White-paper discussing the Rose Attack method and how sending two parts of a fragmented packet can cause various outcomes to network devices, including denial of service problems.
3d7604ffc5be0c9126874bf0b8d3dd64bdcb8b87b90db27a1d52ee96c322c87aWhite-paper from Imperva's Application Defense Center discussing the possibility of automated, self-propagating attacks on custom web application code. It shows that such attacks are not only feasible but that their theoretical success rate is far great than worms targeting commercial infrastructure.
749f77d25ab5aed09537e587454e97afc0fb0f15bc5ef11504827972d2ef0d98PHPKIT version 1.6.03 suffers from a cross site scripting vulnerability.
0e9f13f39f0629b6717e15fd8fd08fd262f7ba7663d8bb985d87444d8acb4245Snort2Pf is a small Perl daemon which greps Snort's alertfile and blocks the bad hosts for a given amount of time using pfctl.
3d9a0bfee7572f4bfdbabc635748203efd9db23d46369073d9c9bc4549d93caaRapid7 Security Advisory - tcpdump versions 3.8.1 and below contain multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, tcpdump will try to read beyond the end of the packet capture buffer and crash.
bf610b65d6dfc6a1e758210dd11a41752fa7ae6f05f82c0910e413398c61725aSEC-CONSULT Security Advisory - Linbit Linbox is vulnerable to authentication circumvention on its administration portal, password disclosure for all existing users, and using the obtained passwords, any account can be logged into via SSH.
64158a7cf03bea19c8dd9020b9f99b7e6bcf2fe97d86ac1d244377dc6d5c7978Hard coded login sequence values for Oracle SSO allow for easy man in the middle attacks.
7b8e79653622db46a6b91adc1109b89bba51e9e2a63859147c6505fd5a25220eMPlayer Security Advisory #002 - A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header (Location:), and trick MPlayer into executing arbitrary code upon parsing that header. Versions affected: MPlayer 0.90pre series, MPlayer 0.90rc series, MPlayer 0.90, MPlayer 0.91, MPlayer 1.0pre1, MPlayer 1.0pre2, MPlayer 1.0pre3.
f5cc85b108a50d1675f96946734a505c74cbf8a7e20335d3382143ea84a4a043Security comments regarding the way clamav sets up VirusEvent information and how it could be improved. Due to a lack of input sanitizing, the variable taken in on the command line could be used for malicious purposes when put to a system().
c4b9e905084bd1c5af9e8ca8c970424ede8be3a4306833892f7fe3f5f705853bWinBlox is a command line utility that can record, filter, and prevent file I/O operations. In record mode the WinBlox logs all I/O operation activity. A typical log record includes a date stamp, the operation type, the program name conducting the operation, and the target of I/O operation.
e05e96d6664ad70dda00e55a3b95e7a18f3b7db5c0473f9d3cf6e74e974d8c66FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6 - Applications may manipulate the behavior of an IPv6 socket using the setsockopt(2) system call. This may allow a local attacker to read portions of kernel memory.
70e1c4c7ccbdf1b90bac831af83ac26a62adca45386ee48ac5f0dfdafab17978Debian Security Advisory DSA 469-1 - Primoz Bratanic discovered a bug in libpam-psgl, a PAM module to authenticate using a PostgreSQL database. The library does not escape all user-supplied data that are sent to the database. An attacker could exploit this bug to insert SQL statements.
e04e7014ae9789fdab12a457b44dc8b74065eb9f8b174a4afde885751bd74765A-CART Pro and A-CART 2.0 suffer from input validation holes that allow for SQL injection and cross site scripting attacks. Full exploitation demonstrated.
8f3fb7e46432c3d39ecb946dbebf7c30a6f165544414b8ef971ac87628e8bb6bRed Hat Security Advisory RHSA-2004:134-01 - A bug was found in the processing of %-encoded characters in a URL in versions of Squid 2.5.STABLE4 and earlier. If a Squid configuration uses Access Control Lists (ACLs), a remote attacker could create URLs that would not be correctly tested against Squid's ACLs, potentially allowing clients to access prohibited URLs.
39303053afa5c4c6ad8257b0ae22265b1b4be246171e3264649c906efbc46a35WebCT Campus Edition 4.1 suffers from cross site scripting vulnerabilities.
9811273a7d7f6f67502a55786b4bd23a23642644d3f8eaebf2dc404d231626bbCloisterblog version 1.2.2 does not perform proper parameter auditing derived from user inputs allowing for multiple cross site scripting issues and also directory traversal attacks.
ad7a65199d44ffe90b5967f13b1fb489c3ed72e4ea746029182cab805dea4ea6Invision Gallery version 1.0.1 suffers from multiple remote SQL injection vulnerabilities.
d98347f9af4bab53d06e75dd9b5f371ddf4650a1a25b680feefcfc90104fc437RealSecure / BlackICE iss_pam1.dll remote overflow exploit.
e2fc858b9f9cc7a467f97fb6df2ab7fd3ca8487e650f1c461da6ed12d27856a1Ethereal IGAP Dissector Message overflow remote root exploit that spawns a shell on port 31337. Makes use of the vulnerability that exists between versions 0.10.0 to 0.10.2. Tested under Gentoo and RedHat 8.
e66736e8f6c88b3f65c10debc6650dc308d86154626ac036dbc5e4f7693e4f95Rstack Team Security Advisory RSTACK-20040325 - Nstxd has been found vulnerable to a denial of service attack due to a null-pointer-dereference.
d4de4aa22804d1da1775735c057713af54e0dd21b46baab500dfe906cb86973fBlogger from Google has a cross site scripting flaw.
8a582098eeb59bd8ee61257aed05f705b240695f0136b5bdd5944e557c59a20bBblog has a cross site scripting flaw.
32065e8690bb819df575b5e57206a3b622828287600f3749bf4ad343d7161ca6A SQL injection vulnerability in PHPBB versions 2.0.8 and below allows an attacker the ability to extract the administrator password hash.
79435b6428a517c7a224d8c38bddd4759ed0c9fd6cec34a473af09fcbbf5d078Multiple SQL injection and cross site scripting vulnerabilities lie in XMB 1.8 Partagium SP3 and 1.9 Nexus Beta. Full exploitation syntax given.
bd4cabcfa43f68af65bfece48818f4435386a8180e4f61c0fdeb6b20508d212dInvision NetSupport School Pro stores passwords in a manner that allows their encryption to be easily reversed. Exploit written in Pascal is included.
eebc0c7480c35293df0babcb826181b8e49fd1c0911c945d3fcdd53716fc2014
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed