PHP Nuke versions 7.8 and below suffer from a cross site scripting flaw.
828acd8935cfb72547ca9aef20a5e780e000dee260f0baef2dadc77450c4b6a8Versions 1.5.3 and below of phpMyFAQ contain multiple persistent cross site scripting vulnerabilities. Exploitation details provided.
1604f67bacec514f508f5c7fc8b04b4dd59120438f0d160be0c7d0947450916dExponentCMS versions 0.96.3 and higher suffer from multiple vulnerabilities including cross site scripting and SQL injection flaws.
0e37e6100c4a811fd37043b68ef1990fb601a7fe98d28e1341cfc5d8a760dff6Nestea is a CGI scanner that also looks for forbidden files and directories. It has a database of 2097 vulnerabilities and it takes about 10 minutes to completely scan a host.
31d2e5e999b8d14ec9b41bc04ef6dac0e71c197140533675f52c78fa7af03003Debian Security Advisory DSA 901-1 - Several vulnerabilities have been discovered in gnump3d, a streaming server for MP3 and OGG files.
bd001cf0cb4b7ef99eba4cc2bd428870e06524d98ea6b675e9a4d46321444ebbAlmond Classifieds has a validation flaw that allows remote attacks to edit classifieds of other users.
c2ea57c499f9b5d4f1dfc11fed136b3d188aacf69abec3c897afadb9253456baExoPHPDesk version 1.2 is susceptible to remote code execution attacks. Exploitation details provided.
0fe620751940edd520eb7465d4674eb9fc92ce0c1f7953ab546c197a9ae44898DigSig kernel load module checks the signature of a binary before running it. It inserts digital signatures inside the ELF binary and verifies this signature before loading the binary. It is based on the Linux Security Module hooks (standard in main stream Linux kernel 2.5.66 and higher). Therefore, it improves the security of the system by avoiding a wide range of malicious binaries like viruses, worms, Trojan programs, and backdoors from running on the system.
71a9882698f37ed54e72a04fb21ecad41b68f381a335ddc601301d49c752b135ZDI-05-003: Novell Netmail IMAPD suffers from buffer overflows. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. Authentication is required to exploit this vulnerability. Affected Products: Novell Netmail 3.5.2.
a6c8579fcaac421e0684e535024d5416f00bfb87093bdcb05e5735e03d9dc6c9setreuid shellcode for Sparc.
42591800e90683eb955c1c9063bf0c81608a3300cbb47bf07e83c59b0d6c3e75Portbinding shellcode for Sparc.
82f4f156896f731a0acc2503673d75aa915445af4d59607f8244d69eb87717a9A Mambo 0-day exploit is rumored to be circulating in the wild.
cddd67bbfed322c41fef067924a91b2f6ce69a0d53da19518439872f487591d5"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privileges on the network and suggests a change in security policy to mitigate the risk. As a side note, this affects all network servers that offer OS based authentication - not just database servers.
ddf0367b0ae123b501921160d18f52c089a3c85c8d21251937bf98c7eee6c567Gentoo Linux Security Advisory GLSA 200511-15 - A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as Smb4k does not check for the existence of these files before writing to them. Versions less than 0.6.4 are affected.
641275e390b4dd2721852271e0bd97168fb9641590f315376eaf4e1a2e253cabe-Quick Cart is susceptible to multiple cross site scripting and SQL injection flaws. Exploitation details provided.
c0917d9be89c6bc5d4582e3cd2501515dc90fef1c4bbd7dc0cd3d650bec70897PHP-Fusion versions 6.00.206 and below suffer from SQL injection attacks.
5c759a854ef640ac086d20a4e6915f62b1f78fc833f667effd143990303e0ff0Secunia Research has discovered some vulnerabilities in Mail Enable Professional/Enterprise, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system. Affected Software: MailEnable Professional version 1.6 with Hotfix MEIMAPS-UPD0511010000.zip applied. MailEnable Enterprise version 1.1 with Hotfix MEIMAPS-UPD0511010000.zip applied. Prior versions may also be affected.
a41e13f40a8136993edd20a8f6b3d9a6e59403bff26a194c137c66898da4cf47Secunia Research has discovered some vulnerabilities in Winmail Server, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks, and overwrite arbitrary files. Affected Software: Winmail Server 4.2 (build 0824). Other versions may also be affected.
483903aafaf97c68ef194aea91ed9e74286d55d7bb3ddf39ea0d000823b9aeb5Incident.pl is a small script which, when given syslogs generated by snort or other tools, can generate an incident report for events that appear to be attempted security attacks, gather information on the remote host, and report the attack to the appropriate administrators.
144abbc7055b4f059404ac3e9a380f83138ffb714ba24dec2e674c9adf980287RFC (Remote Filesystem Checker) is a set of scripts that aims to help system administrators run a filesystem checker (like tripwire, aide, etc.) from a master-node to several slave-nodes using ssh, scp, sudo, and few other common shell commands.
dbabd1edfd938cd01ffaa094c7698d70d516922009dc18072bbb7990956da8d8Nixory is an innovative, fast, and powerful anti-spyware program, with a user-friendly graphical interface. It protects Mozilla Firefox from dangerous spyware and harmful cookies. Platform independent source zip file.
e7c030ea1072f4f0f3960a7cb5495355fa653243b392ee43aea388fac5bd7b0dDebian Security Advisory DSA 900-1 - Thomas Wolff discovered that the fetchmailconfig program which is provided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, creates the new configuration in an insecure fashion that can lead to leaking passwords for mail accounts to local users.
1fab93074bcf0d6c1ff84696b4f9e765f5d00b58003a806527e17411b3e97f72iDEFENSE Security Advisory 11.17.05 - Remote exploitation of a directory transversal vulnerability in Qualcomm WorldMail IMAP Server allows attackers to read any email stored on the system. Exploitation details provided. Tested against Qualcomm Worldmail server version 3.0. Other versions may be vulnerable.
01a2547672aa0a6bf533fe4063a9e2b47e5039c817eda96685045473de319554Debian Security Advisory DSA 899-1 - Several vulnerabilities have been discovered in egroupware, a web-based groupware suite.
ce5dc61b6ab7f174ffd0578f4d7b299207ee622bfdae9b8fd35c151559cf6fcaA vulnerability leading to unauthorized cancellation requests in WHM AutoPilot versions 2.5.20 and below has been discovered.
2ad2b040e6222ebcf0eab5e45ad775907734a840167b49cdfdcc6a95a13c1585
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed