Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:46:59 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1434498504&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1006-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1434498504.1338180419.1338180419.1338180419.1%3B%2B__utmz%3D32867617.1338180419.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/91331/sa40389.txt http://packetstormsecurity.org/files/91331/sa40389.txt http://packetstormsecurity.org/files/91331/Secunia-Security-Advisory-40389.html Wed, 30 Jun 2010 07:40:06 GMT Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Qt, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/91330/sa40424.txt http://packetstormsecurity.org/files/91330/sa40424.txt http://packetstormsecurity.org/files/91330/Secunia-Security-Advisory-40424.html Wed, 30 Jun 2010 07:40:04 GMT Secunia Security Advisory - salcho has reported some vulnerabilities in TopManage OLK, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/91329/sa40385.txt http://packetstormsecurity.org/files/91329/sa40385.txt http://packetstormsecurity.org/files/91329/Secunia-Security-Advisory-40385.html Wed, 30 Jun 2010 07:40:01 GMT Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Mumble, which can be exploited by malicious users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/91328/sa40401.txt http://packetstormsecurity.org/files/91328/sa40401.txt http://packetstormsecurity.org/files/91328/Secunia-Security-Advisory-40401.html Wed, 30 Jun 2010 07:39:58 GMT Secunia Security Advisory - Ubuntu has issued an update for firefox and xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. http://packetstormsecurity.org/files/91327/sa40334.txt http://packetstormsecurity.org/files/91327/sa40334.txt http://packetstormsecurity.org/files/91327/Secunia-Security-Advisory-40334.html Wed, 30 Jun 2010 07:39:56 GMT Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in Battlefield 2 and Battlefield 2142, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/91326/sa40426.txt http://packetstormsecurity.org/files/91326/sa40426.txt http://packetstormsecurity.org/files/91326/Secunia-Security-Advisory-40426.html Wed, 30 Jun 2010 07:39:53 GMT Secunia Security Advisory - Fedora has issued an update for moin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. http://packetstormsecurity.org/files/91325/sa39899.txt http://packetstormsecurity.org/files/91325/sa39899.txt http://packetstormsecurity.org/files/91325/Secunia-Security-Advisory-39899.html Wed, 30 Jun 2010 07:39:51 GMT Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in Website Baker, which can be exploited by malicious users to conduct script insertion attacks, SQL injection attacks, disclose sensitive information, and enumerate files on an affected system and by malicious people to conduct cross-site scripting attacks. http://packetstormsecurity.org/files/91324/sa40378.txt http://packetstormsecurity.org/files/91324/sa40378.txt http://packetstormsecurity.org/files/91324/Secunia-Security-Advisory-40378.html Wed, 30 Jun 2010 07:39:48 GMT Secunia Security Advisory - A vulnerability has been reported in YPNinc JokeScript, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/91323/sa40131.txt http://packetstormsecurity.org/files/91323/sa40131.txt http://packetstormsecurity.org/files/91323/Secunia-Security-Advisory-40131.html Wed, 30 Jun 2010 07:39:46 GMT Secunia Security Advisory - Secunia Research has discovered multiple vulnerabilities in the BookLibrary component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/91322/sa40377.txt http://packetstormsecurity.org/files/91322/sa40377.txt http://packetstormsecurity.org/files/91322/Secunia-Security-Advisory-40377.html Wed, 30 Jun 2010 07:39:43 GMT Secunia Security Advisory - A vulnerability has been reported in YPNinc PHP Realty Script, which can be exploited by malicious people to conduct SQL injection attacks http://packetstormsecurity.org/files/91321/sa40419.txt http://packetstormsecurity.org/files/91321/sa40419.txt http://packetstormsecurity.org/files/91321/Secunia-Security-Advisory-40419.html Wed, 30 Jun 2010 07:39:40 GMT Secunia Security Advisory - A vulnerability has been reported in Miyabi CGI Tools SEO Links, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/91320/sa40393.txt http://packetstormsecurity.org/files/91320/sa40393.txt http://packetstormsecurity.org/files/91320/Secunia-Security-Advisory-40393.html Wed, 30 Jun 2010 07:39:38 GMT Secunia Security Advisory - A vulnerability has been reported in LIOOSYS CMS, which can be exploited by malicious people to conduct SQL injection attacks. http://packetstormsecurity.org/files/91319/sa40380.txt http://packetstormsecurity.org/files/91319/sa40380.txt http://packetstormsecurity.org/files/91319/Secunia-Security-Advisory-40380.html Wed, 30 Jun 2010 07:39:35 GMT Secunia Security Advisory - A vulnerability has been discovered in Grafik CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. http://packetstormsecurity.org/files/91318/sa40127.txt http://packetstormsecurity.org/files/91318/sa40127.txt http://packetstormsecurity.org/files/91318/Secunia-Security-Advisory-40127.html Wed, 30 Jun 2010 07:39:33 GMT Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in the CKForms component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. http://packetstormsecurity.org/files/91317/sa40336.txt http://packetstormsecurity.org/files/91317/sa40336.txt http://packetstormsecurity.org/files/91317/Secunia-Security-Advisory-40336.html Wed, 30 Jun 2010 07:39:30 GMT Secunia Security Advisory - Slackware has issued an update for libpng. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. http://packetstormsecurity.org/files/91316/sa40381.txt http://packetstormsecurity.org/files/91316/sa40381.txt http://packetstormsecurity.org/files/91316/Secunia-Security-Advisory-40381.html Wed, 30 Jun 2010 07:39:27 GMT Secunia Security Advisory - Slackware has issued an update for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/91314/USN-930-2.txt http://packetstormsecurity.org/files/91314/USN-930-2.txt http://packetstormsecurity.org/files/91314/Ubuntu-Security-Notice-930-2.html Wed, 30 Jun 2010 03:41:35 GMT Ubuntu Security Notice 930-2 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. http://packetstormsecurity.org/files/91313/USN-930-1.txt http://packetstormsecurity.org/files/91313/USN-930-1.txt http://packetstormsecurity.org/files/91313/Ubuntu-Security-Notice-930-1.html Wed, 30 Jun 2010 03:38:47 GMT Ubuntu Security Notice 930-1 - If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. http://packetstormsecurity.org/files/91310/USN-927-5.txt http://packetstormsecurity.org/files/91310/USN-927-5.txt http://packetstormsecurity.org/files/91310/Ubuntu-Security-Notice-927-5.html Wed, 30 Jun 2010 03:25:17 GMT Ubuntu Security Notice 927-5 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. http://packetstormsecurity.org/files/91309/USN-927-4.txt http://packetstormsecurity.org/files/91309/USN-927-4.txt http://packetstormsecurity.org/files/91309/Ubuntu-Security-Notice-927-4.html Wed, 30 Jun 2010 03:23:55 GMT Ubuntu Security Notice 927-4 - USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. http://packetstormsecurity.org/files/91297/secuniataskfreak-xss.txt http://packetstormsecurity.org/files/91297/secuniataskfreak-xss.txt http://packetstormsecurity.org/files/91297/TaskFreak-0.6.3-Cross-Site-Scripting.html Wed, 30 Jun 2010 02:58:55 GMT Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "tznMessage" parameter in logout.php is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 0.6.3 is affected. http://packetstormsecurity.org/files/91296/secunia-taskfreak.txt http://packetstormsecurity.org/files/91296/secunia-taskfreak.txt http://packetstormsecurity.org/files/91296/TaskFreak-0.6.3-SQL-Injection.html Wed, 30 Jun 2010 02:56:33 GMT Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "password" parameter to login.php (when "username" is set to a valid user) is not properly sanitized before being used in a SQL query in include/classes/tzn_user.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism, but requires that "magic_quotes_gpc" is disabled. Version 0.6.3 is affected. http://packetstormsecurity.org/files/91264/sa40343.txt http://packetstormsecurity.org/files/91264/sa40343.txt http://packetstormsecurity.org/files/91264/Secunia-Security-Advisory-40343.html Tue, 29 Jun 2010 12:48:33 GMT Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/ServerConductor/DeploymentManager, which can be exploited by malicious people to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/91263/sa40416.txt http://packetstormsecurity.org/files/91263/sa40416.txt http://packetstormsecurity.org/files/91263/Secunia-Security-Advisory-40416.html Tue, 29 Jun 2010 12:48:30 GMT Secunia Security Advisory - A vulnerability has been reported in iScripts VisualCaster, which can be exploited by malicious users to conduct SQL injection attacks. http://packetstormsecurity.org/files/91262/sa40359.txt http://packetstormsecurity.org/files/91262/sa40359.txt http://packetstormsecurity.org/files/91262/Secunia-Security-Advisory-40359.html Tue, 29 Jun 2010 12:48:28 GMT Secunia Security Advisory - A vulnerability has been reported in PTCPay GEN4, which can be exploited by malicious users to conduct SQL injection attacks.