[SECURITY] [DSA 1629-2] New postfix packages fix installability problem on i386

------------------------------------------------------------------------ Debian Security Advisory DSA-1629-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 19, 2008 http://www.debian.org/security/faq -...

Debian DSA-1629-2 : postfix - programming error

Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. Note that only specific configurations are vulnerable; the default Debian installation is not affecte...

[SECURITY] [DSA 1629-1] New postfix packages fix privilege escalation

------------------------------------------------------------------------ Debian Security Advisory DSA-1629-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 18, 2008 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 1612-1 (ruby1.8)

The remote host is missing an update to ruby1.8 announced via advisory DSA 1612-1. OpenVAS Vulnerability Test $Id: deb16121.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1612-1 ruby1.8 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Ruby 1.9 - regex engine Remote Socket Memory Leak

------------------------------------------------------- Language : Ruby Web Site: www.ruby-lang.org Platform: All Bug: Remote Socket Memory Leak Products Affected: 1.8 series: - 1.8.5 and all prior versions - 1.8.6-p286 and all prior versions - 1.8.7-p71 and all prior versions 1.9 series - r18423...

IntelliTamper 2.07 - HTTP Header Remote Code Execution

/ IntelliTamper 2.07 Location: HTTP Header Remote Code Execution exploit. Based on exploit by Koshi written in Perl. This one should be more stable. Just for fun and to learn more about win32 exploitation. by Wojciech Pawlikowski [email protected] / include include include include include include...

lovecms-update.txt

!/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 3: changing site settings ... Description: Simply change the site settings ! Usage: ./LoveCMS3settings.rb Ex: ./LoveCMS2themes.rb http://site.com/lovecms/ Tested on: lovecms1.6.2final...

Debian DSA-1627-2 : opensc - programming error

Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. With this bug anyone can change a user PIN without...

[SECURITY] Fedora 9 Update: ruby-1.8.6.230-1.fc9

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 9 Update: perl-5.10.0-27.fc9

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Debian DSA-1612-1 : ruby1.8 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-2662 Drew Yao discovered that multiple...

[SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code

------------------------------------------------------------------------ Debian Security Advisory DSA-1606-1 [email protected] http://www.debian.org/security/ Steve Kemp July 09, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

MS Windows 2K/XP TCP Connection Reset Remote Attack Tool

No description provided by source. AFX TCP Reset by Aphex http://www.iamaphex.cjb.net [email protected] Compile with Delphi 5/6/7 program Project1; $APPTYPE CONSOLE uses Windows; type TBufferArray = array0..65535 of byte; type iph = record ipverlen: byte; iptos: byte; iplen: word; ipid: word;...

Debian DSA-1599-1 : dbus - programming error

Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[SECURITY] Fedora 9 Update: perl-5.10.0-27.fc9

Perl is a high-level programming language with roots in C, sed, awk and shell scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

[SECURITY] Fedora 9 Update: ruby-1.8.6.230-1.fc9

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 8 Update: ruby-1.8.6.230-1.fc8

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Perl rmtree()函数本地不安全权限漏洞

BUGTRAQ ID: 29902 CVECAN ID: CVE-2008-2827 Perl是一种免费且功能强大的编程语言。 Perl的lib/File/Path.pm文件中的rmtree函数在执行chmod时没有正确地检查权限： my $nperm = $perm & 07777 | 0600; if $nperm != $perm and not chmod $nperm, $root if $ForceWriteable error$arg, "cannot make file writeable", $canon;...

PHP 5 'posix_access()'函数'safe_mode'绕过目录遍历漏洞

BUGTRAQ ID: 29797 CVE ID：CVE-2008-2665 CNCVE ID：CNCVE-20082665 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'posixaccess'存在'safemode绕过问题，远程攻击者可以利用漏洞访问WEB ROOT目录之外的数据，导致敏感信息泄漏。 问题代码如下： - --- PHPFUNCTIONposixaccess long mode = 0; int filenamelen, ret; char filename, path; if zendparseparametersZENDNUMARGS TSRMLSCC,...

scientific-sql.txt

!/usr/bin/perl use strict; use warnings; use LWP::UserAgent; Download: http://sidb.sourceforge.net/ Dork: "Scientific Image DataBase" This exploit retrives the admin username/password via blind mysql injection. print ; my $substr, $done, $chr, $res = 1, 1, 48, ""; my $ua = LWP::UserAgent-new agen...