Exploit the possiblities
Showing 1 - 25 of 422 RSS Feed

Files

Zero Day Initiative Advisory 11-094
Posted Feb 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-094 - This vulnerability allows remote attackers to compromise the archive records on vulnerable installations of HP StorageWorks File Migration Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HsmCfgSvc.exe service responsible for managing archive stores. The archive manager is susceptible to tampering due to a failure to enforce authentication from remote users. An attacker could exploit this flaw to compromise the server managing the archives and arbitrarily modify the archive data store under the context of the File Migration Agent software.

tags | advisory, remote
MD5 | d4c16c8e15d434b6bdca8bff2018e11c
Debian Security Advisory 2175-1
Posted Feb 28, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2175-1 - Volker Lendecke discovered that missing range checks in Samba's file descriptor handling could lead to memory corruption, resulting in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2011-0719
MD5 | 5466b76532fc72dde02adea9f1802a53
Ubuntu Security Notice USN-1077-1
Posted Feb 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1077-1 - It was discovered that FUSE would incorrectly follow symlinks when checking mountpoints under certain conditions. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2009-3297, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543
MD5 | 86002895ed2ad1797138a20be9ab9ad0
Ubuntu Security Notice USN-1074-2
Posted Feb 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1074-2 - USN-1074-1 fixed vulnerabilities in linux-fsl-imx51 in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 10.04. Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.

tags | advisory, kernel, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2240, CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524, CVE-2010-2538, CVE-2010-2798, CVE-2010-2803, CVE-2010-2942, CVE-2010-2943, CVE-2010-2946, CVE-2010-2954, CVE-2010-2955, CVE-2010-2959, CVE-2010-2962, CVE-2010-2963, CVE-2010-3015, CVE-2010-3067, CVE-2010-3078, CVE-2010-3079, CVE-2010-3080, CVE-2010-3081, CVE-2010-3084, CVE-2010-3296
MD5 | 3c50452827e25742bef7840b721455f6
Ubuntu Security Notice USN-1076-1
Posted Feb 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1076-1 - It was discovered that the Microsoft Office processing code in libclamav improperly handled certain Visual Basic for Applications (VBA) data. This could allow a remote attacker to craft a document that could crash clamav or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-1003
MD5 | 0c5c16da75174d63e5095da59ac60569
Ubuntu Security Notice USN-1075-1
Posted Feb 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1075-1 - Volker Lendecke discovered that Samba incorrectly handled certain file descriptors. A remote attacker could send a specially crafted request to the server and cause Samba to crash or hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-0719
MD5 | 454608850cba21410988f637a3e9c9ac
Mandriva Linux Security Advisory 2011-038
Posted Feb 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-038 - All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2011-0719
MD5 | b0bc7527f52910e27a51caa3d022119f
FreeBSD crontab Information Leakage
Posted Feb 28, 2011
Authored by Dan Rosenberg

FreeBSD's crontab implementation suffers from various race condition and symlink vulnerabilities that allow for minor information leakage.

tags | advisory, vulnerability
systems | freebsd
MD5 | 07b32ae1079a8ee98df86008e1959da3
WeeChat Invalid Certificate Check
Posted Feb 28, 2011
Authored by JD

WeeChat suffers from an invalid certificate verification vulnerability.

tags | advisory, bypass
MD5 | 4892538ee317654444753cbcdf21baf7
HP Security Bulletin HPSBPI02635 SSRT100391
Posted Feb 28, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02635 SSRT100391 - A potential security vulnerability has been identified with HP Web Jetadmin running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to resources managed by Web Jetadmin. Revision 1 of this advisory.

tags | advisory, web, local
systems | windows
advisories | CVE-2011-0278
MD5 | dbfa0eea53e5eee6e8679bf73a71bbb7
phpMyAdmin 3.3.9 Brute Force / Path Disclosure
Posted Feb 28, 2011
Authored by MustLive

phpMyAdmin versions 3.3.9 and below suffers from brute force and path disclosure vulnerabilities.

tags | advisory, cracker, vulnerability, info disclosure
advisories | CVE-2011-0986
MD5 | 6e8fae2af8d9530fd34944a378dabe95
Debian Security Advisory 2174-1
Posted Feb 27, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2174-1 - It was discovered that avahi, an implementation of the zeroconf protocol, can be crashed remotely by a single UDP packet, which may result in a denial of service.

tags | advisory, denial of service, udp, protocol
systems | linux, debian
advisories | CVE-2011-1002
MD5 | 456b675e3371be483aaf70e5ef600fdc
Debian Security Advisory 2173-1
Posted Feb 27, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2173-1 - It was discovered that pam-pgsql, a PAM module to authenticate using a PostgreSQL database, was vulnerable to a buffer overflow in supplied IP-addresses.

tags | advisory, overflow
systems | linux, debian
MD5 | fe5450dbaa9e95ae4390280e14235860
Ubuntu Security Notice USN-1074-1
Posted Feb 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1074-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Al Viro discovered a race condition in the TTY driver. Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. Neil Brown discovered that NFSv4 did not correctly check certain write requests. David Howells discovered that DNS resolution in CIFS could be spoofed. Various other issues have also been addressed.

tags | advisory, kernel, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-4895, CVE-2010-2066, CVE-2010-2226, CVE-2010-2240, CVE-2010-2248, CVE-2010-2478, CVE-2010-2495, CVE-2010-2521, CVE-2010-2524, CVE-2010-2538, CVE-2010-2798, CVE-2010-2803, CVE-2010-2942, CVE-2010-2943, CVE-2010-2946, CVE-2010-2954, CVE-2010-2955, CVE-2010-2959, CVE-2010-2962, CVE-2010-2963, CVE-2010-3015, CVE-2010-3067, CVE-2010-3078, CVE-2010-3079, CVE-2010-3080, CVE-2010-3081, CVE-2010-3084, CVE-2010-3296
MD5 | 934d6a5d2bde45285650af4dbbaad8b2
Ubuntu Security Notice USN-1073-1
Posted Feb 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1073-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. Dan Rosenberg discovered that the USB subsystem did not correctly initialize certain structures. Various other issues have also been addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-0435, CVE-2010-3448, CVE-2010-3698, CVE-2010-3859, CVE-2010-3865, CVE-2010-3873, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4165, CVE-2010-4169, CVE-2010-4248, CVE-2010-4249
MD5 | 8305a1531c118605c29aeddacbcfebd2
Ubuntu Security Notice USN-1072-1
Posted Feb 26, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1072-1 - Multiple vulnerabilities have been discovered and addressed in the Linux kernel. Gleb Napatov discovered that KVM did not correctly check certain privileged operations. Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. Dan Jacobson discovered that ThinkPad video output was not correctly access controlled. Various other issues have also been addressed.

tags | advisory, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2010-0435, CVE-2010-2943, CVE-2010-3296, CVE-2010-3297, CVE-2010-3448, CVE-2010-3698, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4072, CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160, CVE-2010-4248
MD5 | 27c3f06a2a4304897f036ea3734a09ea
Ubuntu Security Notice USN-1071-1
Posted Feb 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1071-1 - Tavis Ormandy discovered that the Linux kernel did not properly implement exception fixup. A local attacker could exploit this to crash the kernel, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Dan Rosenberg discovered that the Linux kernel X.25 implementation incorrectly parsed facilities. A remote attacker could exploit this to crash the kernel, leading to a denial of service. Vasiliy Kulikov discovered that the Linux kernel X.25 implementation did not correctly clear kernel memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Vasiliy Kulikov discovered that the Linux kernel sockets implementation did not properly initialize certain structures. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Nelson Elhage discovered that the Linux kernel IPv4 implementation did not properly audit certain bytecodes in netlink messages. A local attacker could exploit this to cause the kernel to hang, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2010-3086, CVE-2010-3859, CVE-2010-3873, CVE-2010-3875, CVE-2010-3876, CVE-2010-3880, CVE-2010-4078, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4160
MD5 | c92ade2a6d6618f6e93dbb1f640445c6
Altigen Gateway Service Heap Overflow
Posted Feb 25, 2011
Authored by Patrick Kelley

Altigen's Gateway Service suffers from a heap overflow vulnerability that can be triggered by a simple nmap portscan.

tags | advisory, overflow
MD5 | 6f09c557991d81745264ebf6c6e829d0
web.go Insecure Cookie
Posted Feb 25, 2011
Authored by Nam Nguyen | Site bluemoon.com.vn

web.go suffers from an insecure cookie vulnerability. Their cookie is modeled after Tornado which had the same issue reported on in 2010.

tags | advisory, web, insecure cookie handling
MD5 | c0a8007d2a21e6fa524b63baa475e61c
Cewolf 1.1.4 Denial Of Service
Posted Feb 25, 2011
Authored by MustLive

Cewolf - Chart Enabling Web Object Framework versions 1.1.4 and below suffer from a denial of service vulnerability.

tags | advisory, web, denial of service
MD5 | 3befe78c9ef4f0d9b2571b29d6f6361d
CA HIPS Arbitrary Code Execution
Posted Feb 25, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.

tags | advisory, remote, web, arbitrary, activex
advisories | CVE-2011-1036
MD5 | 9551ac86c08c1110bdce359f65859c95
Mandriva Linux Security Advisory 2011-037
Posted Feb 24, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-037 - avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service via an empty IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

tags | advisory, remote, denial of service, udp
systems | linux, mandriva
advisories | CVE-2011-1002
MD5 | d83133d703d37ae9711ce2100032d40f
Zero Day Initiative Advisory 11-093
Posted Feb 24, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-093 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Internet Security Suite 2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the XMLSecDB ActiveX control which is installed with HIPSEngine component. SetXml and Save methods are implemented insecurely and can allow creation of an arbitrary file on the victim's system. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1036
MD5 | b8e041bac81fa25b0368170c3fca20f9
Zero Day Initiative Advisory 11-092
Posted Feb 24, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx. The CSDWebInstallerCtrl ActiveX control allows downloading and executing any Cisco-signed executable files. By renaming a Cisco-signed executable file to inst.exe and putting it on a webserver, an attacker can subsequently exploit vulnerabilities in the Cisco-signed executable file remotely.

tags | advisory, remote, arbitrary, vulnerability, activex
systems | cisco
advisories | CVE-2011-0925
MD5 | 085e396d652f1e2079b1c44f5c0088b0
Zero Day Initiative Advisory 11-091
Posted Feb 24, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-091 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Secure Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within CSDWebInstaller.ocx ActiveX control. The vulnerable Cisco-signed ActiveX control verifies the signing authority names in the certificate chain but fails to properly verify the digital signature of an executable file that is downloaded and executed by the Cisco Secure Desktop installation process. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
systems | cisco
advisories | CVE-2011-0926
MD5 | e21e1417d4a0fd870dc2a7dd5de9eefe
Page 1 of 17
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Language Bugs Infest Downstream Software
Posted Dec 11, 2017

tags | headline, flaw
German Spy Agency Warns Of Chinese LinkedIn Espionage
Posted Dec 11, 2017

tags | headline, government, china, cyberwar, germany, spyware, social
Dynamics 365 Sandbox Leaked TLS Certificates
Posted Dec 11, 2017

tags | headline, privacy, microsoft, data loss, flaw, cryptography
Keylogger Uncovered On Hundreds Of HP PCs
Posted Dec 11, 2017

tags | headline, flaw, spyware, backdoor
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close