Mandriva Linux Security Advisory 2008-220-1 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The issues include insecure misconfigurations, an integer overflow, and more.
e803d23944406498cc82562b5aacca71783278c00443005d7d17e49f592f75ceMandriva Linux Security Advisory 2008-232 - The ACL plugin in dovecot prior to version 1.1.4 treated negative access rights as though they were positive access rights, which allowed attackers to bypass intended access restrictions. The ACL plugin in dovecot prior to version 1.1.6 allowed attackers to bypass intended access restrictions by using the 'k' right to create unauthorized 'parent/child/child' mailboxes.
3dcb5d843d56558227e4581b0d21854b12e0ece4e41854a8044f583cb9217495Ubuntu Security Notice USN-674-1 - It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behavior by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service.
d2c4d7347624881811ac3d78377e58ca2ac8f982b257415af5e7f2543208a54aDebian Security Advisory 1667-1 - Several vulnerabilities have been discovered in the interpreter for the Python language.
12fdf078391ae1df310f450b4a5d9467ff078cdcdaab7caaf897fa6ed1464822RevSense suffers from a remote SQL injection vulnerability that allows for authentication bypass.
27fd270fe55804876934187b8d779434d2923613fc7c278a8e2c78752f9c1489MauryCMS versions 0.53.2 and below remote shell upload exploit.
8d6f5b68189c2bafbc37df905885c56bdf5ebf61f48ede5cfeb450391b7386d1LinksAutomation Script suffers from a remote SQL injection vulnerability.
52eca462044051c914f3bd91e80412422c5a19379cf39af95385d1bb7a82f16fLinksxs Script suffers from a remote SQL injection vulnerability.
2c801ae9badf9e6c7c0d8a05198dafbd554fc4a4697e6af4752833125902e3aeEthiclinks suffers from a remote SQL injection vulnerability.
dc02473a04a77ea4b45f077c01e61d0b3581ba664278b302aecf5f573dd62f0eEasyedit CMS suffers from multiple remote SQL injection vulnerabilities.
e56537569465cd143e885896d146ffc293267dfa4bfcc1243d624f64ce6c0b66The Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. Proof of concept test code included.
9c59cd0285343f1201a99c2ae856a531dd0980b02fffd729fa5baeb8130f4c80MyTopix versions 1.3.0 and below remote SQL injection exploit.
d6ffcbc9c4384ca4ffc95dc343f307dcd1c2ee1ea7077f7d1e5328bc03e5069bPunBB (Private Messaging System versions 1.2.x) multiple local file inclusion exploit.
bb9169e23999fe6bce73ae380549775e9cf6e794061bbe917d9b5ab942cb4c93An unauthenticated file retrieval vulnerability exists on the Sun Java System Identity Manager.
b9cdf1803245bb22824bf0f94a63052849f94ebcd387e642343d714cc5063316The 3Com AP 8760 suffers from authentication bypass, password leakage, and SNMP injection vulnerabilities. Details provided.
23b5cdcfae6b89704fccdcebd00d1ae55e3f48331216d43a26e85f5664b02003Sun Java System Identity suffers from a cross site request forgery vulnerability. Proof of concept code included.
aab83ef3374bf90d0fdb9403e4cc641a2e45c39abb67680b7db155ef488b8ca9Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system. Version 1.63.5 is affected.
0c8bfbaaca5cc084c2c85ddbb2c6716f33329be58d9b2d16ad9cc4ec374f5157The T-Online software offered by Deutsche Telekom installs and includes the use of vulnerable DLLs.
56d4221ea40f2d628050bcd86316a09eb1feb07cbf4e033614de08ad87fc8d5f86 byte Linux/x86 edit /etc/sudoers for full access.
7d3c24f1326c9839b67cda1c267ce7c0840d066c32b99df5a080ae3f91c26e2fAlex Article-Engine version 1.3.0 suffers from a remote arbitrary file upload vulnerability.
afa31a1b178fabf354c101511499a42c1db05867c5a2337f291470304e6aaaa1Alex News-Engine version 1.5.1 suffers from a remote arbitrary file upload vulnerability.
f56a33c17e06e03e38fdf7a05a1ac3fa9778d53ef69f3c1a093d9c4e83ae83caPySumpas is a simple, graphical password generating utility. Using the Python Cryptography Toolkit and Damien Miller's py-bcrypt, it generates a hash or cipher from user input. The resulting output, in part or entirety, can be used as a secure password.
459406a1f229c3e7d6ad2a4ee4009c96ba8a5f7189a5df0e6b54c26b1ad72c25Secunia Security Advisory - Dejan Levaja has discovered some vulnerabilities in MDaemon Server WorldClient, which can be exploited by malicious people to conduct script insertion attacks.
82a77bc153f67a052b75526f9f06310d4809d99432bcd545920732142f66df1cSecunia Security Advisory - Secunia Research has discovered some vulnerabilities in Streamripper, which can be exploited by malicious people to compromise a user's system.
87cfd1e7f07977f96aacd776b8c525b7c51804f8503dd8fb7977dbdedcf5b4ffSecunia Security Advisory - Some vulnerabilities have been reported in Streber, which can be exploited by malicious people to conduct cross-site request forgery attacks.
1819d9852dfef57eaf43c11a5e1ed9b1cf4438b07daadce5bc9f75d0889b434c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed