Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:44:47 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1378113452&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1004-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1378113452.1338180287.1338180287.1338180287.1%3B%2B__utmz%3D32867617.1338180287.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/89096/secunia-idmftp.txt http://packetstormsecurity.org/files/89096/secunia-idmftp.txt http://packetstormsecurity.org/files/89096/Internet-Download-Manager-FTP-Buffer-Overflow.html Fri, 30 Apr 2010 23:47:48 GMT Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when sending certain test sequences to an FTP server. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into downloading a file from a specially crafted FTP URI. Successful exploitation allows execution of arbitrary code. Internet Download Manager version 5.18 is affected. http://packetstormsecurity.org/files/89094/MDVSA-2010-088.txt http://packetstormsecurity.org/files/89094/MDVSA-2010-088.txt http://packetstormsecurity.org/files/89094/Mandriva-Linux-Security-Advisory-2010-088.html Fri, 30 Apr 2010 23:43:45 GMT Mandriva Linux Security Advisory 2010-088 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. http://packetstormsecurity.org/files/89081/USN-934-1.txt http://packetstormsecurity.org/files/89081/USN-934-1.txt http://packetstormsecurity.org/files/89081/Ubuntu-Security-Notice-934-1.html Fri, 30 Apr 2010 23:22:22 GMT Ubuntu Security Notice 934-1 - Marc Schoenefeld discovered a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service. http://packetstormsecurity.org/files/89076/sa39639.txt http://packetstormsecurity.org/files/89076/sa39639.txt http://packetstormsecurity.org/files/89076/Secunia-Security-Advisory-39639.html Fri, 30 Apr 2010 15:17:47 GMT Secunia Security Advisory - Ubuntu has issued an update for netpbm-free. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/89075/sa39654.txt http://packetstormsecurity.org/files/89075/sa39654.txt http://packetstormsecurity.org/files/89075/Secunia-Security-Advisory-39654.html Fri, 30 Apr 2010 15:17:45 GMT Secunia Security Advisory - A security issue has been discovered in deV!L'z Clanportal, which can be exploited by malicious people to disclose potentially sensitive information. http://packetstormsecurity.org/files/89074/sa39603.txt http://packetstormsecurity.org/files/89074/sa39603.txt http://packetstormsecurity.org/files/89074/Secunia-Security-Advisory-39603.html Fri, 30 Apr 2010 15:17:42 GMT Secunia Security Advisory - A vulnerability has been reported in Microsoft SharePoint Server 2007 and Windows SharePoint Services 3.0, which can be exploited by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/89073/sa39446.txt http://packetstormsecurity.org/files/89073/sa39446.txt http://packetstormsecurity.org/files/89073/Secunia-Security-Advisory-39446.html Fri, 30 Apr 2010 15:17:39 GMT Secunia Security Advisory - Secunia Research has discovered a vulnerability in Internet Download Manager, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/89072/MDVSA-2010-087.txt http://packetstormsecurity.org/files/89072/MDVSA-2010-087.txt http://packetstormsecurity.org/files/89072/Mandriva-Linux-Security-Advisory-2010-087.html Fri, 30 Apr 2010 00:07:35 GMT Mandriva Linux Security Advisory 2010-087 - Multiple buffer overflow vulnerabilities have been found and corrected in poppler. The updated poppler packages have upgraded to 0.5.4 and have been patched to correct these issues. http://packetstormsecurity.org/files/89064/MDVSA-2010-086.txt http://packetstormsecurity.org/files/89064/MDVSA-2010-086.txt http://packetstormsecurity.org/files/89064/Mandriva-Linux-Security-Advisory-2010-086.html Thu, 29 Apr 2010 23:50:18 GMT Mandriva Linux Security Advisory 2010-086 - Multiple vulnerabilities has been found and corrected in kpdf (kdegraphics). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. The updated packages have been patched to correct these issues. http://packetstormsecurity.org/files/89062/ucenter-crossdomain.txt http://packetstormsecurity.org/files/89062/ucenter-crossdomain.txt http://packetstormsecurity.org/files/89062/Ucenter-Project-2.0-Crossdomain.xml.html Thu, 29 Apr 2010 23:46:23 GMT Ucenter Project version 2.0 uses an insecure crossdomain.xml set up. http://packetstormsecurity.org/files/89057/USN-933-1.txt http://packetstormsecurity.org/files/89057/USN-933-1.txt http://packetstormsecurity.org/files/89057/Ubuntu-Security-Notice-933-1.html Thu, 29 Apr 2010 23:33:11 GMT Ubuntu Security Notice 933-1 - It was discovered that PostgreSQL did not properly sanitize its input when using substring() with a SELECT statement. A remote authenticated attacker could exploit this to cause a denial of service via application crash. http://packetstormsecurity.org/files/89044/2010-001-twitter.txt http://packetstormsecurity.org/files/89044/2010-001-twitter.txt http://packetstormsecurity.org/files/89044/Twitter.com-Impossible-Secure-Session.html Thu, 29 Apr 2010 17:14:14 GMT It is impossible to maintain a secure session with Twitter, for multiple reasons. Additionally, once a session has been hijacked, it is possible for the attacker to maintain control over the account (not just the session) indefinitely, unless the user changes their password. This is because the session cookie has the same lifetime as the password. http://packetstormsecurity.org/files/89053/sa39646.txt http://packetstormsecurity.org/files/89053/sa39646.txt http://packetstormsecurity.org/files/89053/Secunia-Security-Advisory-39646.html Thu, 29 Apr 2010 15:25:13 GMT Secunia Security Advisory - A vulnerability has been reported in Modelbook, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/89052/sa39647.txt http://packetstormsecurity.org/files/89052/sa39647.txt http://packetstormsecurity.org/files/89052/Secunia-Security-Advisory-39647.html Thu, 29 Apr 2010 15:25:11 GMT Secunia Security Advisory - A vulnerability has been reported in Video Battle Script, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/89051/sa39565.txt http://packetstormsecurity.org/files/89051/sa39565.txt http://packetstormsecurity.org/files/89051/Secunia-Security-Advisory-39565.html Thu, 29 Apr 2010 15:25:08 GMT Secunia Security Advisory - A security issue has been reported in the Privatemsg module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. http://packetstormsecurity.org/files/89050/sa39650.txt http://packetstormsecurity.org/files/89050/sa39650.txt http://packetstormsecurity.org/files/89050/Secunia-Security-Advisory-39650.html Thu, 29 Apr 2010 15:25:06 GMT Secunia Security Advisory - Red Hat has issued an update for xorg-x11-server. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/89049/sa39561.txt http://packetstormsecurity.org/files/89049/sa39561.txt http://packetstormsecurity.org/files/89049/Secunia-Security-Advisory-39561.html Thu, 29 Apr 2010 15:25:03 GMT Secunia Security Advisory - A security issue has been reported in the Decisions module for Drupal, which can be exploited by malicious users to disclose potentially sensitive information. http://packetstormsecurity.org/files/89048/sa39633.txt http://packetstormsecurity.org/files/89048/sa39633.txt http://packetstormsecurity.org/files/89048/Secunia-Security-Advisory-39633.html Thu, 29 Apr 2010 15:25:01 GMT Secunia Security Advisory - John Leitch has discovered a vulnerability in Tele Data Contact Management Server, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/89047/sa39643.txt http://packetstormsecurity.org/files/89047/sa39643.txt http://packetstormsecurity.org/files/89047/Secunia-Security-Advisory-39643.html Thu, 29 Apr 2010 15:24:58 GMT Secunia Security Advisory - A vulnerability has been discovered in gpEasy CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. http://packetstormsecurity.org/files/89046/sa39566.txt http://packetstormsecurity.org/files/89046/sa39566.txt http://packetstormsecurity.org/files/89046/Secunia-Security-Advisory-39566.html Thu, 29 Apr 2010 15:24:56 GMT Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/89045/sa39653.txt http://packetstormsecurity.org/files/89045/sa39653.txt http://packetstormsecurity.org/files/89045/Secunia-Security-Advisory-39653.html Thu, 29 Apr 2010 15:24:53 GMT Secunia Security Advisory - Some vulnerabilities have been reported in iScripts SocialWare, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/89043/sa39621.txt http://packetstormsecurity.org/files/89043/sa39621.txt http://packetstormsecurity.org/files/89043/Secunia-Security-Advisory-39621.html Thu, 29 Apr 2010 08:52:21 GMT Secunia Security Advisory - A vulnerability has been reported in 2daybiz Auction Script, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/89042/sa39612.txt http://packetstormsecurity.org/files/89042/sa39612.txt http://packetstormsecurity.org/files/89042/Secunia-Security-Advisory-39612.html Thu, 29 Apr 2010 08:52:19 GMT Secunia Security Advisory - A vulnerability has been reported in CLScript, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/89041/sa39651.txt http://packetstormsecurity.org/files/89041/sa39651.txt http://packetstormsecurity.org/files/89041/Secunia-Security-Advisory-39651.html Thu, 29 Apr 2010 08:52:16 GMT Secunia Security Advisory - Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and potentially compromise a user's system. http://packetstormsecurity.org/files/89040/sa39656.txt http://packetstormsecurity.org/files/89040/sa39656.txt http://packetstormsecurity.org/files/89040/Secunia-Security-Advisory-39656.html Thu, 29 Apr 2010 08:52:14 GMT Secunia Security Advisory - SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, potentially gain escalated privileges, and cause a DoS (Denial of Service) and by malicious users to disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to bypass the scanning functionality, gain access to potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.