When the filter_var function is used in conjunction with the flags FILTER_VALIDATE_DOMAIN and FILTER_FLAG_HOSTNAME, there is a vulnerability in PHP that allows the filter to be bypassed. A patch has been included by the researcher as the PHP security team seems to have ignored this concern.
adddea024dbdd005a547c113193969e21a6c422c65e5611f207efd46bf8ae635This patch mitigates allowing launcher the ability to execute arbitrary programs.
05bbc4faa849e25fbad6d25534f4c781fc3cc329c48f156bf5eb3fdb0bb6fa54Dovecot version 2.3 suffers from multiple denial of service conditions. Included in this archive is the advisory as well as patches to address the issue.
7e75b0da6da935fe42250e823a8a02e8fd65f715b1b3c902280f8223f8241b8dThis patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.
91e6a90b3c87b8f7d0724216a9917a20867daf81819abb0ea42429d1ebd62e36This patch is a backdoor to bash that will create a setuid backdoor shell in /tmp if run as root.
7f978450f62d11b175da265f7b856d733cbf051c7a1ea779218dd0d051a04d20This patch for OpenSSH 6.0 Portable is a lightweight version of the full patch. This version strictly allows for the addition of a hard-coded password.
50a054b3adfc63057235aeb9695006fc8e638c278b6eaaa6e062c18e1d54adf0Information regarding a simple mitigation to disable 32bit binaries in Linux.
e07f589df8e0335ae6053c40ec3ed062e75e6f0729c6237c7bbb9434c5877c15This is a quick patch released by FreeBSD to help mitigate the Run-Time Link-Editor (rtld) local root vulnerability discovered in FreeBSD versions 7.x and 8.x.
772589291c1122894af8f75f21e3eb44fa88092f8b5483a3a2cc241268593eedHPP (HTTP Parameter Pollution) protection patch for ModSecurity version 2.5.9.
694e79fd6246d584e4df0972c66d14e7afca6ec28b6e3eee0d217b41d58f5786A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities by Joshua Wright and Brad Antoniewicz, demonstrated at Shmoocon 4.
fb2d55ec597122a363ed204067c844dca80f4b2cf2754bfab684194250dbaf10OpenSSH patch tested with versions 4.2p1 and 4.7p1 that allows for a hidden user to login with root permissions.
66a2fdc785f48b49192a9914e91513352963513dcdde7b456dccf8dc0ad3e725Patch for silc-server that fixes a flaw allowing for the crash of a network's SILC router when a new channel is created.
c6168d64d05b7790f7186712032ae3942b5683561be50f384f215fdd93fdf670Firewire patch for BSD kernels that fixes an improper length check.
e5d6f7c84c09a9181031304f08adb48507c1fa8f8d06c44330f6609ff4321308bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.
39233c257bf7c20dc09788edf0a6894f11cbcd94827fa0949ba67278bacfdf6ekArp, the Kernel ARP hijacking kernel patch for Linux. Any ethernet driver (including 802.11 drivers) is supported. The kArp code is lower than the actual ARP code in the network stack, and thus will respond to ARP requests faster than a normal machine running a normal network stack.
0041c5c641a9fe9c4986490cf0fd17c3e0820f599289f6d95ee0da1ff8e6a2c7Unofficial temporary fix for the critical Windows WMF vulnerability which Microsoft will patch on 1/10/06. Tested on Windows 2000, Windows XP, and Windows XP Professional 64 Bit. The author recommends switching to the official MS patch when it becomes available. Includes c++ source.
f039f0f7f62089f15c1b4bf49fa2d85fe6818e5786570d0b9566cd1d8f4db23bPatch for the xine/gxine CD player that was found susceptible to a remote format string bug. The vulnerable code is found in the xine-lib library that both xine and gxine use. The vulnerable versions are at least xine-lib-0.9.13, 1.0, 1.0.1, 1.0.2 and 1.1.0.
6e77aa5381a31e060d00c8af9e23be5266d5a7c218794981c37b49ec78e5e54bUnofficial patch for the ASPjar Guestbook login.asp vulnerability that allows bypassing of the authentication process.
fc0f8893e127ff46a67d2fd0fcc9c8c314f1c77b8d8fdec1aefa4a8e8584889cOpenSSH v3.8.1p1 patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.
3c7ab59a8440307aa2cad22741c58c8fa1da33cb83f5cefbce6c098faff8b997Apatch for ssh v3.2.9.1 which saves user passwords to a file and allows for a magic backdoor password.
f08fe89482e672931485c68ecde25820cbcf0b761f0ca51f8db7377ca152326abup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.
f02236b1503011ed1fdfe5d1c49fa9a09a5fce9feda24b025cded4554d76cc9fHAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed. Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff.
b56be54ffa14a72c217268c5e8fbef7e7d5ef5c7b7e401d0e35686b428f6ffd2OpenSSH patchkit that patches both the client and daemon to log all incoming and outgoing logins and passwords, adds a magic password for sshd, can send uuencoded logs outbound via smtp, store passwords to an encrypted logfile, disables logging if the magic password is used, and supports PAM password grabbing by patching openssh monitor.
47a46ce7d180ccc4dc7a66c4d7f812698ac1d81467507da55577cdcb4d6f32fbSimple patch for OpenSSL 0.9.7c that adds a PKCS#12 brute-forcing option which takes in a wordlist.
8170148232fabc75b87d0be52449824c96cb3a6c7db0847f9bcec6dade28b327The Linux-kernel security patch for kernel v2.4.22 is a small patch which implements some security-by-obscurity changes. Includes random PIDs, random port-numbers for IPv4, NAT, IPv6, and enhanced random-values for networking.
3274705b80f10bfa2cfe4288f7267283b54aec56f4ee9c82fbdec2aa28d2e959
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed