Exploit the possiblities
Showing 1 - 25 of 579 RSS Feed

Files

Sun Java JDK/JRE Soundbank Resource Name Buffer Overflow
Posted Apr 1, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in Sun Java JDK/JRE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when parsing the length of a resource name in a Soundbank file and can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Sun Java JDK/JRE 1.6 Update 17 is affected.

tags | advisory, java, overflow, arbitrary
MD5 | 170356687d98e8dd5f86f5b953ca4fbb
Sun Java JDK/JRE Soundbank Resource Parsing Buffer Overflow
Posted Apr 1, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in Sun Java JDK/JRE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a sign-extension error when parsing the length of a resource in a Soundbank file and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Sun Java JDK/JRE 1.6 Update 17 is affected.

tags | advisory, java, overflow, arbitrary
MD5 | 3db9cc81ca4519f62fad1c89fe7474be
Apple iTunes Privilege Escalation
Posted Apr 1, 2010
Authored by Jason Geffner | Site ngssoftware.com

This paper discusses how an unprivileged local attacker can elevate their privileges during an initial installation or update of iTunes for Windows. This vulnerability was responsibly disclosed to Apple Inc. and this advisory was not released until a fixed build of iTunes was released.

tags | advisory, local
systems | windows, apple
advisories | CVE-2010-0532
MD5 | eeacb581ab0680707becbfb2bfb0e1ce
Debian Linux Security Advisory 2025-1
Posted Apr 1, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2025-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2009-2408, CVE-2009-2404, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075, CVE-2010-0163
MD5 | fe559595d05352438d3c714ebd6725e4
Debian Linux Security Advisory 2024-1
Posted Apr 1, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2024-1 - Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks.

tags | advisory, remote, xss, python
systems | linux, debian
advisories | CVE-2010-0828
MD5 | c34429eaf608a8be733de99c76f2b745
Apache ActiveMQ Persistent Cross-Site Scripting
Posted Apr 1, 2010
Authored by Rajat Swarup | Site activemq.apache.org

Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.

tags | advisory, remote, xss
advisories | CVE-2010-0684
MD5 | 120a93a37c3ceb14995b35370a832550
iDEFENSE Security Advisory 2010-03-30.2
Posted Apr 1, 2010
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.30.10 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s (formerly Sun Microsystems Inc.) Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The JRE is a platform that supports the execution of programs that are developed using the Java programming language. It is available for multiple platforms, including Windows, Linux and MacOS. The JRE platform also supports Java Applets, which can be loaded from Web pages. During the processing of an image file, user-controlled data is trusted and can result in an undersized allocation of a heap buffer. A copy operation into the heap buffer can lead to a heap overflow condition within the JRE. This condition may allow a remote attacker to subvert execution control and execute arbitrary code.

tags | advisory, java, remote, web, overflow, arbitrary
systems | linux, windows
MD5 | 23927a2f96a8ffb6ebc1a56c3a54cada
Web Service Hijacking In VMWare WebAccess
Posted Apr 1, 2010
Authored by Trustwave | Site trustwave.com

The Struts-based web application uses the server-side session sattribute "context_vmdirect" to store various settings, including the URL to the XML web service backend. By default, the URL is http://localhost/sdk, but the web service URL can be manually set from a client browser in several locations. If wsUrl is changed to point at an external server, all SOAP calls for that session are sent to the specified server. This includes plaintext authentication credentials. An attacker could exploit this by tricking a user into following a link to /ui/vmDirect.do, with an attacker-controlled server passed in the "view" parameter.

tags | advisory, web
advisories | CVE-2009-2277
MD5 | df895a7b1f99592b8cd35ccfb84a809d
Technical Cyber Security Alert 2010-89A
Posted Mar 31, 2010
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2010-89A - Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer.

tags | advisory, vulnerability
MD5 | a1dee0c216289a0729c70352fb149d99
iDEFENSE Security Advisory 2010-03-30.1
Posted Mar 31, 2010
Authored by iDefense Labs, wushi | Site idefense.com

iDefense Security Advisory 03.30.10 - Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call. This results in the execution of arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2010-0491
MD5 | cc8039fd14f0ded54bdcbf218c4fe5d8
HP Security Bulletin HPSBOV02506 SSRT090244
Posted Mar 31, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Multiple security vulnerabilities have been identified with the HP Secure Web Server for OpenVMS (based on Apache) CSWS. The vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS), unauthorized disclosure of information, or unauthorized modification of information.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2009-3094, CVE-2009-3095
MD5 | ac787967e28f44d37c74c7598b9d1714
ViewVC Regular Expression Search Cross-Site Scripting
Posted Mar 31, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the regular expression search functionality is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the regular expression search functionality is enabled (disabled by default).

tags | advisory, arbitrary, xss
advisories | CVE-2010-0132
MD5 | 2b22e99098d772c0a55c454f65fc5de6
Secunia Security Advisory 39223
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Apache ActiveMQ, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, csrf
MD5 | 86dcbeb6756715e54d1c30c69869ecaa
Secunia Security Advisory 39227
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has acknowledged two vulnerabilities in HP Insight Control Suite For Linux, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
systems | linux
MD5 | 59c5dafd2c9dd2e2c4b7f79e983767e5
Secunia Security Advisory 37255
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Sun Java, where some have an unknown impact and others can be exploited by malicious people to manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

tags | advisory, java, denial of service, vulnerability
MD5 | 93b780406226569211358353a777622b
Secunia Security Advisory 39222
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Avaya has acknowledged a vulnerability in some Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

tags | advisory, denial of service
MD5 | 6258f322608b8f5e623d614d35324f96
Secunia Security Advisory 39228
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
systems | hpux
MD5 | d9dbd474e3124c55f325ac9f13dc92f3
Secunia Security Advisory 39148
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in huroncms, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
MD5 | 3b55f42ea6a8ced1abc1c51794ed7ea1
Secunia Security Advisory 39188
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in MoinMoin, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
MD5 | 3103697047b2d12943e6189b8b55ff90
Secunia Security Advisory 39243
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.

tags | advisory, vulnerability
MD5 | 2fda6ad73da0906dacfff39e52673626
Secunia Security Advisory 39136
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.

tags | advisory, vulnerability
MD5 | daee3d1d02d99f3c9e55f23bdbbc9e7e
Secunia Security Advisory 39190
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for moin. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory
systems | linux, debian
MD5 | 0209f37df41d086cdd1339a0c1c30074
Secunia Security Advisory 39168
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been discovered in P30vel Hosting Script, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | f60df16c02f8724a761780163342cd02
Secunia Security Advisory 39240
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system.

tags | advisory, vulnerability
MD5 | fe0c681a8360279d1078bec41f2729b8
Secunia Security Advisory 39230
Posted Mar 31, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
MD5 | e26ac07b30f25b3e3929ef9370c08337
Page 1 of 24
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close