MP3nema is a tool aimed at analyzing and capturing data that is hidden between frames in an MP3 file or stream, otherwise noted as "out of band" data. This utility also supports adding data between frames and capturing streaming audio.
a4507d1404d7468df71c01e42cd42ee5594311ab6160300c3894c420dd2741e1squid-nufw-helper is an external ACL helper for Squid that provides Single Sign On capabilities. It uses the NuFW firewall suite and supports the NuFW users SQL logging scheme. The module allows for strict SSO identification and authentication of users on any Squid proxy, including transparent proxies.
6984d7dad2acd7450b71ddbbf835596ee118502ab5eca1dd473c04e3701cc2e3This is an open source TCP/IP library with asynchronous BlowFish and SSL support.
3d497288df7767c4cd1711c5c2345a4875ab6b89fb73fc41d6d9b5f109e0a26fGoogle Chrome versions 0.2.149.30, 0.2.149.29, and 0.2.149.27 all suffer from a metacharacter URI obfuscation vulnerability. Proof of concept html included.
d38d8e01b2b606eaedfeba68c9279763a7a153407e69461fa9d5161bd52eb4f0The W3C Amaya web browser version 10.1 remote stack overflow exploit that relates to the id tag.
ccce518a71ec7d7a4e756e21ba7d17b184d3fefd2d8e063b6a1734e723eecd38The W3C Amaya web browser version 10.1 remote stack overflow exploit that relates to the URL bar.
24f12692210fe9aca972c4318769913b52180b33780ee805929548a1a7edfe7bUbuntu Security Notice USN-676-1 - It was discovered that WebKit did not properly handle Cascading Style Sheets (CSS) import statements. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges.
dc8a315aecca9c511679aa165dfdcdf03f4cab359761487989fef9e640835ed1Ubuntu Security Notice USN-675-2 - It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
7e9520c885b1e6091c3f2f1be79d8a8bb9debda71e26bf44b22d2c8e526f5f26Ubuntu Security Notice USN-675-1 - It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle file transfers containing a long filename and special characters in the MSN protocol handler. A remote attacker could send a specially crafted filename in a file transfer request and cause Pidgin to crash, leading to a denial of service. It was discovered that Pidgin did not impose resource limitations in the UPnP service. A remote attacker could cause Pidgin to download arbitrary files and cause a denial of service from memory or disk space exhaustion. It was discovered that Pidgin did not validate SSL certificates when using a secure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This update alters Pidgin behaviour by asking users to confirm the validity of a certificate upon initial login.
e5e3001e6d6476f98054192d0fafe30602a1312ac464eec120826a1864a9cd0fUbuntu Security Notice USN-674-2 - USN-674-1 provided packages to fix vulnerabilities in HPLIP. Due to an internal archive problem, the updates for Ubuntu 7.10 would not install properly. This update provides fixed packages for Ubuntu 7.10. We apologize for the inconvenience. Original advisory details: It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts and by moving alert configuration to a root-controlled /etc/hp/alerts.conf file. It was discovered that the hpssd tool of hplip did not correctly handle certain commands. A local attacker could use a specially crafted packet to crash hpssd, leading to a denial of service.
b2784440b0a617c94be32e180385f06c05cd97154f28d2d286492551ec4fe1b2SVRT-Bkis has detected a serious buffer overflow vulnerability in ffdshow which affects all available internet browsers. Taking advantage of the flaw, hackers can perform remote attack, inject viruses, steal sensitive information and even take control of the victim's system. Versions below rev2347 20081123 are affected.
d5b01d681ab02ae46e8fa752529dd5a7d9d3b36adee4ff615ffda3aa5d2227f5VideoScript versions 3.0 through 4.1.5.55 unofficial shell injection exploit.
edee051850c042bf4ea7230997e961f048e1aa0dcf5f74de791c47989335fde3VideoScript versions 3.0 through 4.0.1.50 official shell injection exploit.
4c47f7fb94bdf562cd12ec4bde9d2f03df2dffc031b448e2923a3ff4c79386f0Goople CMS version 1.7 suffers from a remote shell upload vulnerability.
6c3742383924bac79d92392e58781fb0c695f91513ef093dad76b90c307d3dd7PG Job Site suffers a blind SQL injection vulnerability.
f133505abdb916286cb45dae2f84c26dc7003b66005040a5c4f2511acfa85d6bPG Roomate Finder Solution suffers a SQL injection vulnerability that allows for authentication bypass.
c3f918c06c12db4860f0b6b54595bdd1336130b24d0b0bc3e6e208721c0fbe1bPG Real Estate suffers a SQL injection vulnerability that allows for authentication bypass.
da4f895d7960cbecf421d72addc3f971b236f4e154fd4407dcb9caeff61dcf48Microsoft XML Core Services DTD cross-domain scripting proof of concept exploit that makes use of the vulnerability noted in MS08-069.
9c41a205f45e8e6c54228661f76071d9b7c78bfe03fea9f194e637bee0017cd3295 bytes of Linux/x86 shellcode that appends a RSA key to /root/.ssh/authorized_keys2.
daf38163f2ce60d4025acdcf4ed49f89ec6009e7d69abc71e6bb166cc0fc0d36151 bytes of Linux/x86 connect-back shellcode that uses UDP port 54321 and executes tcpdump.
43697f2423432246a3de3022253c59fbb3331f2b592eabd562c28e4a731f5a8eThe OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, they are unable to properly assess its impact.
49c82d9678c78a73d9b145364ac4e30148c38b923dedd1f5411f0ea41c53919dCOMS, or Contents and Object Management System, suffers from a cross site scripting vulnerability.
691e899c19b10b1fb46404e841ec9c490ee703080377fca0dbbc208be0f8351eProzilla Hosting Index suffers from a remote SQL injection vulnerability.
c6c400f15b994d3723a4e49b38737a2a24d3ee4f829670d2d2acb5869ab8f85bNetArtMedia Blog System suffers from a remote SQL injection vulnerability in image.php.
6cfea4ee18824fe5e7becd107caa41aaac174af5869d6d405439532292d491b3NetArtMedia Cars Portal suffers from a remote SQL injection vulnerability in image.php.
afb795f4a79591161f68da836405d745a30033f6835a69edd8c1b990f7520201
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed