A cross site scripting flaw exists in the Commonwealth Bank of Australia's web site.
b6db67aa865d33652f331d20e9c061672ae23bb9614db104ab77db5b687763acMandriva Linux Security Update Advisory - A vulnerability was discovered in the pixmap allocation handling of the X server that can lead to local privilege escalation. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap, leading to a buffer overflow which could then be exploited to execute arbitrary code with full root privileges.
3cf2154b69cec09589d62bdefa8ec6d90c741286aeedc640ff2242cb4a6b34d9iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a buffer overflow vulnerability in multiple versions of the firmware for Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated execution of arbitrary commands as the root user. The vulnerability specifically exists in the 'apply.cgi' handler of the httpd running on the internal interfaces, including the by default the wireless interface. This handler is used by the many of the configuration pages to perform the configuration management of the router. If an unauthenticated remote attacker sends a POST request to the apply.cgi page on the router with a content length longer than 10000 bytes, an exploitable buffer overflow may occur. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G, and has identified the same code is present in version 3.03.6. All versions prior to 4.20.7 may be affected.
0d2ff860dea860de42a45c16cc7d95f21cc2575bf4ed334cd26ddb2fcccb6756iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the upgrade.cgi component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router firmware. The vulnerability specifically exists in the POST method of the upgrade.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The upgrade.cgi handler allows a user to upload new firmware, which contains the operating system and applications, into the non-volatile memory of the router. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.
579720bc1784ef15c6e2733f48c794db8088d0e54246933e0848b20b06762808iDEFENSE Security Advisory 09.13.05 - Remote exploitation of an input validation error within the web management httpd component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated users to cause a denial of service (DoS). The vulnerability exists in several of the POST method handlers of the httpd running on the router's internal interfaces, including by default the wireless interface. In addition to not checking if authentication has failed until after data supplied by an external user has been processed, there are several places where the Content-Length is assumed to be valid. In some of those cases, data is read in without error checking while decrementing the length value. If the Content Length is set to a negative number, these checks will take an extremely long time, during which the httpd will become unresponsive. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.3 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.
1cbd9bb6174d8c8f9764edffe4432d893a71dd3dae113f34c72685dea78b5fa6iDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the 'restore.cgi' component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'POST' method of restore.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The restore.cgi handler allows a user to upload a new configuration into the non-volatile memory of the router. If the user is authenticated, the router will then restart, and the new configuration will be loaded. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.
b2ccc83517cfa13503d821a0d345d4c9efc278517875dc3388bbde7b3000125diDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in multiple versions of the firmware for Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'ezconfig.asp' handler of the httpd running on the internal interfaces, including by default the wireless interface. This handler is used by the 'ezSetup' to perform the initial setup of the router. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G, and has identified the same code is present in version 3.03.6. Version 2.04.4 of the WRT54G is confirmed to contain the affected code, however by default it initializes the authentication details, and so requires a password to set the configuration.
8678dca399143546a683fdfe6d05848911d3e816349bba43699a6387814c6f22Debian Security Advisory DSA 811-1 - A bug was discovered in common-lisp-controller, a Common Lisp source and compiler manager, that allows a local user to compile malicious code into a cache directory which is executed by another user if that user has not used Common Lisp before.
8d0e61a099f6b2022f434d648b75cfc1f96ccb85add24dff30de531c741bded0Debian Security Advisory DSA 810-1 - Several problems have been discovered in Mozilla, the browser of the Mozilla suite. Since the usual praxis of backporting apparently does not work for this package, this update is basically version 1.7.10 with the version number rolled back, and hence still named 1.7.8.
334054442f42570d59ec301d17dce3441228bd6d3a40f35ce3deccc517942b40Btscanner is a tool which extracts as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the the BlueZ toolset. Using the information gathered from these sources it is possible to make educated guesses as to the host device type.
017b1b022118d7dad371d65ab4b6f4d6d7be99482a4af3facd9360ce55210780Subscribe Me Pro versions 2.044.09P and below are prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable parameter.
5e76584f9eb98cc32891dee8d34295a44662addf60ae2c5e75c2d9c2cde99878Mandriva Linux Security Update Advisory - A stack-based buffer overflow was discovered in the init_syms function in MySQL that allows authenticated users that can create user-defined functions to execute arbitrary code via a long function_name field.
e6803a3044816c86b9cb2e48715440a1ccf90fe4c2461cc9b68cf4cd21ef04ebSecunia Security Advisory - Mandriva has issued an update for squid. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
2f435030ce90bfb78611436fa5c068d767ee46aa8c288ae425488656b97012f6Secunia Security Advisory - Debian has issued an update for squid. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
ca8e293aa2f1a63b4f9ae257f06b65165c014fddd3d0ddb36dd1567da8886bd7Secunia Security Advisory - Debian has issued an update for libapache-mod-ssl. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions.
1d1651814713d3cd5cda9327426a12f5e79ca0d068901ec3fda81622fdebf60dSecunia Security Advisory - Luke Hutchison has reported a vulnerability in XFree86, which potentially can be exploited by malicious, local users to gain escalated privileges.
c5fc347d9758a6558497105e2b53a7297b7bdec21802bc5a8e298e8a0fd16632Secunia Security Advisory - A vulnerability has been reported in pam-per-user, which can be exploited by malicious users to bypass certain security restrictions.
45d9f040a0ad56cb7b34311fec8294d35fa065ffd04d1cc2d61bf30a0605875bSecunia Security Advisory - David Watson has reported a security issue in util-linux, which potentially can be exploited by malicious, local users to gain escalated privileges.
136b7187a6958517827e439ee56fcb316bbb4c0371c82136b4b81d447f6f5e5aSecunia Security Advisory - Alejandro Hernandez Hernandez has reported a vulnerability in Snort, which can be exploited by malicious people to cause a DoS (Denial of Service).
e5879d7dd8c07826438f32bf5e61c917a327fc4422e3d23c4e6c40c22979a729Secunia Security Advisory - Debian has issued an update for tdiary. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
dc5aea7bfb2f42b12f7e872991355c2db44689c374fba2a2e1452eae11690eb0Secunia Security Advisory - A vulnerability has been reported in X11, which potentially can be exploited by malicious, local users to gain escalated privileges.
ce8679062f4154cd379c1121377d508b61ecacdaf19af6a24a93163fa5a1702eSecunia Security Advisory - Gentoo has issued an update for xorg-x11. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.
8d7e2056848433b90c6a7e68f7407f64050f50ceb3fdd3454752aad346997f9eSecunia Security Advisory - A vulnerability has been reported in Python, which potentially can be exploited by malicious people to compromise a vulnerable system.
5dc048a9fb065457ce511e861134f43815f95bb8c015cc1f3a36c9e97f95b822Secunia Security Advisory - Slackware has issued an update for dhcpcd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
f2180d634699609c10cf5c8228af0402f98aab58a19d79f74374477c4a9d7f5aSecunia Security Advisory - Slackware has issued an update for util-linux. This fixes a security issue, which potentially can be exploited by malicious, local users to gain escalated privileges.
9de7275a1808096c383057d40b5fed283521d670876edf5509ff0feb1b2aa3cb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed