Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:50:54 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1642020389&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1002-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1642020389.1338187854.1338187854.1338187854.1%3B%2B__utmz%3D32867617.1338187854.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/86762/ZSL-2010-4928.txt http://packetstormsecurity.org/files/86762/ZSL-2010-4928.txt http://packetstormsecurity.org/files/86762/ExtCalendar-2.0-Beta-2-Cross-Site-Scripting.html Sun, 28 Feb 2010 19:33:18 GMT ExtCalendar version 2.0 Beta 2 suffers from a cross site scripting vulnerability. http://packetstormsecurity.org/files/86745/USN-905-1.txt http://packetstormsecurity.org/files/86745/USN-905-1.txt http://packetstormsecurity.org/files/86745/Ubuntu-Security-Notice-905-1.html Sat, 27 Feb 2010 00:07:35 GMT Ubuntu Security Notice 905-1 - It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. http://packetstormsecurity.org/files/86734/MDVSA-2010-050.txt http://packetstormsecurity.org/files/86734/MDVSA-2010-050.txt http://packetstormsecurity.org/files/86734/Mandriva-Linux-Security-Advisory-2010-050.html Fri, 26 Feb 2010 19:33:22 GMT Mandriva Linux Security Advisory 2010-050 - This release fixes several important issues to help prevent a detection bypass and denial of service attacks against ModSecurity. Quite a few small but notable bugs were fixed. The latest Core Ruleset (2.0.5) is included. This update provides mod_security 2.5.12, which is not vulnerable to these issues. http://packetstormsecurity.org/files/86732/getplus-validation.txt http://packetstormsecurity.org/files/86732/getplus-validation.txt http://packetstormsecurity.org/files/86732/getPlus-Insufficient-Domain-Name-Validation.html Fri, 26 Feb 2010 19:30:00 GMT getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue. http://packetstormsecurity.org/files/86730/AST-2010-003.txt http://packetstormsecurity.org/files/86730/AST-2010-003.txt http://packetstormsecurity.org/files/86730/Asterisk-Project-Security-Advisory-AST-2010-003.html Fri, 26 Feb 2010 19:26:09 GMT Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied. http://packetstormsecurity.org/files/86727/MDVSA-2010-049.txt http://packetstormsecurity.org/files/86727/MDVSA-2010-049.txt http://packetstormsecurity.org/files/86727/Mandriva-Linux-Security-Advisory-2010-049.html Fri, 26 Feb 2010 19:15:26 GMT Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/files/86718/MDVSA-2010-048.txt http://packetstormsecurity.org/files/86718/MDVSA-2010-048.txt http://packetstormsecurity.org/files/86718/Mandriva-Linux-Security-Advisory-2010-048.html Fri, 26 Feb 2010 18:32:30 GMT Mandriva Linux Security Advisory 2010-048 - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. The updated packages have been patched to correct this issue. http://packetstormsecurity.org/files/86713/NSOADV-2010-003.txt http://packetstormsecurity.org/files/86713/NSOADV-2010-003.txt http://packetstormsecurity.org/files/86713/DATEV-Active-X-Control-Remote-Command-Execution.html Fri, 26 Feb 2010 18:24:17 GMT The DATEV Active-X control suffers from a remote command execution vulnerability. http://packetstormsecurity.org/files/86744/sa38752.txt http://packetstormsecurity.org/files/86744/sa38752.txt http://packetstormsecurity.org/files/86744/Secunia-Security-Advisory-38752.html Fri, 26 Feb 2010 16:07:31 GMT Secunia Security Advisory - A security issue has been reported in Asterisk, which can be exploited by malicious people to potentially bypass certain security restrictions. http://packetstormsecurity.org/files/86743/sa38705.txt http://packetstormsecurity.org/files/86743/sa38705.txt http://packetstormsecurity.org/files/86743/Secunia-Security-Advisory-38705.html Fri, 26 Feb 2010 16:07:28 GMT Secunia Security Advisory - Fedora has issued an update for mingw32-libltdl. This fixes a security issue, which can be exploited by malicious, local users to potentially gain escalated privileges. http://packetstormsecurity.org/files/86742/sa38740.txt http://packetstormsecurity.org/files/86742/sa38740.txt http://packetstormsecurity.org/files/86742/Secunia-Security-Advisory-38740.html Fri, 26 Feb 2010 16:07:26 GMT Secunia Security Advisory - Hitachi has acknowledged a security issue in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges. http://packetstormsecurity.org/files/86741/sa38734.txt http://packetstormsecurity.org/files/86741/sa38734.txt http://packetstormsecurity.org/files/86741/Secunia-Security-Advisory-38734.html Fri, 26 Feb 2010 16:07:23 GMT Secunia Security Advisory - A security issue has been discovered in XMail, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/86740/sa38737.txt http://packetstormsecurity.org/files/86740/sa38737.txt http://packetstormsecurity.org/files/86740/Secunia-Security-Advisory-38737.html Fri, 26 Feb 2010 16:07:21 GMT Secunia Security Advisory - A vulnerability has been reported in Hitachi products, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/86739/sa38667.txt http://packetstormsecurity.org/files/86739/sa38667.txt http://packetstormsecurity.org/files/86739/Secunia-Security-Advisory-38667.html Fri, 26 Feb 2010 16:07:18 GMT Secunia Security Advisory - Maciej Gojny has reported a vulnerability in WebAdministrator Lite CMS, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/86738/sa38708.txt http://packetstormsecurity.org/files/86738/sa38708.txt http://packetstormsecurity.org/files/86738/Secunia-Security-Advisory-38708.html Fri, 26 Feb 2010 16:07:15 GMT Secunia Security Advisory - Two vulnerabilities have been reported in PHP, which can be exploited by malicious users to bypass certain security restrictions. http://packetstormsecurity.org/files/86737/sa38747.txt http://packetstormsecurity.org/files/86737/sa38747.txt http://packetstormsecurity.org/files/86737/Secunia-Security-Advisory-38747.html Fri, 26 Feb 2010 16:07:13 GMT Secunia Security Advisory - A vulnerability has been reported in Website Baker, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/86731/sa38746.txt http://packetstormsecurity.org/files/86731/sa38746.txt http://packetstormsecurity.org/files/86731/Secunia-Security-Advisory-38746.html Fri, 26 Feb 2010 11:28:37 GMT Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes multiple security issues, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/86717/sa38720.txt http://packetstormsecurity.org/files/86717/sa38720.txt http://packetstormsecurity.org/files/86717/Secunia-Security-Advisory-38720.html Fri, 26 Feb 2010 10:32:22 GMT Secunia Security Advisory - mr_me has discovered a vulnerability in Orbital Viewer, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/86710/sa38691.txt http://packetstormsecurity.org/files/86710/sa38691.txt http://packetstormsecurity.org/files/86710/Secunia-Security-Advisory-38691.html Fri, 26 Feb 2010 09:48:32 GMT Secunia Security Advisory - A vulnerability has been discovered in the HD FLV Player component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/86709/sa38686.txt http://packetstormsecurity.org/files/86709/sa38686.txt http://packetstormsecurity.org/files/86709/Secunia-Security-Advisory-38686.html Fri, 26 Feb 2010 09:48:30 GMT Secunia Security Advisory - Ubuntu has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/86708/sa38699.txt http://packetstormsecurity.org/files/86708/sa38699.txt http://packetstormsecurity.org/files/86708/Secunia-Security-Advisory-38699.html Fri, 26 Feb 2010 09:48:27 GMT Secunia Security Advisory - A vulnerability has been discovered in WikyBlog, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/86707/sa38738.txt http://packetstormsecurity.org/files/86707/sa38738.txt http://packetstormsecurity.org/files/86707/Secunia-Security-Advisory-38738.html Fri, 26 Feb 2010 09:48:24 GMT Secunia Security Advisory - Matthias -apoc- Hecker has discovered a security issue in rbot, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/86706/sa38743.txt http://packetstormsecurity.org/files/86706/sa38743.txt http://packetstormsecurity.org/files/86706/Secunia-Security-Advisory-38743.html Fri, 26 Feb 2010 09:48:22 GMT Secunia Security Advisory - A vulnerability has been discovered in Newbie CMS, which can be exploited by malicious people to bypass certain security restrictions. http://packetstormsecurity.org/files/86705/sa38719.txt http://packetstormsecurity.org/files/86705/sa38719.txt http://packetstormsecurity.org/files/86705/Secunia-Security-Advisory-38719.html Fri, 26 Feb 2010 09:48:19 GMT Secunia Security Advisory - AbdulAziz Hariri and Mohammad Abou Hayt have discovered a vulnerability in Symantec Altiris Deployment Solution, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/86704/sa38676.txt http://packetstormsecurity.org/files/86704/sa38676.txt http://packetstormsecurity.org/files/86704/Secunia-Security-Advisory-38676.html Fri, 26 Feb 2010 09:48:17 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Article Friendly, which can be exploited by malicious people to conduct SQL injection and cross-site request forgery attacks.