Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:08:35 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1823038355&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0909-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1823038355.1338185315.1338185315.1338185315.1%3B%2B__utmz%3D32867617.1338185315.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/81745/pisystemt-crypto.txt http://packetstormsecurity.org/files/81745/pisystemt-crypto.txt http://packetstormsecurity.org/files/81745/PI-SystemT-Encryption-Weakness.html Wed, 30 Sep 2009 23:14:20 GMT PI SystemT suffers from an encryption weakness in the default authentication process. http://packetstormsecurity.org/files/81744/sa36901.txt http://packetstormsecurity.org/files/81744/sa36901.txt http://packetstormsecurity.org/files/81744/Secunia-Security-Advisory-36901.html Wed, 30 Sep 2009 15:12:17 GMT Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Composite Application Manager for WebSphere, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/81743/sa36906.txt http://packetstormsecurity.org/files/81743/sa36906.txt http://packetstormsecurity.org/files/81743/Secunia-Security-Advisory-36906.html Wed, 30 Sep 2009 15:12:15 GMT Secunia Security Advisory - bruiser has discovered a vulnerability in IBM Installation Manager, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/81742/sa36895.txt http://packetstormsecurity.org/files/81742/sa36895.txt http://packetstormsecurity.org/files/81742/Secunia-Security-Advisory-36895.html Wed, 30 Sep 2009 15:12:12 GMT Secunia Security Advisory - bellick has discovered a vulnerability in Adobe Photoshop Elements, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/81741/sa36524.txt http://packetstormsecurity.org/files/81741/sa36524.txt http://packetstormsecurity.org/files/81741/Secunia-Security-Advisory-36524.html Wed, 30 Sep 2009 15:12:10 GMT Secunia Security Advisory - Russ McRee has discovered a vulnerability in BIGACE Web CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. http://packetstormsecurity.org/files/81740/sa36914.txt http://packetstormsecurity.org/files/81740/sa36914.txt http://packetstormsecurity.org/files/81740/Secunia-Security-Advisory-36914.html Wed, 30 Sep 2009 15:12:07 GMT Secunia Security Advisory - pyrokinesis has discovered a vulnerability in EMC Captiva QuickScan Pro, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/81739/sa36851.txt http://packetstormsecurity.org/files/81739/sa36851.txt http://packetstormsecurity.org/files/81739/Secunia-Security-Advisory-36851.html Wed, 30 Sep 2009 15:12:05 GMT Secunia Security Advisory - Some vulnerabilities have been reported in Activedition, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/81738/sa36902.txt http://packetstormsecurity.org/files/81738/sa36902.txt http://packetstormsecurity.org/files/81738/Secunia-Security-Advisory-36902.html Wed, 30 Sep 2009 15:12:02 GMT Secunia Security Advisory - A vulnerability has been discovered in Oracle Document Capture, which can be exploited by malicious people to potentially compromise a user's system. http://packetstormsecurity.org/files/81737/sa36907.txt http://packetstormsecurity.org/files/81737/sa36907.txt http://packetstormsecurity.org/files/81737/Secunia-Security-Advisory-36907.html Wed, 30 Sep 2009 15:12:00 GMT Secunia Security Advisory - Giuseppe Fuggiano has discovered a vulnerability in FlatPress, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/81736/sa36894.txt http://packetstormsecurity.org/files/81736/sa36894.txt http://packetstormsecurity.org/files/81736/Secunia-Security-Advisory-36894.html Wed, 30 Sep 2009 15:11:57 GMT Secunia Security Advisory - Two vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users and malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/81729/flickr_api_signature_forgery.pdf http://packetstormsecurity.org/files/81729/flickr_api_signature_forgery.pdf http://packetstormsecurity.org/files/81729/Flickr-API-Signature-Forgery.html Wed, 30 Sep 2009 06:43:19 GMT Flickr's API suffered from an API signature forgery vulnerability. http://packetstormsecurity.org/files/81714/winrar-spoof.txt http://packetstormsecurity.org/files/81714/winrar-spoof.txt http://packetstormsecurity.org/files/81714/WinRAR-3.80-Filename-Spoofing.html Tue, 29 Sep 2009 20:49:09 GMT WinRAR version 3.80 suffers from a ZIP filename spoofing vulnerability. http://packetstormsecurity.org/files/81713/sa36890.txt http://packetstormsecurity.org/files/81713/sa36890.txt http://packetstormsecurity.org/files/81713/Secunia-Security-Advisory-36890.html Tue, 29 Sep 2009 12:47:29 GMT Secunia Security Advisory - Some vulnerabilities have been reported in IBM DB2, where one has an unknown impact and others can be exploited by malicious users to bypass certain security restrictions. http://packetstormsecurity.org/files/81712/sa36853.txt http://packetstormsecurity.org/files/81712/sa36853.txt http://packetstormsecurity.org/files/81712/Secunia-Security-Advisory-36853.html Tue, 29 Sep 2009 12:47:26 GMT Secunia Security Advisory - A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/81711/sa36829.txt http://packetstormsecurity.org/files/81711/sa36829.txt http://packetstormsecurity.org/files/81711/Secunia-Security-Advisory-36829.html Tue, 29 Sep 2009 12:47:23 GMT Secunia Security Advisory - Some vulnerabilities have been reported in Juniper JUNOS, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to conduct script insertion attacks. http://packetstormsecurity.org/files/81728/sa36904.txt http://packetstormsecurity.org/files/81728/sa36904.txt http://packetstormsecurity.org/files/81728/Secunia-Security-Advisory-36904.html Tue, 29 Sep 2009 10:42:53 GMT Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service) or compromise a vulnerable system. http://packetstormsecurity.org/files/81727/sa36911.txt http://packetstormsecurity.org/files/81727/sa36911.txt http://packetstormsecurity.org/files/81727/Secunia-Security-Advisory-36911.html Tue, 29 Sep 2009 10:42:50 GMT Secunia Security Advisory - A vulnerability has been reported in HP Remote Graphics Software (RGS), which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system. http://packetstormsecurity.org/files/81726/sa36880.txt http://packetstormsecurity.org/files/81726/sa36880.txt http://packetstormsecurity.org/files/81726/Secunia-Security-Advisory-36880.html Tue, 29 Sep 2009 10:42:48 GMT Secunia Security Advisory - Maxim A. Kulakov has reported a vulnerability in multiple TrustPort products, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/81725/sa36860.txt http://packetstormsecurity.org/files/81725/sa36860.txt http://packetstormsecurity.org/files/81725/Secunia-Security-Advisory-36860.html Tue, 29 Sep 2009 10:42:45 GMT Secunia Security Advisory - A vulnerability has been reported in the FireFTP extension for Firefox, which can be exploited by malicious people to manipulate certain data. http://packetstormsecurity.org/files/81708/HPSBMA02461-SSRT090187.txt http://packetstormsecurity.org/files/81708/HPSBMA02461-SSRT090187.txt http://packetstormsecurity.org/files/81708/HP-Security-Bulletin-HPSBMA02461-SSRT090187.html Tue, 29 Sep 2009 02:58:48 GMT HP Security Bulletin - A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender. The vulnerability could be exploited remotely to gain unauthorized access. http://packetstormsecurity.org/files/81707/ss-28092009-10.txt http://packetstormsecurity.org/files/81707/ss-28092009-10.txt http://packetstormsecurity.org/files/81707/Trustport-Security-Software-Privilege-Escalation.html Tue, 29 Sep 2009 02:52:33 GMT TrustPort Antivirus version 2.8.0.2265, Antivirus Business version 2.8.0.2265, PC Security version 2.0.0.1290, and PC Security Business version 2.0.0.1290 suffer from a local privilege escalation vulnerability. http://packetstormsecurity.org/files/81706/dsa-1897-1.txt http://packetstormsecurity.org/files/81706/dsa-1897-1.txt http://packetstormsecurity.org/files/81706/Debian-Linux-Security-Advisory-1897-1.html Tue, 29 Sep 2009 02:50:40 GMT Debian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver. http://packetstormsecurity.org/files/81702/USN-838-1.txt http://packetstormsecurity.org/files/81702/USN-838-1.txt http://packetstormsecurity.org/files/81702/Ubuntu-Security-Notice-838-1.html Tue, 29 Sep 2009 02:33:21 GMT Ubuntu Security Notice USN-838-1 - It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions. This only affected Ubuntu 8.04 LTS. It was discovered that the ManageSieve service in Dovecot incorrectly handled ".." in script names. A remote attacker could exploit this to read and modify arbitrary sieve files on the server. This only affected Ubuntu 8.10. It was discovered that the Sieve plugin in Dovecot incorrectly handled certain sieve scripts. An authenticated user could exploit this with a crafted sieve script to cause a denial of service or possibly execute arbitrary code. http://packetstormsecurity.org/files/81699/major_rls59.txt http://packetstormsecurity.org/files/81699/major_rls59.txt http://packetstormsecurity.org/files/81699/PHP-5.3-mysqli_real_escape_String-Disclosure.html Tue, 29 Sep 2009 02:27:33 GMT PHP versions 5.3 and below suffer from a mysqli_real_escape_string() related full path disclosure vulnerability. http://packetstormsecurity.org/files/81698/major_rls57.txt http://packetstormsecurity.org/files/81698/major_rls57.txt http://packetstormsecurity.org/files/81698/PHP-5.3-preg_match-Path-Disclosure.html Tue, 29 Sep 2009 02:26:28 GMT PHP versions 5.3 and below suffer from a preg_match() related full path disclosure vulnerability.