Opening up more than 600 connections to Ezmeeting versions 3.4.0 causes the application to crash.
8d02261244cd0b5b551e2dd67611dc663d9b71ffd4e54f331ea6687ebd5f8f5fPHP-Nuke 7.4 has a cross site scripting flaw that allows an attacker administrative access.
86c460faff45056828d58aa969a49ccf5f3b3db094aa0e72ad5e081b85ebc211alph implements and analyzes historical and traditional ciphers and codes, such as polyalphabetic, substitutional, and mixed employing human-reconstructable algorithms. It provides a pipe filter interface in order to encrypt and decrypt block text to acheive transparency. The program is meant to be used in conjunction with external programs that transfer data, resulting in transparent encryption or decryption of information. The program can thus be used as a mail filter, IRC filter, IM filter, and so on.
d06038d9852279b8cd48005fde0191d6996aab1d65e6217949e9a60e95dbe2c8Distributed denial of service tool that spoofs SYNs to consume bandwidth of a host by flooding it with SYN-ACKs.
29f5d3d94b63c9625d7ec37ca99f7a180bcc06628f5ff22df203fb0db9c07a66Dynalink RTA 230 ADSL router has a hardcoded backdoor account with root privileges.
7888d29430f1cb91a785acb2c0d4d3ec7cda2bd7ae14e1f533411ae05ccc9153rfdslabs security advisory - QNX PPPoEd is susceptible to multiple local root vulnerabilities. QNX RTP 6.1 is affected.
9ede65eb6707ad4a2815b517a4730417e97987b4d3aa5d8a08f8199ad3e32c5bGentoo Linux Security Advisory GLSA 200409-04 - Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() and ntlm_get_string() which lack checking the int32_t offset o for negative values. A remote attacker could cause a denial of service situation by sending certain malformed NTLMSSP packets if NTLM authentication is enabled.
37ad8ea0eca8fc282782f4e7b3c6eec6fcad6254abf2c27267ceae3fb1035f74Gentoo Linux Security Advisory GLSA 200409-03 - Python 2.2 has a vulnerability in DNS handling when IPV6 is disabled and a malformed IPV6 address is encountered by getaddrinfo().
177f5ccf92bb608f2771880bea78dd429a1ffbd96bb3cd080b2a47990c72e425Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
9d11da76c90c98b94dd8d9ada6f25a18187ccce988ea84f6db9c1f16564bec4aThis patch integrates SecurID authentication services directly into the OpenSSH daemon, allowing users to use SecurID tokens directly as their passwords instead of relying on the clunky sdshell.
64c5d7cba4847825fb19528f11732d34ef91d5ce3ec90e46d6659bef929724e3A non-critical cross site scripting bug has been discovered in CuteNews version 1.3.6 and below.
0fe245dc2c17699367420e2d3fe240f00b7384f77b4369a372b5f0eaef38f8fdNGSSoftware Insight Security Research Advisory - Two vulnerabilities in DB2 Universal Database versions 7.x through 8.x allow for arbitrary code execution.
026475af011ebb1056e82cd129f77484649512a9b16f74f9e66e30b18c739da5Kerio Personal Firewall's Application Launch Protection can be disabled by Direct Service Table Restoration. Tested against Kerio Personal Firewall 4.0.16 on Win2K SP4, WinXP SP1, SP2.
67d4011d11c36f885399b20a133ddbac999ca016d4951bde14a9c135a00a1d66AntiExploit is an exploit scanner to detect local intruders. It scans for over 3900 suspicious files, has daily database updates, and will act if a file is accessed. It uses the dazuko kernel module, which is also used by clamAV, Amavis, and other virus scanners.
f8dadb3e5ed88eeefb3eb6ea3da3ad17516a8c985d7443680ab4b3199549a4eeelf is a command-line tool that allows a user, be it a script or a human, to analyze the contents of an ELF object file header. This header contains various integral values such as the virtual entry point of the object file, the machine architecture it was compiled for and more.
ba504141b5e785fc1d7f12e8239b05346b36be25671c0ad626f1baa248ad8791AppSecInc Advisory - Multiple buffer overflow and denial of service (DoS) vulnerabilities exist in the Oracle Database Server which allow database users to take complete control over the database and optionally cause denial of service. Forty-four buffer overflows have been found. Exploitation of these vulnerabilities will allow an attacker to completely compromise the OS and the database if Oracle is running on Windows platform, because Oracle must run under the local System account or under an administrative account. If Oracle is running on *nix then only the database would be compromised because Oracle runs mostly under oracle user which has restricted permissions.
36977a3722720f6c3f2f1e3bbe50f6af68d1a8103afc604a75caff18382bb344Proof of concept PHP exploit that makes use of a SQL injection vulnerability in TorrentTrader version 1.0 RC2.
9dce80108f836bd4eddb0de491a4df30d5452b7e1a68e5c6138b0452f93c7280Red Hat Security Advisory RHSA-2004:349 - An input filter bug in mod_ssl was discovered in Apache httpd version 2.0.50 and earlier. A remote attacker could force an SSL connection to be aborted in a particular state and cause an Apache child process to enter an infinite loop, consuming CPU resources.
6917e68ba90990e3fcc7205b3c3a733d478842bb4c63def4c1ea559e59e38dc3MailWorks Pro has a rather trivial session check that is easily bypassed within a cookie. The exploit allows an attacker to have full control over the administration section, without the need to authenticate and allowing the attacker to spoof the admin user functions.
64f806d87188174506bf5d339c345a68c771bfbe066bd831ff2d52d093ddbc90SUSE Security Announcement - Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6.
789006c85c3d0b558196befb1cb11b55ef004ed849e708cd56ae54aa0b068116Technical Cyber Security Alert TA04-245A - Several vulnerabilities exist in the Oracle Database Server, Application Server, and Enterprise Manager software. The most serious vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Oracle's Collaboration Suite and E-Business Suite 11i contain the vulnerable software and are affected as well.
4cffbe1c57be5e1a63021320a804ca7f79b244d28a5a9f221df2058eacd0823aGentoo Linux Security Advisory GLSA 200409-02 - The mysqlhotcopy utility can create temporary files with predictable paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data.
9a683d82de2f02dc8564ac30afb2552a474a979be6c726a25438fb1198a14eb4Gentoo Linux Security Advisory GLSA 200409-01 - vpopmail contains several bugs making it vulnerable to several SQL injection exploits as well as one buffer overflow and one format string exploit when using Sybase. This could lead to the execution of arbitrary code.
e79e1034bc682205aa18419ab903f7dd39023aec67d8d131fccf49f2e8abc6e9Secunia Security Advisory - A vulnerability in Cerbere Proxy Server 1.x can be exploited to cause a denial of service.
c8cfdb3946c0234b595ba012f54404a02b1a0a52e7a62cf981f985dfa67f6dffpLog version 0.3.2 is susceptible to cross site scripting attacks in the register.php script.
5c082a2eaf11815b1b99b9760c6946d0863d78c0e25bf6e67ac3bd581767e018
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed