL injection attacks in browse.php.
1f648174d723882e2804b9e4516029d5353cd6d9f53f5e4e5843792f66481715Module's Name 'Classifieds' remote SQL injection exploit.
fe654a4096b3d5c27457cfb8548e9ce90cef7ddc7cac306c68ab17af26a4297eCDJ version NITKID 2.0 is susceptible to a SQL injection vulnerability.
854076fcf47e3c1475043c150f50c85fa7e0cc0b4caa782e31701a4803dc17a4MyNewsGroups version 0.6 is susceptible to SQL injection attacks in tree.php.
90f8e2310bd5e23ba3067c62f1cef68d368e7d5199416156cbe7ab25be724325FreeHost software is susceptible to SQL injection attacks in misc.php and news.php.
72a40e124a0fcc2f1ce08eebf0fb905e4261f1d682699d1dee00eeb268c18df8Apple iTunes suffers from an integer overflow vulnerability when performing AAC file parsing.
939b55f9122be19112fc571d7e4c12deeb6e8017369be0fdeeeb87957b641efa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed