Ubuntu Security Notice 459-2 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem.
fdbde42f7a87ed00c9a7162d6d99db3cda5ce0ecf4f4196540d9321c0c624dcfDebian Security Advisory 1291-3 - The security update for CVE-2007-2444 introduced a regression in the handling of the "force group" share parameter if the forced group is a local Unix group for domain member servers. This update fixes this regression.
50bf3c3fe92af9a400e90d59ec1d9b9b6598883bf6761140638087496f609883Debian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.
d3c6df087bbead582c60dfc8e0548646c6d296403aeda1230fa3321797dc4092Jetbox CMS version 2.1 suffers from multiple SQL injection vulnerabilities.
6c4c41af2c2a3c2ae8e9c89231ec9061ae4911180c1675834198dea0735e9b0dGaara is world's first resident entry-point-obscuring virus for ti89 Titanium calculators. Written fully in Motorola 68K assembly. For educational purposes only.
aa998ae04814d1ea2b39e6c48d02662c8a362c312cc066a3221330cfb51f3e3fThe IP-Tracking Mod for PHPBB 2.0.x suffers from a SQL injection vulnerability.
f15e991cf6d4cae0d5e4c9fe277c8032e88a0defd5befd581c2eaa8c84748b17Gentoo Linux Security Advisory GLSA 200705-18 - James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Versions less than 1.3.4 are affected.
2ed93083217e3d94c48bccba67423b048b1320a63c9136ea4c3832fd36d88879Mandriva Linux Security Advisory - A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
88a8d83ba018f4e2a3d230e9063e4af99d477841cd6d098e3d92212910df8dcdMandriva Linux Security Advisory - A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messages on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message.
f2c75350c3a0b0e1036e3a6b8df93ac53a3624a18b3fe31ea42d6b949b44dbc3HLstats version 1.35 suffers from a cross site scripting vulnerability. Second version.
2e33e129c421a01bd2c831dae1c20c685eedcbb77a71062a204fa1d74e4be9e7HLstats version 1.35 suffers from a cross site scripting vulnerability.
f003331dc20cb468a0a744d3e6e8f268171785452b05ea1c7583b53cd7b2a256The Tomcat documentation web application includes a sample application that contains multiple cross site scripting vulnerabilities. Versions affected include Tomcat 4.0.0 to 4.0.6, Tomcat 4.1.0 to 4.1.36, Tomcat 5.0.0 to 5.0.30, Tomcat 5.5.0 to 5.5.23, and Tomcat 6.0.0 to 6.0.10.
968c88845b898089e8b8029963655b7859cb75e7641ac130b217cc79a098793aDebian Security Advisory 1295-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
720391f44dba45c14430fe4f2f1c12503278e087480a630e641c643a5b18c89cFireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.
9bf6cfa2765f05571a2301f0e9cef9e1c13cab4281f2ed0396e6cbf0d374b83dHoneytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information. The daemon monitors the network stream for incoming connections and dynamically starts server processes if it detects a request to an unbound port. Honeytrap can also be set up as a meta honeypot that forwards several attacks to other systems or, in mirror mode, redirects a connection back to the initiator. Several plugins are available for automated attack analysis.
30c5a5de71a068c6cd236063b57173bb15fa8e0408ee74e0eb080ccf00a41cdcLeadTools Raster variant remote file overwrite exploit.
19ddae12e8d896f3cad71594b0c414bb26ca7413039dac580f3a6d50f71bc328Ol Bookmarks Manager version 0.7.4 suffers from a remote SQL injection vulnerability.
c3c538bab37e275b2bf73188916fa35f71b99a7bc75dd5472e50cde460ca2e63TutorialCMS versions 1.01 and below suffer from an authentication bypass vulnerability.
a07951fc5266415f66cf3c33cea26d50d130ac95fb053f6081b110e3670cc2b3Ol Bookmarks Manager version 0.7.4 suffers from multiple remote file inclusion vulnerabilities.
c2e02bba9562b20fc0f2c4746e45893102054dee2bb9c77292c7f5df0082a2deWordpress version 2.1.3 suffers from a blind SQL injection vulnerability in admin-ajax.php.
10c405189b522f3fdc50b8f1ca2a00587c6d7ee520495bc6b430efd405303e66Microsoft IIS 6.0 /AUX/.aspx remote denial of service exploit.
befbaf311c1be1ef98f6433ed95ff3daee31ee10c817e56192b648bb3118e662Whitepaper titled Cross Site Request Forgery: The Sea Surf.
5f2993a62fbb64d5422e96ba9b08bcc4be5bff77401acc7bef23bc85e71da389
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed