White-paper discussing the Rose Attack method and how sending two parts of a fragmented packet can cause various outcomes to network devices, including denial of service problems.
3d7604ffc5be0c9126874bf0b8d3dd64bdcb8b87b90db27a1d52ee96c322c87aWhite-paper from Imperva's Application Defense Center discussing the possibility of automated, self-propagating attacks on custom web application code. It shows that such attacks are not only feasible but that their theoretical success rate is far great than worms targeting commercial infrastructure.
749f77d25ab5aed09537e587454e97afc0fb0f15bc5ef11504827972d2ef0d98PHPKIT version 1.6.03 suffers from a cross site scripting vulnerability.
0e9f13f39f0629b6717e15fd8fd08fd262f7ba7663d8bb985d87444d8acb4245Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the bad hosts for a given amount of time using pfctl.
3d9a0bfee7572f4bfdbabc635748203efd9db23d46369073d9c9bc4549d93caaRapid7 Security Advisory - tcpdump versions 3.8.1 and below contain multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, tcpdump will try to read beyond the end of the packet capture buffer and crash.
bf610b65d6dfc6a1e758210dd11a41752fa7ae6f05f82c0910e413398c61725aSEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.
64158a7cf03bea19c8dd9020b9f99b7e6bcf2fe97d86ac1d244377dc6d5c7978Hard coded login sequence values for Oracle SSO allow for easy man in the middle attacks.
7b8e79653622db46a6b91adc1109b89bba51e9e2a63859147c6505fd5a25220eMPlayer Security Advisory #002 - A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header (Location:), and trick MPlayer into executing arbitrary code upon parsing that header. Versions affected: MPlayer 0.90pre series, MPlayer 0.90rc series, MPlayer 0.90, MPlayer 0.91, MPlayer 1.0pre1, MPlayer 1.0pre2, MPlayer 1.0pre3.
f5cc85b108a50d1675f96946734a505c74cbf8a7e20335d3382143ea84a4a043Security comments regarding the way clamav sets up VirusEvent information and how it could be improved. Due to a lack of input sanitizing, the variable taken in on the command line could be used for malicious purposes when put to a system().
c4b9e905084bd1c5af9e8ca8c970424ede8be3a4306833892f7fe3f5f705853bWinBlox is a command line utility that can record, filter, and prevent file I/O operations. In record mode the WinBlox logs all I/O operation activity. A typical log record includes a date stamp, the operation type, the program name conducting the operation, and the target of I/O operation.
e05e96d6664ad70dda00e55a3b95e7a18f3b7db5c0473f9d3cf6e74e974d8c66
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed