Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Sun, 27 May 2012 22:48:01 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1937501532&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0810-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1937501532.1338158881.1338158881.1338158881.1%3B%2B__utmz%3D32867617.1338158881.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/71443/MDVSA-2008-223.txt http://packetstormsecurity.org/files/71443/MDVSA-2008-223.txt http://packetstormsecurity.org/files/71443/Mandriva-Linux-Security-Advisory-2008-223.html Sat, 01 Nov 2008 00:57:27 GMT Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These include buffer overflow, integer overflow, and input sanitization vulnerabilities. http://packetstormsecurity.org/files/71432/sa32421.txt http://packetstormsecurity.org/files/71432/sa32421.txt http://packetstormsecurity.org/files/71432/Secunia-Security-Advisory-32421.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Some vulnerabilities have been reported in A-LINK WL54AP3 and WL54AP2, which can be exploited by malicious people to conduct cross-site scripting or cross-site request forgery attacks. http://packetstormsecurity.org/files/71440/sa32425.txt http://packetstormsecurity.org/files/71440/sa32425.txt http://packetstormsecurity.org/files/71440/Secunia-Security-Advisory-32425.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - DeltahackingTEAM has discovered some vulnerabilities in various MW6 Technologies ActiveX controls, which can be exploited by malicious people to overwrite arbitrary files. http://packetstormsecurity.org/files/71441/sa32426.txt http://packetstormsecurity.org/files/71441/sa32426.txt http://packetstormsecurity.org/files/71441/Secunia-Security-Advisory-32426.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Marco Torti has discovered a vulnerability in eXPert PDF ViewerX ActiveX Control, which can be exploited by malicious people to overwrite arbitrary files. http://packetstormsecurity.org/files/71439/sa32459.txt http://packetstormsecurity.org/files/71439/sa32459.txt http://packetstormsecurity.org/files/71439/Secunia-Security-Advisory-32459.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - GoLd_M has reported a vulnerability in SPBOARD, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/71438/sa32464.txt http://packetstormsecurity.org/files/71438/sa32464.txt http://packetstormsecurity.org/files/71438/Secunia-Security-Advisory-32464.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Russ McRee has reported some vulnerabilities in CompactCMS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. http://packetstormsecurity.org/files/71429/sa32472.txt http://packetstormsecurity.org/files/71429/sa32472.txt http://packetstormsecurity.org/files/71429/Secunia-Security-Advisory-32472.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Hakxer has reported a vulnerability in Absolute Podcast .NET, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/71431/sa32477.txt http://packetstormsecurity.org/files/71431/sa32477.txt http://packetstormsecurity.org/files/71431/Secunia-Security-Advisory-32477.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - ZoRLu has discovered a vulnerability in the Lyrics plugin for e107, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/71435/sa32482.txt http://packetstormsecurity.org/files/71435/sa32482.txt http://packetstormsecurity.org/files/71435/Secunia-Security-Advisory-32482.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Fedora has issued an update for phpMyAdmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/71434/sa32487.txt http://packetstormsecurity.org/files/71434/sa32487.txt http://packetstormsecurity.org/files/71434/Secunia-Security-Advisory-32487.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - A security issue has been reported in CrossFire, which can be exploited by malicious, local users to perform certain actions with escalated privileges. http://packetstormsecurity.org/files/71436/sa32488.txt http://packetstormsecurity.org/files/71436/sa32488.txt http://packetstormsecurity.org/files/71436/Secunia-Security-Advisory-32488.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - VMware has issued an update for VMware ESX Server. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/71433/sa32489.txt http://packetstormsecurity.org/files/71433/sa32489.txt http://packetstormsecurity.org/files/71433/Secunia-Security-Advisory-32489.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Fedora has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/71437/sa32496.txt http://packetstormsecurity.org/files/71437/sa32496.txt http://packetstormsecurity.org/files/71437/Secunia-Security-Advisory-32496.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Gentoo has issued an update for libspf2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. http://packetstormsecurity.org/files/71430/sa32500.txt http://packetstormsecurity.org/files/71430/sa32500.txt http://packetstormsecurity.org/files/71430/Secunia-Security-Advisory-32500.html Sat, 01 Nov 2008 00:50:49 GMT Secunia Security Advisory - Ehsan_Hp200 has reported a vulnerability in the BookCatalog module for PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/71423/sa32435.txt http://packetstormsecurity.org/files/71423/sa32435.txt http://packetstormsecurity.org/files/71423/Secunia-Security-Advisory-32435.html Fri, 31 Oct 2008 21:37:24 GMT Secunia Security Advisory - SuSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks or potentially, to compromise a user's system. http://packetstormsecurity.org/files/71424/sa32498.txt http://packetstormsecurity.org/files/71424/sa32498.txt http://packetstormsecurity.org/files/71424/Secunia-Security-Advisory-32498.html Fri, 31 Oct 2008 21:37:24 GMT Secunia Security Advisory - A vulnerability has been reported in various SonicWALL products, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/71414/sa32359.txt http://packetstormsecurity.org/files/71414/sa32359.txt http://packetstormsecurity.org/files/71414/Secunia-Security-Advisory-32359.html Fri, 31 Oct 2008 20:16:33 GMT Secunia Security Advisory - Secunia Research has discovered a vulnerability in Interact, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/71413/MDVSA-2008-121-1.txt http://packetstormsecurity.org/files/71413/MDVSA-2008-121-1.txt http://packetstormsecurity.org/files/71413/Mandriva-Linux-Security-Advisory-2008-121.html Fri, 31 Oct 2008 20:15:50 GMT Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code. The updated packages have been patched to prevent this issue. The patches used to correct the problem on Corporate Server 4.0 and Corporate 3.0 contained a problem where certain fonts would not be displayed and would cause applications, such as drakfont, to crash. This update corrects the regression. http://packetstormsecurity.org/files/71411/10.29.08-2.txt http://packetstormsecurity.org/files/71411/10.29.08-2.txt http://packetstormsecurity.org/files/71411/iDEFENSE-Security-Advisory-2008-10-29.2.html Fri, 31 Oct 2008 18:54:48 GMT iDefense Security Advisory 10.29.08 - Remote exploitation of a stack based buffer overflow vulnerability in Oracle Corp.'s WebLogic Server Apache Connector could allow an attacker to execute arbitrary code with the privileges of the affected service. A stack based buffer overflow vulnerability exists in the Apache Connector of Oracle (formerly BEA) WebLogic Server. When parsing a request with an invalid parameter the module uses a string without properly validating its length. This string is copied into a fixed sized stack buffer. This results in a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in WebLogic Server Apache Connector version 10.0. Previous versions may also be affected. http://packetstormsecurity.org/files/71409/10.29.08-1.txt http://packetstormsecurity.org/files/71409/10.29.08-1.txt http://packetstormsecurity.org/files/71409/iDEFENSE-Security-Advisory-2008-10-29.1.html Fri, 31 Oct 2008 18:50:25 GMT iDefense Security Advisory 10.29.08 - Remote exploitation of multiple integer overflow vulnerabilities in OpenOffice versions 2.4.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the current user. Integer overflow issues exist within the code responsible for parsing multiple EMR records within an EMF file. This allows an attacker to overflow heap memory with data they supplied. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4.1. http://packetstormsecurity.org/files/71408/secunia-interact.txt http://packetstormsecurity.org/files/71408/secunia-interact.txt http://packetstormsecurity.org/files/71408/secunia-interact.txt.html Fri, 31 Oct 2008 18:48:12 GMT Secunia Research has discovered two vulnerabilities in Interact, which can be exploited by malicious people to conduct cross-site request forgery and SQL injection attacks. Version 2.4.1 is affected. http://packetstormsecurity.org/files/71406/VMSA-2008-0017.txt http://packetstormsecurity.org/files/71406/VMSA-2008-0017.txt http://packetstormsecurity.org/files/71406/VMware-Security-Advisory-2008-0017.html Fri, 31 Oct 2008 18:41:56 GMT VMware Security Advisory - A denial of service flaw was found in the way libxml2 processes certain content. If an application that is linked against libxml2 processes malformed XML content, the XML content might cause the application to stop responding. A flaw was found in the way ucd-snmp checks an SNMPv3 packet's Keyed-Hash Message Authentication Code. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. http://packetstormsecurity.org/files/71395/sa32398.txt http://packetstormsecurity.org/files/71395/sa32398.txt http://packetstormsecurity.org/files/71395/Secunia-Security-Advisory-32398.html Fri, 31 Oct 2008 18:08:14 GMT Secunia Security Advisory - SUSE has issued an update for tomcat5 and apache-jakarta-tomcat-connectors. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/71396/sa32434.txt http://packetstormsecurity.org/files/71396/sa32434.txt http://packetstormsecurity.org/files/71396/Secunia-Security-Advisory-32434.html Fri, 31 Oct 2008 18:08:14 GMT Secunia Security Advisory - Secunia Research has discovered a vulnerability in Interact, which can be exploited by malicious people to conduct cross-site request forgery attacks. http://packetstormsecurity.org/files/71391/sa32465.txt http://packetstormsecurity.org/files/71391/sa32465.txt http://packetstormsecurity.org/files/71391/Secunia-Security-Advisory-32465.html Fri, 31 Oct 2008 01:16:13 GMT Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.