Monkey httpd versions 0.8.1 and below suffer from a denial of service vulnerability when subjected to specially crafted HTTP requests.
5c7729ef7ce7341a339b4a7ec35c0a80d1826a23abee971b151f18e4c15e4879Jumper is a program for the search and analysis of hosts. It maps the network using the ARP protocol, and optionally can create an Nmap script. For example, it can tell you which IP addresses are free in your LAN segment or it can tell you which hosts are on your LAN.
da9f673c6a5447ac78e1765d5b1f5104ae05b4275d54e5c8b79d44a84b6f1f71Red Hat Security Advisory - A bug was found in the index menu code in versions of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.
4dafc8aeb12c53d9369ce922c96b1b8f0d286ad1d1ff1657aac4664ebd37034bLocal root exploit for the XFree86 font.alias vulnerability discussed in the advisory here. Tested on various versions of RedHat Linux.
ed1c569efa3e325a52a9440160ee982d9cf1d8e3c61594c37edad149d60c1e3aBosDates lacks sufficient sanitization of user-supplied data. Inadvertantly, it allows a remote attacker to influence SQL query logic to disclose sensitive information that can be used to gain unauthorized access.
99f16a5fc0fa02d0ef6ab68973a1477d5cc41f825bce692666aeaceb13a1ba27PHP code injection vulnerabilities in ezContents versions 2.0.2 and prior allow for a remote attacker to access arbitrary files and execute commands on the server.
f852d6bdd374bb2095a159b9896252b872a652c440495812ac704a127c25800aCERT Advisory TA04-041A - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Related eEye advisory here.
d15efbcc2142bc5ef34ae1dde8178035fc9aac8c3983d2d7ee7acf880431603cAtstake Security Advisory A021004-1 - Both Connectix Virtual PC 6.0.x and Microsoft Virtual PC 6.1 on Mac OS X suffer from an insecure temporary file creation vulnerability.
957d7e39e1983bcf0c08476d79bf23df3df003fbce3396e952ea4e50e60e12a6iDEFENSE Security Advisory 02.10.04: Exploitation of a buffer overflow in the XFree86 X Window System allows local attackers to gain root privileges. The problem specifically exists in the parsing of the font.alias file. The X server, which runs as root, fails to check the length of user provided input. A malicious user may craft a malformed font.alias file causing a buffer overflow upon parsing, eventually leading to the execution of arbitrary code.
d3db7fd0322ed5a49202a2729ebb1ac91eed13e5e70c0f5df79d02d83e05906bThe Microsoft Base Analyzer fails to properly report vulnerabilities on its systems when machines have been patched but not rebooted for the patches to take affect.
5d7ef01936df0292fd8830d6bc1fa9f605adfe64a768a6a871f90eefcd147494eEye Security Advisory - eEye Digital Security has discovered a second critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite heap memory with data he or she controls and cause the execution of arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to this attack, including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139, 445).
8815b9231e3ce56295d951ce888973253d6699e1085fcffeabace7cd8f1ce3dfeEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).
1de333b1ddd32e19f140c70af8d8745df36130a84594833d58298734c09ce432When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.
d25313a1a0f691a8c4a75087079a2a861c83f7292dfcc16b5045c7d5b0ef2c7a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed