Hack In The Box :: Keeping Knowledge Free

Packet Storm Security Latest

· onecms25-sql.txt
OneCMS version 2.5 remote blind SQL injection exploit that makes use of asd.php.
· galleristic-sql.txt
Galleristic version 1.0 remote SQL injection exploit that makes use of index.php.
· 05.07.08-3.txt
iDefense Security Advisory 05.07.08 - Remote exploitation of an integer signedness vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reallocating dynamic buffers. The rdesktop xrealloc() function uses a signed comparison to determine if the requested allocation size is less than 1. When this occurs, the function will incorrectly set the allocation size to be 1. This results in an improperly sized heap buffer being allocated, which can later be overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
· 05.07.08-2.txt
iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
· 05.07.08-1.txt
iDefense Security Advisory 05.07.08 - Remote exploitation of an integer underflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP request. When reading a request, a 16-bit integer value that represents the number of bytes that follow is taken from the packet. This value is then decremented by 4, and used to calculate how many bytes to read into a heap buffer. The subtraction operation can underflow, which will then lead to the heap buffer being overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
· google-spam.txt
It appears that manipulating the forwarding functionality in Google's GMail service allows people to spam.
· glsa-200805-05.txt
Gentoo Linux Security Advisory GLSA 200805-05 - Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Versions less than 1.0.0 are affected.
· glsa-200805-04.txt
Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected.

Topics

· All topics
· AMD News (May 07, 2008)
· Apple News (May 08, 2008)
· Articles (Feb 13, 2006)
· Ask Us (Feb 01, 2003)
· Audio/Video (May 07, 2008)
· Encryption (May 08, 2008)
· Games (May 08, 2008)
· Hardware (May 03, 2008)
· HITB News (Dec 03, 2007)
· Industry News (May 09, 2008)
· Intel News (Apr 29, 2008)
· Law and Order (May 09, 2008)
· Linux (May 07, 2008)
· Microsoft (May 09, 2008)
· Networking (May 06, 2008)
· PDAs (Feb 09, 2007)
· Privacy (May 09, 2008)
· Red Hat (May 07, 2008)
· Science (Apr 28, 2008)
· Security (May 09, 2008)
· Software & Programming (May 08, 2008)
· Spam (Apr 11, 2008)
· Technology (May 03, 2008)
· Transmeta (Jul 07, 2007)
· Viruses & Malware (May 08, 2008)
· Wireless (May 01, 2008)