Ubuntu Security Notice 520-1 - Gaetan Leurent discovered a vulnerability in the APOP protocol based on MD5 collisions. As fetchmail supports the APOP protocol, this vulnerability can be used by attackers to discover a portion of the APOP user's authentication credentials. Earl Chew discovered that fetchmail can be made to de-reference a NULL pointer when contacting SMTP servers. This vulnerability can be used by attackers who control the SMTP server to crash fetchmail and cause a denial of service.
08fdf822b219ed0f0abf8b3431b5a4c1910e9651393d36ef7b66b19ca7021083OrakelCrackert is a tool that can crack passwords which are stored using the latest SHA1 based password hashing algorithm. To speed up cracking, the tool exploits a weakness in the Oracle password storage strategy. Therefore, cracking - for most passwords - is still just as fast as it was before the introduction of Oracle 11g.
5293c61b9916b0a25af39e553ff393284d2acd51443e7e5e0dd7b3270a0955b4Secunia Security Advisory - K3ZZAP66345 has discovered two vulnerabilities in FrontAccounting, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
8817e159c2dedf33fa7367995968cdf693e8c71b40454ed14f6ddb9acefe3f51Secunia Security Advisory - Red Hat has issued an update for tomcat. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information or to conduct cross-site scripting attacks.
e1e607520371b27bd3a905bb402ee6f8bbdf482eb379a99ab1fc66cd086b45c0Secunia Security Advisory - A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information.
6526e3a4fb2fb638aa2f6f55fc53198350d77d349f17a5d512a64b6ac0410c18Secunia Security Advisory - Fedora has issued an update for bugzilla. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
05148f2762ebba2bf81711d610b845204840416046bdf97bfea2c06b6c1aaefeSecunia Security Advisory - Jesper Jurcenoks has reported some vulnerabilities in SimpGB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1eab444ef3e1bf6056b14272679d2878f482651a68b2e967b6d37bd02f170611Secunia Security Advisory - Jesper Jurcenoks has reported two vulnerabilities in SimpNews, which can be exploited by malicious people to conduct cross-site scripting attacks.
e2f6764f8eb9d9c664e05be0aa07c8963bbe1a292f8ad3fe8e17e16f9830bd57Ubuntu Security Notice 519-1 - Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information (such as passwords).
8eb3ffc0a271f7162f7d84997a46e1b0768044e5a04c16030d0c288789b788b0Mandriva Linux Security Advisory - PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
25a0c70c9813bfaedfc228bc8e7892c1430ac76c2a3b7232fe0568c80eac73f2Core Security Technologies Advisory - Remote command execution, HTML and JavaScript injection vulnerabilities in AOL's Instant Messaging software. Versions 6.1, 6.2, Pro, and Lite are affected.
a169752bda3d6b540fda18a859076936d25011576f4d4dcaa1301b5888256f66SimpNews version 2.41.03 suffers from a local file inclusion vulnerability.
66293223fd03c19a5fcd12f3842660cc0deeb3af05a93b299417b9837443317fSimpGB version 1.46.02 suffers from an information disclosure vulnerability.
2963f36b0a3ca99b6716c8153cf68812209159f572fe153b2c4456b7754d3411SimpGB version 1.46.02 suffers from path disclosure vulnerabilities.
c9981ca4a730f121d4211200f419eb49d93bcbecb992b49f9ae7d075667fd42dSimpNews version 2.41.03 suffers from path disclosure vulnerabilities.
3ee4df8a1f7ac08c8902567a0e2a16ae61b9b3db066ac1c66bea635c0c6fdb8eSimpGB version 1.46.02 suffers from a file content disclosure vulnerability.
83c9046b68cb13ec163f7f964b8f1a2785542fcabca86734c8bc12116dee289eSimpNews version 2.41.03 suffers from multiple cross site scripting vulnerabilities.
bdc3e1ffbb5738d7d0417abfcecc7fc283b45a096b34edb1d01013673acfba69SimpGB version 1.46.02 suffers from multiple cross site scripting vulnerabilities.
9de2bd44c0de616f25c85794968d049a90e806ff478bcb6a0fdc1368bda1b3b6iDefense Security Advisory 09.25.07 - Local exploitation of an information disclosure vulnerability within the ALSA driver included in the Linux Kernel allows attackers to obtain sensitive information from kernel memory. iDefense has confirmed the existence of this vulnerability in version 2.6.22.1 of the Linux Kernel as installed with Fedora CORE 7. It is suspected that other versions are also vulnerable.
949399f1ef56b7cf5b001af2d386dd168ad4fea165fb77e0c740cb6214ea3165The Dance Music module for PHP-Nuke suffers from a local file inclusion vulnerability.
fe60c16d7204f12bf28f738f153b515e2d3e566ff5ca01399e462acb4dfca775NukeSentinel version 2.5.11 suffers from a critical SQL injection vulnerability.
44f9832c67f2adf006365d71a92904ce6381770dbfd5e4ffc3a8ab4e4c95c9eeSSHatter is a remote brute force utility that attempts every password from a given list against a target.
690c0e0d317026df8d9c423cc3c6e552372dbbaaab16953a32d76b120fd720c5Motorola Timbuktu Pro version 8.6.3 arbitrary file deletion/creation exploit.
874412375d09b6cf6ef3a5277cbd467699ee63e7e2c5be8e6065abfef7c41322Simple PHP Blog version 0.5.0.1, 0.4.8, and all previous versions suffer from cross site scripting and arbitrary file upload vulnerabilities.
3027e00fe1c5d2f7de12da1db873e56561637229d6fbf0c6be6c6cc5383dd35cJSPWiki version 2.4.103 and 2.5.139 suffer from cross site scripting vulnerabilities.
830bba8e9a39e88c8c76e32e4b6ecaf452aa7f56f2e0051c18edb4cf2f3e2509
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed