iptables is built on top of netfilter, the packet alteration framework for Linux 2.4.x and 2.6.x. It is a major rewrite of its predecessor ipchains, and is used to control packet filtering, Network Address Translation (masquerading, portforwarding, transparent proxying), and special effects such as packet mangling.
.::anti-abuse.com::.
Security Revealed
Archive for October, 2008
multiinjector.tgz
Posted in October 31st, 2008
MultiInjector is an automatic SQL injection utility. It uses a list of URI addresses to test parameter manipulation. Once a vulnerable parameter has been found, a signature-evasive SQL injection is performed in order to achieve arbitrary OS command execution and automatic defacement on database server. Written in Python.
Comments Off
Detecting_and_Exploiting_ActiveX_Controls.pdf
Posted in October 31st, 2008
Whitepaper entitled Detecting and Exploiting Vulnerabilities in ActiveX Controls. Written in Farsi.
Comments Off
phpnukesectionsnew-sql.txt
Posted in October 31st, 2008
The Sectionsnew module in PHP-Nuke suffers from a remote SQL injection vulnerability.
Comments Off
iranmcdetail-sql.txt
Posted in October 31st, 2008
IranMC suffers from a remote SQL injection vulnerability in detail.php.
Comments Off
phpnukebook-sql.txt
Posted in October 31st, 2008
The BookCatalog module in PHP-Nuke suffers from a remote SQL injection vulnerability.
Comments Off
phpwebsitelink-sql.txt
Posted in October 31st, 2008
phpWebSite suffers from a remote SQL injection vulnerability in links.php.
Comments Off
10.30.08-1.txt
Posted in October 31st, 2008
iDefense Security Advisory 10.30.08 – Remote exploitation of a memory corruption vulnerability in Novell Inc.’s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists due to an area of heap memory being used after it has already been freed. By sending malformed data it is possible to cause an area of heap memory to be freed by one thread, and then reused after another thread allocates the same area of memory. This results in the original thread operating on the data changed by the second thread, which may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in eDirectory version 8.8 SP2 for Windows. The Linux version does not appear to be affected. Previous versions may also be affected.
Comments Off
10.30.08-2.txt
Posted in October 31st, 2008
iDefense Security Advisory 10.30.08 – Remote exploitation of a stack buffer overflow vulnerability in Adobe Systems Inc.’s PageMaker could allow an attacker to execute arbitrary code with the privileges of the current user. A vulnerability exists within the handling of PMD files, the native file format for storing PageMaker documents. When parsing a malformed PMD file, data from the file is copied into a buffer without proper validation. This results in an exploitable stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Adobe PageMaker version 7.0.1 with the CVE-2007-5169 patch applied. Previous versions may also be affected. However, Adobe InDesign CS, the successor to PageMaker, is not affected.
Comments Off
ZDI-08-070.txt
Posted in October 31st, 2008
A vulnerability allows remote attackers to execute a script injection attack on arbitrary sites through vulnerable installations of SonicWALL. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page or open a malicious web link. SonicWALL Pro 2040 is affected.
Comments Off
protraffic-sql.txt
Posted in October 31st, 2008
Pro Traffic One suffers from a remote SQL injection vulnerability in poll_results.php.
Comments Off
myphpforum-sql.txt
Posted in October 31st, 2008
MyPHP Forum (Final) versions 3.0 and below suffer from multiple remote blind SQL injection vulnerabilities. One of these is an known issue from December of 2007.
Comments Off
visagesoft-overwrite.txt
Posted in October 31st, 2008
Visagesoft eXPert PDF ViewerX insecure method file overwrite exploit that leverages VSPDFViewerX.ocx.
Comments Off
djvu-overflow.txt
Posted in October 31st, 2008
DjVu Active-X Control version 3.0 ImageURL property overflow exploit.
Comments Off
debugdiag-null.txt
Posted in October 31st, 2008
DebugDiag suffers from a NULL pointer dereference in CrashHangExt.dll version 1.0.
Comments Off
phpnukecurrent-sql.txt
Posted in October 31st, 2008
The Current_Issue module in PHP-Nuke suffers from a remote SQL injection vulnerability.
Comments Off
MDVSA-2008-219.txt
Posted in October 31st, 2008
Mandriva Linux Security Advisory – A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer. Several integer overflows were discovered by Felipe Andres Manzano in MPlayer’s Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file. The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages.
Comments Off
MDVSA-2008-221.txt
Posted in October 31st, 2008
Mandriva Linux Security Advisory – A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.
Comments Off
MDVSA-2008-222.txt
Posted in October 31st, 2008
Mandriva Linux Security Advisory – A vulnerability in Eterm allowed it to open a terminal on :0 if the environment variable was not set or the -display option was not specified, which could be used by a local user to hijack X11 connections. The updated packages have been patched to correct this issue.
Comments Off
quassel-commands.txt
Posted in October 31st, 2008
A vulnerability in the CTCP handling allows an attacker to trick Quassel IRC into sending arbitrary commands to the IRC server. Versions before 0.3.0.2 are affected.
Comments Off
rdiff-backup: Command line incremental backups
Posted in October 31st, 2008
(Posted 26 Oct 2008 by Ray)
Comments Off
Install Debian Etch PV DomU with VNC at Solaris Nevada Dom0
Posted in October 31st, 2008
(Posted 27 Oct 2008 by Boris Derzhavets)
Comments Off
Miro: Internet TV for Ubuntu Linux
Posted in October 31st, 2008
(Posted 27 Oct 2008 by gg234)
Comments Off
Using Katapult in openSUSE Linux
Posted in October 31st, 2008
(Posted 27 Oct 2008 by Susenator)
Comments Off
Install Ubuntu Intrepid Server PV DomU at Xen 3.3 CentOS 5.2 Dom0
Posted in October 31st, 2008
(Posted 28 Oct 2008 by Boris Derzhavets)
Comments Off
[2/5] Quassel IRC CTCP Command Injection Vulnerability
Posted in October 31st, 2008
Wouter Coekaerts has reported a vulnerability in Quassel IRC, which can be exploited by malicious people to hijack IRC connections.
http://secunia.com/Advisories/32470/
NOTE: This RSS feed does not include information about updated Secunia advisories. You should note that Secunia on average issues more than 20 updated advisories per day, containing information about exploit and patch availability, new and in depth research, and all other details that are relevant. Learn more about receiving complete and customised Secunia advisory information:
http://secunia.com/advisories/business_solutions/
Comments Off
[4/5] Opera Command Execution and Cross-Site Scripting
Posted in October 31st, 2008
Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user’s system.
http://secunia.com/Advisories/32452/
NOTE: This RSS feed does not include information about updated Secunia advisories. You should note that Secunia on average issues more than 20 updated advisories per day, containing information about exploit and patch availability, new and in depth research, and all other details that are relevant. Learn more about receiving complete and customised Secunia advisory information:
http://secunia.com/advisories/business_solutions/
Comments Off
[3/5] Harlandscripts Pro Traffic One “trg” SQL Injection Vulnerability
Posted in October 31st, 2008
Beenu Arora has reported a vulnerability in Harlandscripts Pro Traffic One, which can be exploited by malicious people to conduct SQL injection attacks.
http://secunia.com/Advisories/32467/
NOTE: This RSS feed does not include information about updated Secunia advisories. You should note that Secunia on average issues more than 20 updated advisories per day, containing information about exploit and patch availability, new and in depth research, and all other details that are relevant. Learn more about receiving complete and customised Secunia advisory information:
http://secunia.com/advisories/business_solutions/
Comments Off
[2/5] Dorsa CMS “search” Cross-Site Scripting Vulnerability
Posted in October 31st, 2008
Pouya_Server has reported a vulnerability in Dorsa CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
http://secunia.com/Advisories/32468/
NOTE: This RSS feed does not include information about updated Secunia advisories. You should note that Secunia on average issues more than 20 updated advisories per day, containing information about exploit and patch availability, new and in depth research, and all other details that are relevant. Learn more about receiving complete and customised Secunia advisory information:
http://secunia.com/advisories/business_solutions/
Comments Off
Advertisments
Popular Tags
Recent Entries
- Ubuntu more “commercial”, but always free …
- The Story Behind Payment Disruptor Stripe.com And Its Founder Patrick Collison
- Lightspark For Open Flash Inches Forward
- Silicon Valley Can Do Better Than Facebook
- The pi pad
- Labor Struggles, Then and Now: Workers in One Iowa Town Epitomize the Past and Present of the Labor Movement
- The Perfect Desktop – Ubuntu Studio 12.04
- Introducing Our 2012 Disrupt NYC Hackathon Winners: Thingscription, PoachBase, And Practikhan!
- iPhone charger teardown shows astounding miniaturization.
- Vuln: Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
Recent Comments
- Keine Kommentare vorhanden.
Social Network
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Sep | Nov » | |||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
Subscribes
Meta
Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- August 2005
- July 2005
- June 2005
- May 2005
- January 2005
- November 2004
- October 2004
- September 2004
- October 2002
- December 2001
- January 1970
- December 1969
Also
rss
- SANS Internet Storm Center, InfoCON: green
- SANS Internet Storm Center, InfoCON: green
- (IN)SECURE Magazine Notifications RSS
- 0DayCar
- A Day in the Life of an Information Security Investigator
- Advisory Files ≈ Packet Storm
- Advisory Files ≈ Packet Storm
- All about Linux
- All about Linux
- AlterNet.org
- AlterNet.org
- Astalavista.net – Directory
- Astalavista.net – Exploits
- cmw.me blogs
- Confessions of a Penetration Tester
- Darknet – The Darkside
- Darknet – The Darkside
- Debian GNU/Linux System Administration Resources
- Debian GNU/Linux System Administration Resources
- DesktopLinux.com
- DesktopLinux.com
- Exploit Files ≈ Packet Storm
- Exploit Files ≈ Packet Storm
- F-Secure Antivirus Research Weblog
- F-Secure Antivirus Research Weblog
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Files ≈ Packet Storm
- Got Root Articles
- Got Root Articles
- Got Root Blogs
- Got Root Blogs
- Got Root Library and Wiki
- Got Root Library and Wiki
- Hack a Day
- Hack a Day
- HowtoForge – Linux Howtos and Tutorials –
- HowtoForge – Linux Howtos and Tutorials –
- izik
- izik
- Joomla! powered Site
- kaos.theory: fractal blog
- kaos.theory: fractal blog
- Latest Secunia Advisories
- Librenix.com | Linux Sysadmin Central
- Librenix.com | Linux Sysadmin Central
- Linux Gazette
- Linux Gazette
- Linux Journal – The Original Magazine of the Linux Community
- Linux Journal – The Original Magazine of the Linux Community
- Linux.com :: Feature
- Linux.com :: Feature
- LXer Linux News
- LXer Linux News
- milw0rm.com
- milw0rm.com
- News ≈ Packet Storm
- News ≈ Packet Storm
- nixCraft Linux Sys Admin Blog
- nixCraft Linux Sys Admin Blog
- Open Source Networking
- Open Source Networking
- Own-the.net – Web application security and SEO
- RootPrompt — Nothing but Unix
- RootPrompt — Nothing but Unix
- Rootsecure.net
- Rootsecure.net
- SecuriTeam
- SecuriTeam
- Security Tool Files ≈ Packet Storm
- Security Tool Files ≈ Packet Storm
- SecurityDocs
- SecurityDOT Articles
- SecurityDOT Articles
- SecurityDOT Exploits
- SecurityDOT Exploits
- SecurityDot News
- SecurityDot News
- SecurityDot Vulnerabilities
- SecurityDot Vulnerabilities
- SecurityFocus News
- SecurityFocus News
- SecurityFocus Vulnerabilities
- SecurityFocus Vulnerabilities
- SpiderLabs Anterior
- SpiderLabs Anterior
- Spyware Warrior
- Spyware Warrior
- TaoSecurity
- TaoSecurity
- TechCrunch
- The Ethical Hacker Network RSS News Feed
- The Ethical Hacker Network RSS News Feed
- The most recent articles from vnunet.com
- The most recent articles from vnunet.com
- US-CERT Bulletins
- US-CERT Bulletins
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Technical Cyber Security Alerts
- US-CERT Tips
- US-CERT Tips
- VulnWatch
- VulnWatch
- XSSed syndication
- XSSed syndication
- XSSed syndication
- XSSed syndication