Bloofox CMS version 0.3.4 suffers from a local file inclusion vulnerability.
214f7790e54308adf9a9cf84f1a738abClaSS version 0.8.60 and below suffer from remote file disclosure vulnerabilities.
144eea27b6cb839650a81a85a418a621Ubuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.
65a3adf90302db633e4eb6ec2740cabaGentoo Linux Security Advisory GLSA 200812-24 - Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Versions less than 0.9.8a are affected.
afec13854b9f525ff9f43ffe0d228df1Gentoo Linux Security Advisory GLSA 200812-23 - A buffer overflow vulnerability has been discovered in Imlib2. Julien Danjou reported a pointer arithmetic error and a heap-based buffer overflow within the load() function of the XPM image loader. Versions less than 1.4.2-r1 are affected.
f36f76defa7313385c3af139d9d1c8acGentoo Linux Security Advisory GLSA 200812-22 - An insecure temporary file usage has been reported in Ampache, allowing for symlink attacks. Dmitry E. Oboukhov reported an insecure temporary file usage within the gather-messages.sh script. Versions less than 3.4.3 are affected.
6fe9149cb6c50424e826a2b986308f87Gentoo Linux Security Advisory GLSA 200812-21 - Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. Moritz Jodeit reported an off-by-one error within the get_unicode_name() function in libclamav/vba_extract.c when processing VBA project files (CVE-2008-5050). Ilja van Sprundel reported an infinite recursion error within the cli_check_jpeg_exploit() function in libclamav/special.c when processing JPEG files (CVE-2008-5314). Versions less than 0.94.2 are affected.
726a95c30e8603b9e4641b9ad06dadfaSTAR is a front-end written in Python for the Rough Auditing Tool for Security (RATS). This is the source release. Simply run "python setup.py install" and then run "star".
cf3770cc90560dea6635f166bc2d06fdGetleft version 1.2 proof of concept buffer overflow exploit that causes a denial of service condition.
f8d426b4f7bf2ea99d8efc851ce81c3eCMS NetCat versions 3.12 and below suffer from local file inclusion, blind SQL injection, cross site scripting, HTTP response splitting, and CRLF injection vulnerabilities.
2b6d148eef3cc802aaa4fc47dd17ccf3CMS NetCat version 3.12 blind SQL injection exploit that makes use of password_recovery.php.
887d6bb05c24e7f99b98a407522f551eUbuntu Security Notice USN-677-2 - USN-677-1 fixed vulnerabilities in OpenOffice.org. The changes required that openoffice.org-l10n also be updated for the new version in Ubuntu 8.04 LTS. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS.
c5ce60e29ca1d9ec61428d86ae3b05f8The Citrix Broadcast Server administrative login page is vulnerable to trivial SQL injections via the txtUID HTTP POST parameter. An attacker could leverage this flaw to obtain unauthorized access to the web interface or to extract data from the database via blind SQL injection.
657e79ffbf7ce2e8ad204969e22dbf2fUbuntu Security Notice USN-698-3 - It was discovered that Nagios was vulnerable to a Cross-site request forgery (CSRF) vulnerability. If an authenticated nagios user were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands to be processed by Nagios and execute arbitrary programs. This update alters Nagios behaviour by disabling submission of CMD_CHANGE commands. It was discovered that Nagios did not properly parse commands submitted using the web interface. An authenticated user could use a custom form or a browser addon to bypass security restrictions and submit unauthorized commands.
a7ec34bbabf9efacbbc0c7554ba52dbbPHPmotion versions 2.1 and below suffer from a cross site request forgery vulnerability.
783a6277cf996e21f0403e1d8ef1706cStormBoard version 1.0.1 suffers from a remote SQL injection vulnerability in thread.php.
136d609447d36eadbdff7d693a028cb5Psi Jabber Client remote denial of service exploit that targets tcp port 8010.
2fe5e34619d03ee04a9aa3761396fcf8PGP Desktop version 9.0.6 local denial of service exploit that uses PGPwded.sys.
8ff8418c7176bd8204f6f1379436f395phpEmployment suffers from an arbitrary file upload vulnerability.
fef5a8cc65120272a034496d3d76d001phpAdBoard suffers from an arbitrary file upload vulnerability.
0aba44bc76b4c145f87ad365915ce683phpGreetCards suffers from cross site scripting and arbitrary file upload vulnerabilities.
937ad3e4ddb4234285bafd4032e13057PSI suffers from a remote integer overflow denial of service vulnerability. Proof of concept code is included.
0237354cd81dac5592010af49e36942eBrief login form password theft tutorial showing how to backdoor php code once access has been gained to a system in order to not have to crack hashes.
eb46ace10360dce7dd99941e63b26719The Google Chrome Browser suffers from a remote parameter injection vulnerability in relation to ChromeHTML://.
0be673fe20db3d4664ed1f183669423bPowerStrip versions 3.84 and below privilege escalation exploit that leverages pstrip.sys.
be63616f264ef26aa2cd8d263ceadf34
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed