This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
7046b9d372f9e31ca654a66492310c188470480ddab300eb715dbf5e2177ae55OpenSSH 4.5 has been released addressing a bug in the sshd privilege separation monitor that weakened its verification of successful authentication.
239e91aa714af4bb4427b9c26c903ab615dd3a904d1d401adf5957efa7180f76iPrimal Forums suffers from a remote file inclusion vulnerability.
3d23417765d82d73f1ac0d67c43a2e92d98f5025da5710c1abdd56989cd17ccbVortex Blog suffers from a remote file inclusion vulnerability.
45115ae5bc26e0aef806dc359046e72fdb32f8590c0c4d9f51f0bb22b79b084aIrayoBlog version 0.2.4 suffers from a remote file inclusion vulnerability in inc/irayofuncs.php.
97e4f254211ea71204fc581a0a5dd769b566237f07f9b45ed210a077407bbcf2DodosMail versions 2.0.1 and below suffer from a remote file inclusion vulnerability in dodosmail.php.
34c96f7ed3c0eb46288949a421a3b653587a2b69e37d8096cf9a22d3f1bd838aMicrosoft Internet Explorer 6/7 XML Core Services remote code execution exploit. Found in the wild by Gadi Evron. Modified by /str0ke.
ff5eaba72be3177273e6a9ff8d817c24d37b0bc0babab1df766974d513428608iodine is a piece of software that lets you tunnel IPv4 data through a DNS server. This can be useful in situations where Internet access is firewalled, but DNS queries are allowed. It needs a TUN/TAP device to operate. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.
08a60f1dde655e37e136a498f73abcf25562239b02aa7c272c3cceb34ca2a5d5MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with Sendmail 8.11/8.12's new "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
60a63ed22a42b1463335afade2584f91dc1235bb6a35249940d7f64a9bed8dc9Race condition exploit that takes advantage of a flaw in Intego VirusBarrier X4.
8fbc3bac0aef7c91710230a3e7449dcef6d21741f4c4c879f4899e657a426416Intego VirusBarrier X4 suffers from a definition bypass vulnerability.
cb1239541fb426479250540f9150a7e2c069a130c929584cf04e64628d107c1dSpeedWiki version 2.0 suffers from arbitary file upload and cross site scripting vulnerabilities.
84193b0ef3ac204c1723a26fd4e494c540460ae71416d41c863d386392a4fd53Portix-PHP suffers from a SQL injection vulnerability.
e32be082f897271f9d5425a2f70111edec206ef62870f3d4058c0a256a7f22d6A vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected. OpenView Client Configuration Manager version 1.0 is affected.
44a89aa95a1bae411c8bdd385cbc8355ab9385be996a42c9eee2149f0069b9e6The Abarcar Realty Portal is susceptible to SQL injection attacks.
376079da73ed9975d7fca0a88d6434ece2051fe90c2789fb85f3a86dc54f648aiDefense Security Advisory 11.08.06 - Local exploitation of an insecure permissions vulnerability in Cisco Systems Secure Desktop product could allow privilege escalation attacks to be conducted by local users. When Cisco Secure Desktop Web VPN product is installed on a NTFS formatted drive, permissions are set on all files to grant full control to all users. Certain files run as a system service and can be easily replaced. iDefense has confirmed this vulnerability exists on Cisco Secure Desktop version 3.1.1.27. Previous versions are suspected to be vulnerable.
6dfd669d77800874e54b7955d01e2b2497788e1397cb113504ba0f650e44cf67FreeWebShop versions 2.2.2 and below suffer from directory traversal and cross site scripting vulnerabilities.
b4a52e4159ef9058675bda56581ad8fd225898a3049bfc05f2e5761f45ea194bPhpMyChat versions 0.14.5 and below suffer from a classic directory traversal attack.
2c3784e417f5137dd65d7c496148caf5fc8c0a10e44ee0cd3093c7a30400b344PhpMyChat Plus versions 1.9 and below suffer from a classic directory traversal attack.
7d3ed14aeaf386a767803618ed61a6a6dc2b428308cef3768c83b42eed3d76c0Mandriva Linux Security Advisory MDKSA-2006-204 - A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the absence of additional vulnerabilities.
490f28d70c40abc0372fc9027234651b6f6624b19468a97ed30f404e32603984Technical Cyber Security Alert TA06-312A - The Mozilla web browser and derived products contain several vulnerabilities. The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include forging an RSA signatures and denial of service. A remote, unauthenticated attacker could execute arbitrary code, or cause a denial of service. Forging an RSA signature (VU#335392) may allow an attacker to craft a TLS/SSL or email certificate that will not be detected as invalid. This may allow that attacker to impersonate a website or email system that relies on certificates for authentication.
99b7e4c1fa8be3237818386e3263c03123e10b2e9680bbc437a5a5963b2e3551Cisco Security Advisory - Cisco Secure Desktop (CSD) software is affected by three vulnerabilities that may cause information produced and accessed during an Internet browsing session to be left behind on a computer after an SSL VPN session terminates, may allow users to evade the system policy that prevents them from leaving the Secure Desktop while a VPN connection is active, and may allow local users to elevate their privileges. The vulnerabilities described in this document exist in versions 3.1.1.33 and earlier of Cisco Secure Desktop.
ae210eb031e64cbec7800b94348d7a4cb54b5d9bea37d927acbe0827c0319942Mandriva Linux Security Advisory MDKSA-2006-203 - Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file.
82a8c2d42d21771783b7b34aa9ba24471bba2fbd07e390454cbf86fd4df993bcFortConsult Security Advisory - It is possible to retrieve unencrypted data from the "names.nsf" database on Lotus Notes servers without being logged in.
438f8fa64a94121b43b7b7e1b5eef7fc543a121fdbb1de48b7fc02b951ba17aeiDefense Security Advisory 11.08.06 - Local exploitation of multiple buffer overflow vulnerabilities in IBM's Lotus Domino could allow an attacker to elevate privileges to root. The 'tunekrnl' binary is used to set Linux/proc sysctl settings, allowing Domino to increase the resource limits of the running kernel. It is shipped with the owner set to root and the set-user-id bit on. Since the length of input is improperly validated when copying to fixed-size buffers, buffer overflow can occur.iDefense has confirmed the existence of this vulnerability in version 7.0.1.1 of IBM's Lotus Domino for Linux. Earlier versions may also be vulnerable.
e24a6b648c0945b340012510654538e27d061dadc4ee809651273533be054a00
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed