FreeBSD Security Advisory (FreeBSD-SA-07:09.random.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-07:09.random.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Ports: racoon

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

libtiff security update

CentOS Errata and Security Advisory CESA-2008:0863-01 Updated libtiff packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff packages contain a...

Authentication flaw

The management console in the Volume Manager Scheduler Service aka VxSchedService.exe in Symantec Veritas Storage Foundation for Windows SFW 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that...

CVE-2008-3703

The management console in the Volume Manager Scheduler Service aka VxSchedService.exe in Symantec Veritas Storage Foundation for Windows SFW 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that...

Microsoft Excel COUNTRY Record Parsing Memory Corruption (MS08-043; CVE-2008-3006)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel parses record values. The vulnerability is due to an error in Microsoft Excel that fails to perform sufficient validation when parsing record values while...

LoveCMS 1.6.2 Final Update Settings Remote Exploit

Exploit for unknown platform in category web applications ================================================== LoveCMS 1.6.2 Final Update Settings Remote Exploit ================================================== !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- LoveCMS Exploit Series...

LoveCMS 1.6.2 Final - Update Settings

LoveCMS 1.6.2 Final - Update Settings !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 3: changing site settings ... Description: Simply change the site settings ! Usage: ./LoveCMS3settings.rb Ex: ./LoveCMS2themes.rb...

LoveCMS 1.6.2 Final - Update Settings

!/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 3: changing site settings ... Description: Simply change the site settings ! Usage: ./LoveCMS3settings.rb Ex: ./LoveCMS2themes.rb http://site.com/lovecms/ Tested on: lovecms1.6.2final...

phpWebNews 0.2 MySQL Edition (SQL) Insecure Cookie Handling Vuln

Exploit for unknown platform in category web applications ================================================================ phpWebNews 0.2 MySQL Edition SQL Insecure Cookie Handling Vuln ================================================================ ...:::::phpwebnews-mysql 0.2 Insecure Cookie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 free tagging taxonomy terms, which are not properly handled on node preview pages, and 2 unspecified OpenID values...

CVE-2008-3218

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 free tagging taxonomy terms, which are not properly handled on node preview pages, and 2 unspecified OpenID values...

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

SOL8921 - Linux kernel vulnerability CVE-2007-3740

A flaw in the CIFS filesystem could cause the umask values of a process to not be honored. Information about this advisory is available at the following location:...

CVE-2008-1806

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary PFB file, which triggers a heap-based buffer overflow...

CVE-2008-1379

Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height...

CVE-2008-1377

The 1 SProcRecordCreateContext and 2 SProcRecordRegisterClients functions in the Record extension and the 3 SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with...

Microsoft PowerPoint TxMasterStyle10Atom Processing Code Execution (MS08-051; CVE-2008-1455)

Microsoft PowerPoint is a popular presentation program. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory calculation error in Microsoft PowerPoint when parsing bullet list values in specially crafted PowerPoint files. A remote...

phpraider-rfi.txt

Application Name : PhpRaider Mod phpbb3 Vulnerable Type : Remote File Include Google Keyword : Powered by phpRaider v1.0.7 Infection : İlgili site ve sunucuya erişim sağlanabilir. Bug Fix Advice : Undefined değerler, tanımlanmalıdır. author : KaCaK a.K.a Dr.Hack3r Error Code :...

CVE-2008-1804

preprocessors/sppfrag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment...