PacketStorm Security

20 Most Recent Packet Storm File Additions



dsa-1534-2.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
Debian Security Advisory 1534-2 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. Second advisory released as a regression in mailnews handling has been fixed.

dsa-1557-1.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
Debian Security Advisory 1557-1 - Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webserver via a crafted HTTP POST request. The PHP session data file stored the username and password of a logged in user, which in some setups can be read by a local user. Cross site scripting and SQL injection were possible by attackers that had permission to create cookies in the same cookie domain as phpMyAdmin runs in.

dsa-1556-1.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.

nicelog-1.0.tgz

April 25, 2008, 8:22 pm   [ link da copiare ]
logtamper is a modified version of wtmpclean that also modifies UTMP and lastlog related entries.

blindmysql.pdf

April 25, 2008, 8:22 pm   [ link da copiare ]
Blind MySQL Injection - Techniques for injection without any information regarding MySQL. Written in Spanish.

lotus-exec.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
Lotus Symphony Expeditor suffers from an arbitrary code execution vulnerability via the handling of URIs with rcplauncher.

lateral-sql-injection.pdf

April 25, 2008, 8:22 pm   [ link da copiare ]
Lateral SQL Injection: A New Class of Vulnerability in Oracle.

glsa-200804-28.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
Gentoo Linux Security Advisory GLSA 200804-28 - Because of sharing the same codebase, JRockit is affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.14 are affected.

glsa-200804-27.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
Gentoo Linux Security Advisory GLSA 200804-27 - Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in a stack-based buffer overflow. Versions less than 1.1.7 are affected.

DDIVRT-2008-11.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.

T208-CFP.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
T2'08 Call For Papers - Announcing the annual T2'08 conference, which will take place in Helsinki, Finland, from October 16 to 17, 2008. They are looking for original technical presentations in the fields of information security. Presentations should last a minimum of 60 minutes and a maximum of two hours and be presented in English.

joomlajpad-sql.txt

April 25, 2008, 8:22 pm   [ link da copiare ]
The Joomla Jpad component version 1.0 suffers from a SQL injection vulnerability.

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]